修复 #6070

2024-04-03 11:18:47 +08:00 · 2024-04-03 11:18:47 +08:00 · 6edef14f07
parent 5a09a6fb4a
commit 6edef14f07
5 changed files with 57 additions and 54 deletions
--- a/jeecg-module-demo/src/main/java/org/jeecg/modules/demo/test/mapper/xml/JeecgDemoMapper.xml
+++ b/jeecg-module-demo/src/main/java/org/jeecg/modules/demo/test/mapper/xml/JeecgDemoMapper.xml
@ -9,7 +9,10 @@
 	
 	<!-- 根据权限sql查询数据集 20230904 内部写法，调用位置installAuthJdbc，暂不处理sql注入问题-->
 	<select id="queryListWithPermission" parameterType="Object" resultType="org.jeecg.modules.demo.test.entity.JeecgDemo">
-		select * from demo where 1=1 ${permissionSql}
+		select * from demo
+        <where>
+            ${permissionSql}
+        </where>
 	</select>

 	<!-- 查询所有符合前缀且有效字段 -->
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/xml/SysDepartMapper.xml
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/xml/SysDepartMapper.xml
@ -161,11 +161,6 @@
    <select id="getSysDepartList" resultType="org.jeecg.modules.system.vo.SysDepartExportVo">
        SELECT id,depart_name,parent_id,depart_name_en,depart_order,description,org_category,org_code,mobile,fax,address,memo FROM sys_depart
        WHERE
-        1=1
-        <if test="null != tenantId and 0 != tenantId">
-            AND tenant_id = #{tenantId}
-        </if>  
-        AND
        <choose>
            <when test="parentId != null and parentId != ''">
                parent_id = #{parentId}
@ -174,6 +169,9 @@
                parent_id IS NULL OR parent_id=''
            </otherwise>
        </choose>
+        <if test="null != tenantId and 0 != tenantId">
+            AND tenant_id = #{tenantId}
+        </if>  
        ORDER BY depart_order DESC
    </select>
 </mapper>
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/xml/SysDictMapper.xml
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/xml/SysDictMapper.xml
@ -127,7 +127,7 @@
 			   </if>
 			   ${pidField} as parentId
 			   from ${table}
-			   where
+			   <where>
 				   <!-- 父ID条件 -->
 				   <if test="query == null">
 					   <choose>
@ -141,7 +141,6 @@
 				   </if>
 				   <!-- 查询条件组装 -->
 				   <if test="query!= null">
-			       1 = 1
 					   <foreach collection="query.entrySet()" item="value"  index="key" >
 						   <choose>
 							   <when test="key == 'tenant_id'">
@ -162,6 +161,7 @@
 							 </otherwise>
 						 </choose>
 				   </if>
+			   </where>
 	</select>

 	<!-- 分页查询字典表数据，支持text或code模糊查询匹配【已加入SQL注入check】 -->
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/xml/SysPermissionMapper.xml
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/xml/SysPermissionMapper.xml
@ -28,7 +28,7 @@
                   ,icon
                   ,is_leaf
 		   FROM   sys_permission
-		   WHERE 1=1
+		   <where>
 				<choose>
 					<when test="parentId != null and parentId != ''">
 						AND parent_id =  #{parentId,jdbcType=VARCHAR}
@ -37,6 +37,7 @@
 						AND parent_id is null
 					</otherwise>
 				</choose>
+		   </where>
 	</select>
 	
 	<!-- 获取登录用户拥有的权限 -->
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/xml/SysRoleMapper.xml
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/xml/SysRoleMapper.xml
@ -4,7 +4,7 @@

    <select id="listAllSysRole" resultType="org.jeecg.modules.system.entity.SysRole">
        SELECT * from sys_role
-        WHERE 1=1
+        <where>
            <if test="role.roleName!='' and role.roleName!=null">
                <bind name="bindKeyword" value="'%'+role.roleName+'%'"/>
                AND role_name like #{bindKeyword}
@ -13,6 +13,7 @@
                <bind name="bindRoleCode" value="'%'+role.roleCode+'%'"/>
                AND role_code like #{bindRoleCode}
            </if>
+        </where>
    </select>