From 4095a1b6ee3ed943a228bca40304fe8dd6afb0ad Mon Sep 17 00:00:00 2001
From: Ricky <hk_ricky@163.com>
Date: 星期二, 27 七月 2021 10:08:04 +0800
Subject: [PATCH] !275 fix Issue #I42GRW 任意账户越权漏洞 Merge pull request !275 from lagXkjy/master
---
ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java | 229 ++++++++++++++++++++++++++++++++++++++++++++++++++------
1 files changed, 202 insertions(+), 27 deletions(-)
diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java
index 13af486..f13b866 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java
@@ -6,8 +6,8 @@
import java.io.InputStream;
import java.io.OutputStream;
import java.lang.reflect.Field;
-import java.lang.reflect.Method;
import java.math.BigDecimal;
+import java.text.DecimalFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Comparator;
@@ -15,18 +15,19 @@
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import java.util.UUID;
import java.util.stream.Collectors;
-
-import org.apache.poi.hssf.usermodel.HSSFDateUtil;
import org.apache.poi.ss.usermodel.BorderStyle;
import org.apache.poi.ss.usermodel.Cell;
import org.apache.poi.ss.usermodel.CellStyle;
import org.apache.poi.ss.usermodel.CellType;
+import org.apache.poi.ss.usermodel.ClientAnchor;
import org.apache.poi.ss.usermodel.DataValidation;
import org.apache.poi.ss.usermodel.DataValidationConstraint;
import org.apache.poi.ss.usermodel.DataValidationHelper;
import org.apache.poi.ss.usermodel.DateUtil;
+import org.apache.poi.ss.usermodel.Drawing;
import org.apache.poi.ss.usermodel.FillPatternType;
import org.apache.poi.ss.usermodel.Font;
import org.apache.poi.ss.usermodel.HorizontalAlignment;
@@ -38,10 +39,10 @@
import org.apache.poi.ss.usermodel.WorkbookFactory;
import org.apache.poi.ss.util.CellRangeAddressList;
import org.apache.poi.xssf.streaming.SXSSFWorkbook;
+import org.apache.poi.xssf.usermodel.XSSFClientAnchor;
import org.apache.poi.xssf.usermodel.XSSFDataValidation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-
import com.ruoyi.common.annotation.Excel;
import com.ruoyi.common.annotation.Excel.ColumnType;
import com.ruoyi.common.annotation.Excel.Type;
@@ -53,6 +54,8 @@
import com.ruoyi.common.utils.DateUtils;
import com.ruoyi.common.utils.DictUtils;
import com.ruoyi.common.utils.StringUtils;
+import com.ruoyi.common.utils.file.FileTypeUtils;
+import com.ruoyi.common.utils.file.ImageUtils;
import com.ruoyi.common.utils.reflect.ReflectUtils;
/**
@@ -104,6 +107,21 @@
*/
private List<Object[]> fields;
+ /**
+ * 最大高度
+ */
+ private short maxHeight;
+
+ /**
+ * 统计列表
+ */
+ private Map<Integer, Double> statistics = new HashMap<Integer, Double>();
+
+ /**
+ * 数字格式
+ */
+ private static final DecimalFormat DOUBLE_FORMAT = new DecimalFormat("######0.00");
+
/**
* 实体对象
*/
@@ -211,6 +229,10 @@
{
// 从第2行开始取数据,默认第一行是表头.
Row row = sheet.getRow(i);
+ if(row == null)
+ {
+ continue;
+ }
T entity = null;
for (Map.Entry<Integer, Field> entry : fieldsMap.entrySet())
{
@@ -231,22 +253,30 @@
}
else
{
- val = Convert.toStr(val);
+ String dateFormat = field.getAnnotation(Excel.class).dateFormat();
+ if (StringUtils.isNotEmpty(dateFormat))
+ {
+ val = DateUtils.parseDateToStr(dateFormat, (Date) val);
+ }
+ else
+ {
+ val = Convert.toStr(val);
+ }
}
}
- else if ((Integer.TYPE == fieldType) || (Integer.class == fieldType))
+ else if ((Integer.TYPE == fieldType || Integer.class == fieldType) && StringUtils.isNumeric(Convert.toStr(val)))
{
val = Convert.toInt(val);
}
- else if ((Long.TYPE == fieldType) || (Long.class == fieldType))
+ else if (Long.TYPE == fieldType || Long.class == fieldType)
{
val = Convert.toLong(val);
}
- else if ((Double.TYPE == fieldType) || (Double.class == fieldType))
+ else if (Double.TYPE == fieldType || Double.class == fieldType)
{
val = Convert.toDouble(val);
}
- else if ((Float.TYPE == fieldType) || (Float.class == fieldType))
+ else if (Float.TYPE == fieldType || Float.class == fieldType)
{
val = Convert.toFloat(val);
}
@@ -264,6 +294,10 @@
{
val = DateUtil.getJavaDate((Double) val);
}
+ }
+ else if (Boolean.TYPE == fieldType || Boolean.class == fieldType)
+ {
+ val = Convert.toBool(val, false);
}
if (StringUtils.isNotNull(fieldType))
{
@@ -343,6 +377,7 @@
if (Type.EXPORT.equals(type))
{
fillExcelData(index, row);
+ addStatisticsRow();
}
}
String filename = encodingFilename(sheetName);
@@ -449,6 +484,30 @@
headerFont.setColor(IndexedColors.WHITE.getIndex());
style.setFont(headerFont);
styles.put("header", style);
+
+ style = wb.createCellStyle();
+ style.setAlignment(HorizontalAlignment.CENTER);
+ style.setVerticalAlignment(VerticalAlignment.CENTER);
+ Font totalFont = wb.createFont();
+ totalFont.setFontName("Arial");
+ totalFont.setFontHeightInPoints((short) 10);
+ style.setFont(totalFont);
+ styles.put("total", style);
+
+ style = wb.createCellStyle();
+ style.cloneStyleFrom(styles.get("data"));
+ style.setAlignment(HorizontalAlignment.LEFT);
+ styles.put("data1", style);
+
+ style = wb.createCellStyle();
+ style.cloneStyleFrom(styles.get("data"));
+ style.setAlignment(HorizontalAlignment.CENTER);
+ styles.put("data2", style);
+
+ style = wb.createCellStyle();
+ style.cloneStyleFrom(styles.get("data"));
+ style.setAlignment(HorizontalAlignment.RIGHT);
+ styles.put("data3", style);
return styles;
}
@@ -478,14 +537,56 @@
{
if (ColumnType.STRING == attr.cellType())
{
- cell.setCellType(CellType.NUMERIC);
cell.setCellValue(StringUtils.isNull(value) ? attr.defaultValue() : value + attr.suffix());
}
else if (ColumnType.NUMERIC == attr.cellType())
{
- cell.setCellType(CellType.NUMERIC);
- cell.setCellValue(Integer.parseInt(value + ""));
+ if (StringUtils.isNotNull(value))
+ {
+ cell.setCellValue(StringUtils.contains(Convert.toStr(value), ".") ? Convert.toDouble(value) : Convert.toInt(value));
+ }
}
+ else if (ColumnType.IMAGE == attr.cellType())
+ {
+ ClientAnchor anchor = new XSSFClientAnchor(0, 0, 0, 0, (short) cell.getColumnIndex(), cell.getRow().getRowNum(), (short) (cell.getColumnIndex() + 1),
+ cell.getRow().getRowNum() + 1);
+ String imagePath = Convert.toStr(value);
+ if (StringUtils.isNotEmpty(imagePath))
+ {
+ byte[] data = ImageUtils.getImage(imagePath);
+ getDrawingPatriarch(cell.getSheet()).createPicture(anchor,
+ cell.getSheet().getWorkbook().addPicture(data, getImageType(data)));
+ }
+ }
+ }
+
+ /**
+ * 获取画布
+ */
+ public static Drawing<?> getDrawingPatriarch(Sheet sheet)
+ {
+ if (sheet.getDrawingPatriarch() == null)
+ {
+ sheet.createDrawingPatriarch();
+ }
+ return sheet.getDrawingPatriarch();
+ }
+
+ /**
+ * 获取图片类型,设置图片插入类型
+ */
+ public int getImageType(byte[] value)
+ {
+ String type = FileTypeUtils.getFileExtendName(value);
+ if ("JPG".equalsIgnoreCase(type))
+ {
+ return Workbook.PICTURE_TYPE_JPEG;
+ }
+ else if ("PNG".equalsIgnoreCase(type))
+ {
+ return Workbook.PICTURE_TYPE_PNG;
+ }
+ return Workbook.PICTURE_TYPE_JPEG;
}
/**
@@ -501,7 +602,6 @@
{
// 设置列宽
sheet.setColumnWidth(column, (int) ((attr.width() + 0.72) * 256));
- row.setHeight((short) (attr.height() * 20));
}
// 如果设置了提示信息则鼠标放上去提示.
if (StringUtils.isNotEmpty(attr.prompt()))
@@ -526,13 +626,14 @@
try
{
// 设置行高
- row.setHeight((short) (attr.height() * 20));
+ row.setHeight(maxHeight);
// 根据Excel中设置情况决定是否导出,有些情况需要保持为空,希望用户填写这一列.
if (attr.isExport())
{
// 创建cell
cell = row.createCell(column);
- cell.setCellStyle(styles.get("data"));
+ int align = attr.align().value();
+ cell.setCellStyle(styles.get("data" + (align >= 1 && align <= 3 ? align : "")));
// 用于读取对象中的属性
Object value = getTargetValue(vo, field, attr);
@@ -548,15 +649,20 @@
{
cell.setCellValue(convertByExp(Convert.toStr(value), readConverterExp, separator));
}
- else if (StringUtils.isNotEmpty(dictType))
+ else if (StringUtils.isNotEmpty(dictType) && StringUtils.isNotNull(value))
{
cell.setCellValue(convertDictByExp(Convert.toStr(value), dictType, separator));
+ }
+ else if (value instanceof BigDecimal && -1 != attr.scale())
+ {
+ cell.setCellValue((((BigDecimal) value).setScale(attr.scale(), attr.roundingMode())).toString());
}
else
{
// 设置列类型
setCellVo(value, attr, cell);
}
+ addStatisticsData(column, Convert.toStr(value), attr);
}
}
catch (Exception e)
@@ -696,7 +802,7 @@
}
return StringUtils.stripEnd(propertyString.toString(), separator);
}
-
+
/**
* 解析字典值
*
@@ -721,6 +827,53 @@
public static String reverseDictByExp(String dictLabel, String dictType, String separator)
{
return DictUtils.getDictValue(dictType, dictLabel, separator);
+ }
+
+ /**
+ * 合计统计信息
+ */
+ private void addStatisticsData(Integer index, String text, Excel entity)
+ {
+ if (entity != null && entity.isStatistics())
+ {
+ Double temp = 0D;
+ if (!statistics.containsKey(index))
+ {
+ statistics.put(index, temp);
+ }
+ try
+ {
+ temp = Double.valueOf(text);
+ }
+ catch (NumberFormatException e)
+ {
+ }
+ statistics.put(index, statistics.get(index) + temp);
+ }
+ }
+
+ /**
+ * 创建统计行
+ */
+ public void addStatisticsRow()
+ {
+ if (statistics.size() > 0)
+ {
+ Cell cell = null;
+ Row row = sheet.createRow(sheet.getLastRowNum() + 1);
+ Set<Integer> keys = statistics.keySet();
+ cell = row.createCell(0);
+ cell.setCellStyle(styles.get("total"));
+ cell.setCellValue("合计");
+
+ for (Integer key : keys)
+ {
+ cell = row.createCell(key);
+ cell.setCellStyle(styles.get("total"));
+ cell.setCellValue(DOUBLE_FORMAT.format(statistics.get(key)));
+ }
+ statistics.clear();
+ }
}
/**
@@ -789,12 +942,12 @@
*/
private Object getValue(Object o, String name) throws Exception
{
- if (StringUtils.isNotEmpty(name))
+ if (StringUtils.isNotNull(o) && StringUtils.isNotEmpty(name))
{
Class<?> clazz = o.getClass();
- String methodName = "get" + name.substring(0, 1).toUpperCase() + name.substring(1);
- Method method = clazz.getMethod(methodName);
- o = method.invoke(o);
+ Field field = clazz.getDeclaredField(name);
+ field.setAccessible(true);
+ o = field.get(o);
}
return o;
}
@@ -828,6 +981,21 @@
}
}
this.fields = this.fields.stream().sorted(Comparator.comparing(objects -> ((Excel) objects[1]).sort())).collect(Collectors.toList());
+ this.maxHeight = getRowHeight();
+ }
+
+ /**
+ * 根据注解获取最大行高
+ */
+ public short getRowHeight()
+ {
+ double maxHeight = 0;
+ for (Object[] os : this.fields)
+ {
+ Excel excel = (Excel) os[1];
+ maxHeight = maxHeight > excel.height() ? maxHeight : excel.height();
+ }
+ return (short) (maxHeight * 20);
}
/**
@@ -889,27 +1057,34 @@
Cell cell = row.getCell(column);
if (StringUtils.isNotNull(cell))
{
- if (cell.getCellTypeEnum() == CellType.NUMERIC || cell.getCellTypeEnum() == CellType.FORMULA)
+ if (cell.getCellType() == CellType.NUMERIC || cell.getCellType() == CellType.FORMULA)
{
val = cell.getNumericCellValue();
- if (HSSFDateUtil.isCellDateFormatted(cell))
+ if (DateUtil.isCellDateFormatted(cell))
{
val = DateUtil.getJavaDate((Double) val); // POI Excel 日期格式转换
}
else
{
- val = new BigDecimal(val.toString()); // 浮点格式处理
+ if ((Double) val % 1 != 0)
+ {
+ val = new BigDecimal(val.toString());
+ }
+ else
+ {
+ val = new DecimalFormat("0").format(val);
+ }
}
}
- else if (cell.getCellTypeEnum() == CellType.STRING)
+ else if (cell.getCellType() == CellType.STRING)
{
val = cell.getStringCellValue();
}
- else if (cell.getCellTypeEnum() == CellType.BOOLEAN)
+ else if (cell.getCellType() == CellType.BOOLEAN)
{
val = cell.getBooleanCellValue();
}
- else if (cell.getCellTypeEnum() == CellType.ERROR)
+ else if (cell.getCellType() == CellType.ERROR)
{
val = cell.getErrorCellValue();
}
--
Gitblit v1.9.2