Merge branch 'master' of gitee.com:beijing_hongye_huicheng/lilishop into feature/pg

framework/src/main/java/cn/lili/common/enums/ResultCode.java

@@ -47,6 +47,7 @@ public enum ResultCode {
     CATEGORY_HAS_CHILDREN(10005, "此类别下存在子类别不能删除"),
     CATEGORY_HAS_GOODS(10006, "此类别下存在商品不能删除"),
     CATEGORY_SAVE_ERROR(10007, "此类别下存在商品不能删除"),
+    CATEGORY_PARAMETER_NOT_EXIST(10012, "分类绑定参数组不存在"),
     CATEGORY_PARAMETER_SAVE_ERROR(10008, "分类绑定参数组添加失败"),
     CATEGORY_PARAMETER_UPDATE_ERROR(10009, "分类绑定参数组添加失败"),
     CATEGORY_DELETE_FLAG_ERROR(10010, "子类状态不能与父类不一致！"),
@@ -72,6 +73,7 @@ public enum ResultCode {
     GOODS_PARAMS_ERROR(11013, "商品参数错误，刷新后重试"),
     PHYSICAL_GOODS_NEED_TEMP(11014, "实物商品需选择配送模板"),
     VIRTUAL_GOODS_NOT_NEED_TEMP(11015, "实物商品需选择配送模板"),
+    GOODS_NOT_EXIST_STORE(11017, "当前用户无权操作此商品"),
     GOODS_TYPE_ERROR(11016, "需选择商品类型"),
 
     /**

framework/src/main/java/cn/lili/common/security/AuthUser.java

@@ -13,6 +13,8 @@ import java.io.Serializable;
 @AllArgsConstructor
 public class AuthUser implements Serializable {
 
+    private static final long serialVersionUID = 582441893336003319L;
+
     /**
      * 用户名
      */

framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java

@@ -1,6 +1,8 @@
 package cn.lili.common.security.filter;
 
 
+import cn.hutool.http.HtmlUtil;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
 import java.util.regex.Pattern;
@@ -107,25 +109,26 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
 
     private String cleanXSS(String value) {
         if (value != null) {
-            //推荐使用ESAPI库来避免脚本攻击,value = ESAPI.encoder().canonicalize(value);
+//            //推荐使用ESAPI库来避免脚本攻击,value = ESAPI.encoder().canonicalize(value);
-            //避免script 标签
+//            //避免script 标签
-            value = SCRIPT_PATTERN1.matcher(value).replaceAll("");
+//            value = SCRIPT_PATTERN1.matcher(value).replaceAll("");
-            //删除单个的 </script> 标签
+//            //删除单个的 </script> 标签
-            value = SCRIPT_PATTERN2.matcher(value).replaceAll("");
+//            value = SCRIPT_PATTERN2.matcher(value).replaceAll("");
-            //删除单个的<script ...> 标签
+//            //删除单个的<script ...> 标签
-            value = SCRIPT_PATTERN3.matcher(value).replaceAll("");
+//            value = SCRIPT_PATTERN3.matcher(value).replaceAll("");
-            //避免 javascript: 表达式
+//            //避免 javascript: 表达式
-            value = SCRIPT_PATTERN4.matcher(value).replaceAll("");
+//            value = SCRIPT_PATTERN4.matcher(value).replaceAll("");
-            //避免src形式的表达式
+//            //避免src形式的表达式
-            value = SRC_PATTERN.matcher(value).replaceAll("");
+//            value = SRC_PATTERN.matcher(value).replaceAll("");
-            //避免 eval(...) 形式表达式
+//            //避免 eval(...) 形式表达式
-            value = EVAL_PATTERN.matcher(value).replaceAll("");
+//            value = EVAL_PATTERN.matcher(value).replaceAll("");
-            //避免 e­xpression(...) 表达式
+//            //避免 e­xpression(...) 表达式
-            value = E_­_XPRESSION_PATTERN.matcher(value).replaceAll("");
+//            value = E_­_XPRESSION_PATTERN.matcher(value).replaceAll("");
-            //避免 vbscript:表达式
+//            //避免 vbscript:表达式
-            value = VB_SCRIPT_PATTERN.matcher(value).replaceAll("");
+//            value = VB_SCRIPT_PATTERN.matcher(value).replaceAll("");
-            //避免 onload= 表达式
+//            //避免 onload= 表达式
-            value = ONLOAD_PATTERN.matcher(value).replaceAll("");
+//            value = ONLOAD_PATTERN.matcher(value).replaceAll("");
+            value = HtmlUtil.filter(value);
         }
         return value;
     }

framework/src/main/java/cn/lili/modules/goods/entity/dos/CategoryParameterGroup.java

@@ -5,6 +5,7 @@ import com.baomidou.mybatisplus.annotation.TableName;
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
+import lombok.EqualsAndHashCode;
 import org.hibernate.validator.constraints.Length;
 
 import javax.validation.constraints.NotEmpty;
@@ -16,6 +17,7 @@ import javax.validation.constraints.NotNull;
  * @author pikachu
  * @since 2020-02-26 10:34:02
  */
+@EqualsAndHashCode(callSuper = true)
 @Data
 @TableName("li_category_parameter_group")
 @ApiModel(value = "分类绑定参数组")

framework/src/main/java/cn/lili/modules/goods/entity/dos/Parameters.java

@@ -5,6 +5,7 @@ import com.baomidou.mybatisplus.annotation.TableName;
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
+import lombok.EqualsAndHashCode;
 import org.hibernate.validator.constraints.Length;
 
 import javax.validation.constraints.Max;
@@ -18,6 +19,7 @@ import javax.validation.constraints.NotNull;
  * @author pikachu
  * @since 2020-02-23 9:14:33
  */
+@EqualsAndHashCode(callSuper = true)
 @Data
 @TableName("li_parameters")
 @ApiModel(value = "商品参数")

framework/src/main/java/cn/lili/modules/goods/service/CategoryParameterGroupService.java

@@ -31,4 +31,13 @@ public interface CategoryParameterGroupService extends IService<CategoryParamete
      */
     List<CategoryParameterGroup> getCategoryGroup(String categoryId);
 
+
+    /**
+     * 更新分类参数组绑定信息
+     *
+     * @param categoryParameterGroup 分类参数组信息
+     * @return 是否成功
+     */
+    boolean updateCategoryGroup(CategoryParameterGroup categoryParameterGroup);
+    
 }

framework/src/main/java/cn/lili/modules/goods/serviceimpl/CategoryParameterGroupServiceImpl.java

@@ -1,5 +1,7 @@
 package cn.lili.modules.goods.serviceimpl;
 
+import cn.lili.common.enums.ResultCode;
+import cn.lili.common.exception.ServiceException;
 import cn.lili.modules.goods.entity.dos.CategoryParameterGroup;
 import cn.lili.modules.goods.entity.dos.Parameters;
 import cn.lili.modules.goods.entity.vos.ParameterGroupVO;
@@ -49,12 +51,28 @@ public class CategoryParameterGroupServiceImpl extends ServiceImpl<CategoryParam
         return this.list(new QueryWrapper<CategoryParameterGroup>().eq("category_id", categoryId));
     }
 
+    /**
+     * 更新分类参数组绑定信息
+     *
+     * @param categoryParameterGroup 分类参数组信息
+     * @return 是否成功
+     */
+    @Override
+    public boolean updateCategoryGroup(CategoryParameterGroup categoryParameterGroup) {
+        CategoryParameterGroup origin = this.getById(categoryParameterGroup.getId());
+        if (origin == null) {
+            throw new ServiceException(ResultCode.CATEGORY_PARAMETER_NOT_EXIST);
+        }
+
+        return false;
+    }
+
     /**
      * 拼装参数组和参数的返回值
      *
      * @param groupList 参数组list
      * @param paramList 商品参数list
-     * @return
+     * @return 参数组和参数的返回值
      */
     public List<ParameterGroupVO> convertParamList(List<CategoryParameterGroup> groupList, List<Parameters> paramList) {
         Map<String, List<Parameters>> map = new HashMap<>(paramList.size());

framework/src/main/java/cn/lili/modules/goods/serviceimpl/GoodsServiceImpl.java

@@ -274,6 +274,12 @@ public class GoodsServiceImpl extends ServiceImpl<GoodsMapper, Goods> implements
 
     @Override
     public Boolean updateGoodsMarketAble(List<String> goodsIds, GoodsStatusEnum goodsStatusEnum, String underReason) {
+        boolean result;
+
+        if (UserContext.getCurrentUser() == null || UserContext.getCurrentUser().getStoreId() == null) {
+            throw new ServiceException(ResultCode.USER_NOT_LOGIN);
+        }
+        String storeId = UserContext.getCurrentUser().getStoreId();
 
         //如果商品为空，直接返回
         if (goodsIds == null || goodsIds.isEmpty()) {
@@ -283,16 +289,16 @@ public class GoodsServiceImpl extends ServiceImpl<GoodsMapper, Goods> implements
         LambdaUpdateWrapper<Goods> updateWrapper = Wrappers.lambdaUpdate();
         updateWrapper.set(Goods::getMarketEnable, goodsStatusEnum.name());
         updateWrapper.set(Goods::getUnderMessage, underReason);
+        updateWrapper.eq(Goods::getStoreId, storeId);
         updateWrapper.in(Goods::getId, goodsIds);
-        this.update(updateWrapper);
+        result = this.update(updateWrapper);
 
         //修改规格商品
-        List<Goods> goodsList = this.list(new LambdaQueryWrapper<Goods>().in(Goods::getId, goodsIds));
+        List<Goods> goodsList = this.list(new LambdaQueryWrapper<Goods>().in(Goods::getId, goodsIds).eq(Goods::getStoreId, storeId));
         for (Goods goods : goodsList) {
             goodsSkuService.updateGoodsSkuStatus(goods);
         }
-        return true;
+        return result;
-
     }
 
     @Override

framework/src/main/java/cn/lili/modules/search/serviceimpl/EsGoodsSearchServiceImpl.java

@@ -85,6 +85,9 @@ public class EsGoodsSearchServiceImpl implements EsGoodsSearchService {
 
     @Override
     public List<String> getHotWords(Integer count) {
+        if (count == null) {
+            count = 0;
+        }
         List<String> hotWords = new ArrayList<>();
         // redis 排序中，下标从0开始，所以这里需要 -1 处理
         count = count - 1;
@@ -118,7 +121,7 @@ public class EsGoodsSearchServiceImpl implements EsGoodsSearchService {
         //参数
         AggregationBuilder valuesBuilder = AggregationBuilders.terms("valueAgg").field(ATTR_VALUE);
         AggregationBuilder sortBuilder = AggregationBuilders.sum("sortAgg").field(ATTR_SORT);
-        AggregationBuilder paramsNameBuilder = AggregationBuilders.terms("nameAgg").field(ATTR_NAME).subAggregation(sortBuilder).order(BucketOrder.aggregation("sortAgg",false)).subAggregation(valuesBuilder);
+        AggregationBuilder paramsNameBuilder = AggregationBuilders.terms("nameAgg").field(ATTR_NAME).subAggregation(sortBuilder).order(BucketOrder.aggregation("sortAgg", false)).subAggregation(valuesBuilder);
         builder.addAggregation(AggregationBuilders.nested("attrAgg", ATTR_PATH).subAggregation(paramsNameBuilder));
         NativeSearchQuery searchQuery = builder.build();
         SearchHits<EsGoodsIndex> search = restTemplate.search(searchQuery, EsGoodsIndex.class);