Merge remote-tracking branch 'origin/master'

airport-admin/src/main/java/com/sundot/airport/web/controller/score/ScoreEventController.java

@@ -11,6 +11,7 @@ import com.sundot.airport.common.core.page.TableDataInfo;
 import com.sundot.airport.common.enums.BusinessType;
 import com.sundot.airport.common.enums.ScoreTypeEnum;
 import com.sundot.airport.common.utils.DateUtils;
+import com.sundot.airport.common.utils.NameUtils;
 import com.sundot.airport.common.utils.poi.ExcelUtil;
 import com.sundot.airport.ledger.domain.ScoreEvent;
 import com.sundot.airport.ledger.domain.ScoreIndicator;
@@ -28,7 +29,12 @@ import org.springframework.web.multipart.MultipartFile;
 import javax.servlet.http.HttpServletResponse;
 import java.math.BigDecimal;
 import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.LinkedHashMap;
 import java.util.List;
+import java.util.Map;
+import java.util.Set;
 import java.util.UUID;
 
 /**
@@ -38,6 +44,16 @@ import java.util.UUID;
 @RequestMapping("/score/event")
 public class ScoreEventController extends BaseController {
 
+    // 排序字段白名单（防 SQL 注入）
+    private static final Set<String> ALLOWED_SORT_COLUMNS;
+
+    static {
+        Set<String> set = new HashSet<>();
+        set.add("create_time");
+        set.add("event_time");
+        ALLOWED_SORT_COLUMNS = Collections.unmodifiableSet(set);
+    }
+
     @Autowired
     private IScoreEventService service;
 
@@ -51,6 +67,9 @@ public class ScoreEventController extends BaseController {
     @GetMapping("/list")
     public TableDataInfo list(ScoreEvent query) {
         startPage();
+        // 排序字段白名单过滤
+        Map<String, String> safeSort = buildSafeSort(query.getSorts());
+        query.setSorts(safeSort);
         return getDataTable(service.selectList(query));
     }
 
@@ -75,10 +94,10 @@ public class ScoreEventController extends BaseController {
         entity.setSourceType("1");
         entity.setCreateBy(getUsername());
         entity.setCreateTime(DateUtils.getNowDate());
-        
+
         // 通过指标名称查找并设置ID
         resolveIndicatorIds(entity);
-        
+
         // 计算 totalScore
         BigDecimal score = entity.getScoreValue() != null ? entity.getScoreValue() : BigDecimal.ZERO;
         BigDecimal cascade = entity.getCascadeScore() != null ? entity.getCascadeScore() : BigDecimal.ZERO;
@@ -99,10 +118,10 @@ public class ScoreEventController extends BaseController {
     public AjaxResult edit(@Validated @RequestBody ScoreEvent entity) {
         entity.setUpdateBy(getUsername());
         entity.setUpdateTime(DateUtils.getNowDate());
-        
+
         // 通过指标名称查找并设置ID
         resolveIndicatorIds(entity);
-        
+
         BigDecimal score = entity.getScoreValue() != null ? entity.getScoreValue() : BigDecimal.ZERO;
         BigDecimal cascade = entity.getCascadeScore() != null ? entity.getCascadeScore() : BigDecimal.ZERO;
         entity.setTotalScore(score.add(cascade));
@@ -156,7 +175,7 @@ public class ScoreEventController extends BaseController {
                 entity.setLevel2Id(level2Id);
             }
         }
-        
+
         // 通过三级指标名称查找ID
         if (entity.getLevel3Name() != null && !entity.getLevel3Name().trim().isEmpty() && entity.getLevel3Id() == null) {
             Long level3Id = findIndicatorIdByName(entity.getLevel3Name().trim());
@@ -164,7 +183,7 @@ public class ScoreEventController extends BaseController {
                 entity.setLevel3Id(level3Id);
             }
         }
-        
+
         // 通过四级指标名称查找ID
         if (entity.getLevel4Name() != null && !entity.getLevel4Name().trim().isEmpty() && entity.getLevel4Id() == null) {
             Long level4Id = findIndicatorIdByName(entity.getLevel4Name().trim());
@@ -210,4 +229,26 @@ public class ScoreEventController extends BaseController {
         }
         return basePositionService.selectBasePositionById(regional.getParentId());
     }
+
+    /**
+     * 构建安全的排序参数
+     */
+    private Map<String, String> buildSafeSort(Map<String, String> sorts) {
+        Map<String, String> result = new LinkedHashMap<>();
+
+        if (sorts == null) {
+            return result;
+        }
+
+        for (Map.Entry<String, String> entry : sorts.entrySet()) {
+            String field = NameUtils.camelToUnderscore(entry.getKey());
+            if (!ALLOWED_SORT_COLUMNS.contains(field)) {
+                continue;
+            }
+            String direction = "desc".equalsIgnoreCase(String.valueOf(entry.getValue())) ? "desc" : "asc";
+
+            result.put(field, direction);
+        }
+        return result;
+    }
 }

airport-common/src/main/java/com/sundot/airport/common/core/domain/BaseEntity.java

@@ -59,6 +59,13 @@ public class BaseEntity implements Serializable {
     @JsonInclude(JsonInclude.Include.NON_EMPTY)
     private Map<String, Object> params;
 
+    /**
+     * 排序参数
+     */
+    @TableField(exist = false)
+    @JsonInclude(JsonInclude.Include.NON_EMPTY)
+    private Map<String, String> sorts;
+
     public String getSearchValue() {
         return searchValue;
     }
@@ -117,4 +124,12 @@ public class BaseEntity implements Serializable {
     public void setParams(Map<String, Object> params) {
         this.params = params;
     }
+
+    public Map<String, String> getSorts() {
+        return sorts;
+    }
+
+    public void setSorts(Map<String, String> sorts) {
+        this.sorts = sorts;
+    }
 }

airport-common/src/main/java/com/sundot/airport/common/dto/LedgerCommonQueryReqVO.java

@@ -6,6 +6,7 @@ import org.springframework.format.annotation.DateTimeFormat;
 
 import java.io.Serializable;
 import java.util.Date;
+import java.util.Map;
 
 /**
  * 台账统计查询 Req Entity
@@ -36,15 +37,20 @@ public class LedgerCommonQueryReqVO implements Serializable {
     /**
      * 开始时间
      */
-    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss")
-    @DateTimeFormat(pattern = "yyyy-MM-dd HH:mm:ss")
+    @JsonFormat(pattern = "yyyy-MM-dd")
+    @DateTimeFormat(pattern = "yyyy-MM-dd")
     private Date startDate;
 
     /**
      * 结束时间
      */
-    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss")
-    @DateTimeFormat(pattern = "yyyy-MM-dd HH:mm:ss")
+    @JsonFormat(pattern = "yyyy-MM-dd")
+    @DateTimeFormat(pattern = "yyyy-MM-dd")
     private Date endDate;
 
+    /**
+     * 排序
+     */
+    Map<String, String> sorts;
+
 }

airport-common/src/main/java/com/sundot/airport/common/utils/NameUtils.java

@@ -0,0 +1,28 @@
+package com.sundot.airport.common.utils;
+
+/**
+ * 字段名称工具类
+ */
+public class NameUtils {
+
+    /**
+     * 驼峰转下划线
+     * @param name
+     * @return
+     */
+    public static String camelToUnderscore(String name) {
+        if (name == null || name.isEmpty()) {
+            return name;
+        }
+        StringBuilder sb = new StringBuilder();
+        for (char c : name.toCharArray()) {
+            if (Character.isUpperCase(c)) {
+                sb.append("_").append(Character.toLowerCase(c));
+            } else {
+                sb.append(c);
+            }
+        }
+        return sb.toString();
+    }
+
+}

airport-common/src/main/java/com/sundot/airport/common/utils/StreamSortUtils.java

@@ -0,0 +1,62 @@
+package com.sundot.airport.common.utils;
+
+import java.lang.reflect.Field;
+import java.util.Comparator;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+/**
+ * 排序工具类（支持 Integer /Long / BigDecimal / String / Date）
+ */
+public class StreamSortUtils {
+
+    /**
+     * 根据 Map 动态排序
+     *
+     * @param list   待排序集合
+     * @param sorts  key=字段名, value=asc/desc
+     */
+    public static <T> List<T> sort(List<T> list, Map<String, String> sorts) {
+        if (list == null || list.isEmpty() || sorts == null || sorts.isEmpty()) {
+            return list;
+        }
+
+        Comparator<T> comparator = null;
+
+        for (Map.Entry<String, String> entry : sorts.entrySet()) {
+            String fieldName = entry.getKey();
+            boolean desc = "desc".equalsIgnoreCase(entry.getValue());
+
+            Comparator<T> current = Comparator.comparing(
+                    t -> getFieldValue(t, fieldName),
+                    Comparator.nullsLast(Comparator.naturalOrder())
+            );
+
+            if (desc) {
+                current = current.reversed();
+            }
+
+            comparator = comparator == null ? current : comparator.thenComparing(current);
+        }
+
+        return list.stream()
+                .sorted(comparator)
+                .collect(Collectors.toList());
+    }
+
+    /**
+     * 反射获取字段值（支持 BigDecimal / String / Date）
+     */
+    @SuppressWarnings("unchecked")
+    private static <T> Comparable<Object> getFieldValue(T obj, String fieldName) {
+        try {
+            Field field = obj.getClass().getDeclaredField(fieldName);
+            field.setAccessible(true);
+            return (Comparable<Object>) field.get(obj);
+        } catch (Exception e) {
+            throw new RuntimeException("排序字段不存在或不可比较: " + fieldName, e);
+        }
+    }
+
+}

airport-ledger/src/main/java/com/sundot/airport/ledger/service/impl/LedgerWarningServiceImpl.java

@@ -13,6 +13,7 @@ import com.sundot.airport.common.enums.LedgerStatusLabelEnum;
 import com.sundot.airport.common.enums.ScoreLevelEnum;
 import com.sundot.airport.common.utils.DeptUtils;
 import com.sundot.airport.common.utils.SecurityUtils;
+import com.sundot.airport.common.utils.StreamSortUtils;
 import com.sundot.airport.ledger.domain.ScoreEvent;
 import com.sundot.airport.ledger.domain.ScoreIndicator;
 import com.sundot.airport.ledger.domain.vo.LedgerWarningDetailItemVO;
@@ -33,6 +34,7 @@ import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -187,7 +189,14 @@ public class LedgerWarningServiceImpl implements ILedgerWarningService {
         BigDecimal sum = ledgerWarningDetailItemList.stream().map(LedgerWarningDetailItemVO::getOverallScore).reduce(BigDecimal.ZERO, BigDecimal::add);
         BigDecimal averageComprehensiveScore = CollUtil.isEmpty(ledgerWarningDetailItemList) ? BigDecimal.ZERO : sum.divide(BigDecimal.valueOf(ledgerWarningDetailItemList.size()), 2, RoundingMode.HALF_UP);
         result.setAverageComprehensiveScore(averageComprehensiveScore);
-        result.setLedgerWarningDetailItemList(ledgerWarningDetailItemList);
+        // 排序
+        if (ObjUtil.isNull(queryReq.getSorts())) {
+            Map<String, String> sorts = new LinkedHashMap<>();
+            sorts.put("overallScore", "desc");
+            queryReq.setSorts(sorts);
+        }
+        List<LedgerWarningDetailItemVO> ledgerWarningDetailItemListSort = StreamSortUtils.sort(ledgerWarningDetailItemList, queryReq.getSorts());
+        result.setLedgerWarningDetailItemList(ledgerWarningDetailItemListSort);
         return result;
     }
 

airport-ledger/src/main/resources/mapper/ledger/ScoreEventMapper.xml

@@ -62,6 +62,23 @@
         WHERE del_flag = '0'
     </sql>
 
+    <sql id="order_by">
+        <choose>
+            <when test="sorts != null and sorts.size() > 0">
+                order by
+                <foreach collection="sorts.entrySet()"
+                         index="field"
+                         item="dir"
+                         separator=",">
+                    ${field} ${dir}
+                </foreach>
+            </when>
+            <otherwise>
+                order by event_time desc
+            </otherwise>
+        </choose>
+    </sql>
+
     <select id="selectList" parameterType="com.sundot.airport.ledger.domain.ScoreEvent"
             resultMap="ScoreEventResult">
         <include refid="selectVo"/>
@@ -96,7 +113,7 @@
         <if test="params != null and params.endTime != null and params.endTime != ''">
             AND event_time &lt;= #{params.endTime}
         </if>
-        ORDER BY event_time DESC, id DESC
+        <include refid="order_by"/>
     </select>
 
 </mapper>