* 开放所有的请求都需要进行验证管理

gouchy · gouchy · commit dccdadd82f38 · 2023-07-26T15:21:10.000+08:00
diff --git a/APIJSONORM/pom.xml b/APIJSONORM/pom.xml
@@ -5,7 +5,7 @@
 
 	<groupId>com.github.gouchy</groupId>
 	<artifactId>APIJSON</artifactId>
-	<version>6.1.0_1</version>
+	<version>6.1.2</version>
 	<packaging>jar</packaging>
 
 	<name>APIJSONORM</name>
diff --git a/APIJSONORM/src/main/java/apijson/orm/AbstractSQLConfig.java b/APIJSONORM/src/main/java/apijson/orm/AbstractSQLConfig.java
@@ -4901,8 +4901,12 @@ else if (userId instanceof Subquery) {}
 			//强制作为条件且放在最前面优化性能
 			request.remove(idKey);
 			request.remove(idInKey);
-			request.remove(userIdKey);
-			request.remove(userIdInKey);
+			/**
+			 * modify by gouchy chen
+			 * 不删除相应的字段
+			 */
+			//request.remove(userIdKey);
+			//request.remove(userIdInKey);
 			//关键词
 			request.remove(KEY_ROLE);
 			request.remove(KEY_EXPLAIN);
@@ -5088,11 +5092,11 @@ else if (userId instanceof Subquery) {}
 				}
 				
 				if (StringUtil.isNotEmpty(combineExpr, true)) {
-					List<String> banKeyList = Arrays.asList(idKey, idInKey, userIdKey, userIdInKey);
+					List<String> banKeyList = Arrays.asList(idKey, idInKey);
 					for (String key : banKeyList) {
 						if(keyInCombineExpr(combineExpr, key)) {
 							throw new UnsupportedOperationException(table + ":{} 里的 @combine:value 中的 value 里 " + key + " 不合法！"
-									+ "不允许传 [" + idKey + ", " + idInKey + ", " + userIdKey + ", " + userIdInKey + "] 其中任何一个！");
+									+ "不允许传 [" + idKey + ", " + idInKey + "] 其中任何一个！");
 						}
 					}
 				}
@@ -5128,9 +5132,9 @@ else if (w.startsWith("!")) {
 								throw new IllegalArgumentException(table + ":{} 里的 @combine:value 中的value里条件 " + ws[i] + " 不合法！不允许为空值！");
 							}
 							else {
-								if (idKey.equals(w) || idInKey.equals(w) || userIdKey.equals(w) || userIdInKey.equals(w)) {
+								if (idKey.equals(w) || idInKey.equals(w)) {
 									throw new UnsupportedOperationException(table + ":{} 里的 @combine:value 中的 value 里 " + ws[i] + " 不合法！"
-											+ "不允许传 [" + idKey + ", " + idInKey + ", " + userIdKey + ", " + userIdInKey + "] 其中任何一个！");
+											+ "不允许传 [" + idKey + ", " + idInKey + "] 其中任何一个！");
 								}
 							}
 
diff --git a/APIJSONORM/src/main/java/apijson/orm/AbstractSQLExecutor.java b/APIJSONORM/src/main/java/apijson/orm/AbstractSQLExecutor.java
@@ -240,7 +240,7 @@ public JSONObject execute(@NotNull SQLConfig config, boolean unknownType) throws
 					}
 
 					if (updateCount <= 0) {
-						throw new IllegalAccessException("没权限访问或对象不存在！");  // NotExistException 会被 catch 转为成功状态
+						throw new IllegalAccessException("无法获取到对象或者对象数据未更改！");  // NotExistException 会被 catch 转为成功状态
 					}
 
 					// updateCount>0时收集结果。例如更新操作成功时，返回count(affected rows)、id字段

Original file line number	Diff line number	Diff line change
`@@ -4901,8 +4901,12 @@ else if (userId instanceof Subquery) {}`
`4901`	`4901`	`//强制作为条件且放在最前面优化性能`
`4902`	`4902`	`request.remove(idKey);`
`4903`	`4903`	`request.remove(idInKey);`
`4904`		`- request.remove(userIdKey);`
`4905`		`- request.remove(userIdInKey);`
	`4904`	`+ /**`
	`4905`	`+ * modify by gouchy chen`
	`4906`	`+ * 不删除相应的字段`
	`4907`	`+ */`
	`4908`	`+ //request.remove(userIdKey);`
	`4909`	`+ //request.remove(userIdInKey);`
`4906`	`4910`	`//关键词`
`4907`	`4911`	`request.remove(KEY_ROLE);`
`4908`	`4912`	`request.remove(KEY_EXPLAIN);`
`@@ -5088,11 +5092,11 @@ else if (userId instanceof Subquery) {}`
`5088`	`5092`	`}`
`5089`	`5093`
`5090`	`5094`	`if (StringUtil.isNotEmpty(combineExpr, true)) {`
`5091`		`- List<String> banKeyList = Arrays.asList(idKey, idInKey, userIdKey, userIdInKey);`
	`5095`	`+ List<String> banKeyList = Arrays.asList(idKey, idInKey);`
`5092`	`5096`	`for (String key : banKeyList) {`
`5093`	`5097`	`if(keyInCombineExpr(combineExpr, key)) {`
`5094`	`5098`	`throw new UnsupportedOperationException(table + ":{} 里的 @combine:value 中的 value 里 " + key + " 不合法！"`
`5095`		`- + "不允许传 [" + idKey + ", " + idInKey + ", " + userIdKey + ", " + userIdInKey + "] 其中任何一个！");`
	`5099`	`+ + "不允许传 [" + idKey + ", " + idInKey + "] 其中任何一个！");`
`5096`	`5100`	`}`
`5097`	`5101`	`}`
`5098`	`5102`	`}`
`@@ -5128,9 +5132,9 @@ else if (w.startsWith("!")) {`
`5128`	`5132`	`throw new IllegalArgumentException(table + ":{} 里的 @combine:value 中的value里条件 " + ws[i] + " 不合法！不允许为空值！");`
`5129`	`5133`	`}`
`5130`	`5134`	`else {`
`5131`		`- if (idKey.equals(w) \|\| idInKey.equals(w) \|\| userIdKey.equals(w) \|\| userIdInKey.equals(w)) {`
	`5135`	`+ if (idKey.equals(w) \|\| idInKey.equals(w)) {`
`5132`	`5136`	`throw new UnsupportedOperationException(table + ":{} 里的 @combine:value 中的 value 里 " + ws[i] + " 不合法！"`
`5133`		`- + "不允许传 [" + idKey + ", " + idInKey + ", " + userIdKey + ", " + userIdInKey + "] 其中任何一个！");`
	`5137`	`+ + "不允许传 [" + idKey + ", " + idInKey + "] 其中任何一个！");`
`5134`	`5138`	`}`
`5135`	`5139`	`}`
`5136`	`5140`
Original file line number	Diff line number	Diff line change
`@@ -240,7 +240,7 @@ public JSONObject execute(@NotNull SQLConfig config, boolean unknownType) throws`
`240`	`240`	`}`
`241`	`241`
`242`	`242`	`if (updateCount <= 0) {`
`243`		`- throw new IllegalAccessException("没权限访问或对象不存在！"); // NotExistException 会被 catch 转为成功状态`
	`243`	`+ throw new IllegalAccessException("无法获取到对象或者对象数据未更改！"); // NotExistException 会被 catch 转为成功状态`
`244`	`244`	`}`
`245`	`245`
`246`	`246`	`// updateCount>0时收集结果。例如更新操作成功时，返回count(affected rows)、id字段`