From a71541a22781ec769b39e9746aca6b71c5c3df52 Mon Sep 17 00:00:00 2001
From: gssong <1742057357@qq.com>
Date: Wed, 18 Mar 2026 11:40:35 +0800
Subject: [PATCH] =?UTF-8?q?fix=20=E4=BF=AE=E5=A4=8D=20CVE-2026-2819=20?=
 =?UTF-8?q?=E5=B7=A5=E4=BD=9C=E6=B5=81=E6=8E=A5=E5=8F=A3=E9=80=9A=E8=BF=87?=
 =?UTF-8?q?=E4=B8=9A=E5=8A=A1id=E5=8F=AF=E4=BB=A5=E8=B6=8A=E7=BA=A7?=
 =?UTF-8?q?=E5=88=A0=E9=99=A4=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../service/impl/FlwInstanceServiceImpl.java  | 95 ++++++++-----------
 1 file changed, 39 insertions(+), 56 deletions(-)

diff --git a/ruoyi-modules/ruoyi-workflow/src/main/java/org/dromara/workflow/service/impl/FlwInstanceServiceImpl.java b/ruoyi-modules/ruoyi-workflow/src/main/java/org/dromara/workflow/service/impl/FlwInstanceServiceImpl.java
index 71e9be636..b64f6ab92 100644
--- a/ruoyi-modules/ruoyi-workflow/src/main/java/org/dromara/workflow/service/impl/FlwInstanceServiceImpl.java
+++ b/ruoyi-modules/ruoyi-workflow/src/main/java/org/dromara/workflow/service/impl/FlwInstanceServiceImpl.java
@@ -193,13 +193,8 @@ public class FlwInstanceServiceImpl implements IFlwInstanceService {
             log.warn("未找到对应的流程实例信息，无法执行删除操作。");
             return false;
         }
-        String userId = LoginHelper.getUserIdStr();
-        for (FlowInstance instance : flowInstances) {
-            if (LoginHelper.isSuperAdmin() || instance.getCreateBy().equals(userId)) {
-                continue;
-            }
-            throw new ServiceException("权限不足，无法删除流程实例信息!");
-        }
+        // 发送事件
+        processDeleteHandler(flowInstances);
         return insService.remove(StreamUtils.toList(flowInstances, FlowInstance::getId));
     }
 
@@ -212,34 +207,13 @@ public class FlwInstanceServiceImpl implements IFlwInstanceService {
     @Transactional(rollbackFor = Exception.class)
     public boolean deleteByInstanceIds(List<Long> instanceIds) {
         // 获取实例信息
-        List<Instance> instances = insService.getByIds(instanceIds);
-        if (CollUtil.isEmpty(instances)) {
+        List<FlowInstance> flowInstances = flowInstanceMapper.selectByIds(instanceIds);
+        if (CollUtil.isEmpty(flowInstances)) {
             log.warn("未找到对应的流程实例信息，无法执行删除操作。");
             return false;
         }
-        String userId = LoginHelper.getUserIdStr();
-        for (Instance instance : instances) {
-            if (LoginHelper.isSuperAdmin() || instance.getCreateBy().equals(userId)) {
-                continue;
-            }
-            throw new ServiceException("权限不足，无法删除流程实例信息!");
-        }
-        // 获取定义信息
-        Map<Long, Definition> definitionMap = StreamUtils.toMap(
-            defService.getByIds(StreamUtils.toList(instances, Instance::getDefinitionId)),
-            Definition::getId,
-            Function.identity()
-        );
-
-        // 逐一触发删除事件
-        instances.forEach(instance -> {
-            Definition definition = definitionMap.get(instance.getDefinitionId());
-            if (ObjectUtil.isNull(definition)) {
-                log.warn("实例 ID: {} 对应的流程定义信息未找到，跳过删除事件触发。", instance.getId());
-                return;
-            }
-            flowProcessEventHandler.processDeleteHandler(definition.getFlowCode(), instance.getBusinessId());
-        });
+        // 发送事件
+        processDeleteHandler(flowInstances);
         // 删除实例
         return insService.remove(instanceIds);
     }
@@ -253,33 +227,13 @@ public class FlwInstanceServiceImpl implements IFlwInstanceService {
     @Transactional(rollbackFor = Exception.class)
     public boolean deleteHisByInstanceIds(List<Long> instanceIds) {
         // 获取实例信息
-        List<Instance> instances = insService.getByIds(instanceIds);
-        if (CollUtil.isEmpty(instances)) {
+        List<FlowInstance> flowInstances = flowInstanceMapper.selectByIds(instanceIds);
+        if (CollUtil.isEmpty(flowInstances)) {
             log.warn("未找到对应的流程实例信息，无法执行删除操作。");
             return false;
         }
-        String userId = LoginHelper.getUserIdStr();
-        for (Instance instance : instances) {
-            if (LoginHelper.isSuperAdmin() || instance.getCreateBy().equals(userId)) {
-                continue;
-            }
-            throw new ServiceException("权限不足，无法删除流程实例信息!");
-        }
-        // 获取定义信息
-        Map<Long, Definition> definitionMap = StreamUtils.toMap(
-            defService.getByIds(StreamUtils.toList(instances, Instance::getDefinitionId)),
-            Definition::getId,
-            Function.identity()
-        );
-        // 逐一触发删除事件
-        instances.forEach(instance -> {
-            Definition definition = definitionMap.get(instance.getDefinitionId());
-            if (ObjectUtil.isNull(definition)) {
-                log.warn("实例 ID: {} 对应的流程定义信息未找到，跳过删除事件触发。", instance.getId());
-                return;
-            }
-            flowProcessEventHandler.processDeleteHandler(definition.getFlowCode(), instance.getBusinessId());
-        });
+        // 发送事件
+        processDeleteHandler(flowInstances);
         List<FlowTask> flowTaskList = flwTaskService.selectByInstIds(instanceIds);
         if (CollUtil.isNotEmpty(flowTaskList)) {
             FlowEngine.userService().deleteByTaskIds(StreamUtils.toList(flowTaskList, FlowTask::getId));
@@ -290,6 +244,35 @@ public class FlwInstanceServiceImpl implements IFlwInstanceService {
         return true;
     }
 
+
+    private void processDeleteHandler(List<FlowInstance> flowInstances) {
+
+        String userId = LoginHelper.getUserIdStr();
+        for (FlowInstance flowInstance : flowInstances) {
+            //如果创建人与当前登陆人一致或者当前登陆人为管理员才能删除
+            if (LoginHelper.isSuperAdmin() || flowInstance.getCreateBy().equals(userId)) {
+                continue;
+            }
+            throw new ServiceException("权限不足，无法删除流程实例信息!");
+        }
+        // 获取定义信息
+        Map<Long, Definition> definitionMap = StreamUtils.toMap(
+            defService.getByIds(StreamUtils.toList(flowInstances, Instance::getDefinitionId)),
+            Definition::getId,
+            Function.identity()
+        );
+
+        // 逐一触发删除事件
+        flowInstances.forEach(instance -> {
+            Definition definition = definitionMap.get(instance.getDefinitionId());
+            if (ObjectUtil.isNull(definition)) {
+                log.warn("实例 ID: {} 对应的流程定义信息未找到，跳过删除事件触发。", instance.getId());
+                return;
+            }
+            flowProcessEventHandler.processDeleteHandler(definition.getFlowCode(), instance.getBusinessId());
+        });
+    }
+
     /**
      * 撤销流程
      *