bonus
/
Bonus-Cloud
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

漏洞修复

This commit is contained in:
lizhenhua 2024-08-09 15:37:06 +08:00
parent 4e8974b2f7
commit 7fe2bce7dd
8 changed files with 200 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/web/domain/BaseEntity.java
View File

@ -4,13 +4,15 @@ import java.io.Serializable;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import com.fasterxml.jackson.annotation.JsonFormat;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonInclude;
/**
* Entity基类
*
*
* @author bonus
*/
public class BaseEntity implements Serializable
@ -38,10 +40,57 @@ public class BaseEntity implements Serializable
/** 备注 */
private String remark;
public Long getNewUserId() {
return newUserId;
}
public void setNewUserId(Long newUserId) {
this.newUserId = newUserId;
}
public String getMissionSource() {
return missionSource;
}
private Long newUserId;//新的用户id
private Set<Long> newrole ;//数据权限加了角色id
private Long newdeptId;//数据权限加了部门id
private String missionSource;//权限字符
public String getMissionSource(String missionSource) {
return missionSource;
}
public void setMissionSource(String missionSource) {
this.missionSource = missionSource;
}
public Long getNewdeptId() {
return newdeptId;
}
public void setNewdeptId(Long newdeptId) {
this.newdeptId = newdeptId;
}
public Set<Long> getNewrole() {
return newrole;
}
public void setNewrole(Set<Long> newrole) {
this.newrole = newrole;
}
/** 请求参数 */
@JsonInclude(JsonInclude.Include.NON_EMPTY)
private Map<String, Object> params;
public String getSearchValue()
{
return searchValue;

1
bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysLogController.java
View File

@ -1,7 +1,6 @@
package com.bonus.system.controller;
import com.bonus.common.core.domain.R;
//import com.bonus.common.core.utils.WordUtils;
import com.bonus.common.core.utils.WordUtils;
import com.bonus.common.core.web.controller.BaseController;
import com.bonus.common.core.web.domain.AjaxResult;

44
bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysDeptServiceImpl.java
View File

@ -4,6 +4,10 @@ import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import com.bonus.common.core.web.domain.BaseEntity;
import com.bonus.system.utils.CommonDataPermissionInfo;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.bonus.common.core.constant.UserConstants;
@ -23,7 +27,7 @@ import com.bonus.system.service.ISysDeptService;
/**
* 部门管理 服务实现
*
*
* @author bonus
*/
@Service
@ -37,7 +41,7 @@ public class SysDeptServiceImpl implements ISysDeptService
/**
* 查询部门管理数据
*
*
* @param dept 部门信息
* @return 部门信息集合
*/
@ -45,12 +49,18 @@ public class SysDeptServiceImpl implements ISysDeptService
@DataScope(deptAlias = "d")
public List<SysDept> selectDeptList(SysDept dept)
{
try {
BaseEntity entity = CommonDataPermissionInfo.backMissionInfo(dept.getParams().get("dataScope").toString());
BeanUtils.copyProperties(entity, dept);
} catch (Exception e) {
e.printStackTrace();
}
return deptMapper.selectDeptList(dept);
}
/**
* 查询部门树结构信息
*
*
* @param dept 部门信息
* @return 部门树信息集合
*/
@ -63,7 +73,7 @@ public class SysDeptServiceImpl implements ISysDeptService
/**
* 构建前端所需要树结构
*
*
* @param depts 部门列表
* @return 树结构列表
*/
@ -90,7 +100,7 @@ public class SysDeptServiceImpl implements ISysDeptService
/**
* 构建前端所需要下拉树结构
*
*
* @param depts 部门列表
* @return 下拉树结构列表
*/
@ -103,7 +113,7 @@ public class SysDeptServiceImpl implements ISysDeptService
/**
* 根据角色ID查询部门树信息
*
*
* @param roleId 角色ID
* @return 选中部门列表
*/
@ -116,7 +126,7 @@ public class SysDeptServiceImpl implements ISysDeptService
/**
* 根据部门ID查询信息
*
*
* @param deptId 部门ID
* @return 部门信息
*/
@ -128,7 +138,7 @@ public class SysDeptServiceImpl implements ISysDeptService
/**
* 根据ID查询所有子部门正常状态
*
*
* @param deptId 部门ID
* @return 子部门数
*/
@ -140,7 +150,7 @@ public class SysDeptServiceImpl implements ISysDeptService
/**
* 是否存在子节点
*
*
* @param deptId 部门ID
* @return 结果
*/
@ -153,7 +163,7 @@ public class SysDeptServiceImpl implements ISysDeptService
/**
* 查询部门是否存在用户
*
*
* @param deptId 部门ID
* @return 结果 true 存在 false 不存在
*/
@ -166,7 +176,7 @@ public class SysDeptServiceImpl implements ISysDeptService
/**
* 校验部门名称是否唯一
*
*
* @param dept 部门信息
* @return 结果
*/
@ -184,7 +194,7 @@ public class SysDeptServiceImpl implements ISysDeptService
/**
* 校验部门是否有数据权限
*
*
* @param deptId 部门id
*/
@Override
@ -204,7 +214,7 @@ public class SysDeptServiceImpl implements ISysDeptService
/**
* 新增保存部门信息
*
*
* @param dept 部门信息
* @return 结果
*/
@ -223,7 +233,7 @@ public class SysDeptServiceImpl implements ISysDeptService
/**
* 修改保存部门信息
*
*
* @param dept 部门信息
* @return 结果
*/
@ -251,7 +261,7 @@ public class SysDeptServiceImpl implements ISysDeptService
/**
* 修改该部门的父级部门状态
*
*
* @param dept 当前部门
*/
private void updateParentDeptStatusNormal(SysDept dept)
@ -263,7 +273,7 @@ public class SysDeptServiceImpl implements ISysDeptService
/**
* 修改子元素关系
*
*
* @param deptId 被修改的部门ID
* @param newAncestors 新的父ID集合
* @param oldAncestors 旧的父ID集合
@ -283,7 +293,7 @@ public class SysDeptServiceImpl implements ISysDeptService
/**
* 删除部门管理信息
*
*
* @param deptId 部门ID
* @return 结果
*/

54
bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysRoleServiceImpl.java
View File

@ -5,6 +5,10 @@ import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import com.bonus.common.core.web.domain.BaseEntity;
import com.bonus.system.utils.CommonDataPermissionInfo;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
@ -27,7 +31,7 @@ import com.bonus.system.service.ISysRoleService;
/**
* 角色 业务层处理
*
*
* @author bonus
*/
@Service
@ -47,7 +51,7 @@ public class SysRoleServiceImpl implements ISysRoleService
/**
* 根据条件分页查询角色数据
*
*
* @param role 角色信息
* @return 角色数据集合信息
*/
@ -55,12 +59,18 @@ public class SysRoleServiceImpl implements ISysRoleService
@DataScope(deptAlias = "d")
public List<SysRole> selectRoleList(SysRole role)
{
try {
BaseEntity entity = CommonDataPermissionInfo.backMissionInfo(role.getParams().get("dataScope").toString());
BeanUtils.copyProperties(entity, role);
} catch (Exception e) {
e.printStackTrace();
}
return roleMapper.selectRoleList(role);
}
/**
* 根据用户ID查询角色
*
*
* @param userId 用户ID
* @return 角色列表
*/
@ -85,7 +95,7 @@ public class SysRoleServiceImpl implements ISysRoleService
/**
* 根据用户ID查询权限
*
*
* @param userId 用户ID
* @return 权限列表
*/
@ -106,7 +116,7 @@ public class SysRoleServiceImpl implements ISysRoleService
/**
* 查询所有角色
*
*
* @return 角色列表
*/
@Override
@ -117,7 +127,7 @@ public class SysRoleServiceImpl implements ISysRoleService
/**
* 根据用户ID获取角色选择框列表
*
*
* @param userId 用户ID
* @return 选中角色ID列表
*/
@ -129,7 +139,7 @@ public class SysRoleServiceImpl implements ISysRoleService
/**
* 通过角色ID查询角色
*
*
* @param roleId 角色ID
* @return 角色对象信息
*/
@ -141,7 +151,7 @@ public class SysRoleServiceImpl implements ISysRoleService
/**
* 校验角色名称是否唯一
*
*
* @param role 角色信息
* @return 结果
*/
@ -159,7 +169,7 @@ public class SysRoleServiceImpl implements ISysRoleService
/**
* 校验角色权限是否唯一
*
*
* @param role 角色信息
* @return 结果
*/
@ -177,7 +187,7 @@ public class SysRoleServiceImpl implements ISysRoleService
/**
* 校验角色是否允许操作
*
*
* @param role 角色信息
*/
@Override
@ -191,7 +201,7 @@ public class SysRoleServiceImpl implements ISysRoleService
/**
* 校验角色是否有数据权限
*
*
* @param roleIds 角色id
*/
@Override
@ -214,7 +224,7 @@ public class SysRoleServiceImpl implements ISysRoleService
/**
* 通过角色ID查询角色使用数量
*
*
* @param roleId 角色ID
* @return 结果
*/
@ -226,7 +236,7 @@ public class SysRoleServiceImpl implements ISysRoleService
/**
* 新增保存角色信息
*
*
* @param role 角色信息
* @return 结果
*/
@ -241,7 +251,7 @@ public class SysRoleServiceImpl implements ISysRoleService
/**
* 修改保存角色信息
*
*
* @param role 角色信息
* @return 结果
*/
@ -258,7 +268,7 @@ public class SysRoleServiceImpl implements ISysRoleService
/**
* 修改角色状态
*
*
* @param role 角色信息
* @return 结果
*/
@ -270,7 +280,7 @@ public class SysRoleServiceImpl implements ISysRoleService
/**
* 修改数据权限信息
*
*
* @param role 角色信息
* @return 结果
*/
@ -288,7 +298,7 @@ public class SysRoleServiceImpl implements ISysRoleService
/**
* 新增角色菜单信息
*
*
* @param role 角色对象
*/
public int insertRoleMenu(SysRole role)
@ -336,7 +346,7 @@ public class SysRoleServiceImpl implements ISysRoleService
/**
* 通过角色ID删除角色
*
*
* @param roleId 角色ID
* @return 结果
*/
@ -353,7 +363,7 @@ public class SysRoleServiceImpl implements ISysRoleService
/**
* 批量删除角色信息
*
*
* @param roleIds 需要删除的角色ID
* @return 结果
*/
@ -380,7 +390,7 @@ public class SysRoleServiceImpl implements ISysRoleService
/**
* 取消授权用户角色
*
*
* @param userRole 用户和角色关联信息
* @return 结果
*/
@ -392,7 +402,7 @@ public class SysRoleServiceImpl implements ISysRoleService
/**
* 批量取消授权用户角色
*
*
* @param roleId 角色ID
* @param userIds 需要取消授权的用户数据ID
* @return 结果
@ -405,7 +415,7 @@ public class SysRoleServiceImpl implements ISysRoleService
/**
* 批量选择授权用户角色
*
*
* @param roleId 角色ID
* @param userIds 需要授权的用户数据ID
* @return 结果

30
bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysUserServiceImpl.java
View File

@ -2,20 +2,17 @@ package com.bonus.system.service.impl;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import javax.annotation.Resource;
import javax.validation.Validator;
import com.bonus.common.core.constant.CacheConstants;
import com.bonus.common.core.constant.Constants;
import com.bonus.common.core.domain.R;
import com.bonus.common.core.utils.VerificationCodeUtils;
import com.bonus.common.core.utils.sms.SmsUtils;
import com.bonus.common.redis.service.RedisService;
import com.bonus.common.core.web.domain.BaseEntity;
import com.bonus.system.utils.CommonDataPermissionInfo;
import org.apache.poi.ss.formula.functions.T;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.mail.SimpleMailMessage;
@ -95,7 +92,14 @@ public class SysUserServiceImpl implements ISysUserService {
@Override
@DataScope(deptAlias = "d", userAlias = "u")
public List<SysUser> selectUserList(SysUser user) {
return userMapper.selectUserList(user);
try {
BaseEntity entity = CommonDataPermissionInfo.backMissionInfo(user.getParams().get("dataScope").toString());
BeanUtils.copyProperties(entity, user);
} catch (Exception e) {
e.printStackTrace();
}
List<SysUser> sysUsers = userMapper.selectUserList(user);
return sysUsers;
}
/**
@ -107,6 +111,12 @@ public class SysUserServiceImpl implements ISysUserService {
@Override
@DataScope(deptAlias = "d", userAlias = "u")
public List<SysUser> selectAllocatedList(SysUser user) {
try {
BaseEntity entity = CommonDataPermissionInfo.backMissionInfo(user.getParams().get("dataScope").toString());
BeanUtils.copyProperties(entity, user);
} catch (Exception e) {
e.printStackTrace();
}
return userMapper.selectAllocatedList(user);
}
@ -119,6 +129,12 @@ public class SysUserServiceImpl implements ISysUserService {
@Override
@DataScope(deptAlias = "d", userAlias = "u")
public List<SysUser> selectUnallocatedList(SysUser user) {
try {
BaseEntity entity = CommonDataPermissionInfo.backMissionInfo(user.getParams().get("dataScope").toString());
BeanUtils.copyProperties(entity, user);
} catch (Exception e) {
e.printStackTrace();
}
return userMapper.selectUnallocatedList(user);
}

50
bonus-modules/bonus-system/src/main/java/com/bonus/system/utils/CommonDataPermissionInfo.java Normal file
View File

@ -0,0 +1,50 @@
package com.bonus.system.utils;
import com.bonus.common.core.web.domain.BaseEntity;
import com.bonus.common.security.utils.SecurityUtils;
import com.bonus.system.api.domain.SysRole;
import com.bonus.system.api.domain.SysUser;
import com.bonus.system.api.model.LoginUser;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
public class CommonDataPermissionInfo {
public static BaseEntity backMissionInfo(String dataScope){
BaseEntity entity = new BaseEntity();
Set<Long> roleIds = new HashSet<>();
LoginUser loginUser = SecurityUtils.getLoginUser();
if (loginUser != null) {
SysUser sysUser = loginUser.getSysUser();
if (sysUser != null) {
Long deptId = sysUser.getDeptId();
entity.setNewUserId(sysUser.getUserId());
List<SysRole> roles = sysUser.getRoles();
if (roles != null) {
entity.setNewdeptId(deptId);
// 如果需要记录多个角色ID可以使用Set或List
for (SysRole role : roles) {
roleIds.add(role.getRoleId());
entity.setMissionSource(role.getDataScope());
// 只在第一次迭代时设置dataScope且dataScope不为空的情况下
if (dataScope.isEmpty() && !"".equals(role.getDataScope())) {
entity.setMissionSource(dataScope);
break;
}else if(roles.size()>1){
entity.setMissionSource(4+"");
}
// 设置角色ID集合
entity.setNewrole(roleIds);
}
}
}
}
return entity;
}
}

0
bonus-modules/bonus-system/src/main/resources/mapper/system/DataScopeMapper.xml Normal file
View File

36
bonus-modules/bonus-system/src/main/resources/mapper/system/SysRoleMapper.xml
View File

@ -20,16 +20,16 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
<result property="updateTime" column="update_time" />
<result property="remark" column="remark" />
</resultMap>
<sql id="selectRoleVo">
select distinct r.role_id, r.role_name, r.role_key, r.role_sort, r.data_scope, r.menu_check_strictly, r.dept_check_strictly,
r.status, r.del_flag, r.create_time, r.remark
r.status, r.del_flag, r.create_time, r.remark
from sys_role r
left join sys_user_role ur on ur.role_id = r.role_id
left join sys_user u on u.user_id = ur.user_id
left join sys_dept d on u.dept_id = d.dept_id
</sql>
<select id="selectRoleList" parameterType="SysRole" resultMap="SysRoleResult">
<include refid="selectRoleVo"/>
where r.del_flag = '0'
@ -52,19 +52,19 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
and date_format(r.create_time,'%y%m%d') &lt;= date_format(#{params.endTime},'%y%m%d')
</if>
<!-- 数据范围过滤 -->
${params.dataScope}
<include refid="com.bonus.system.mapper.DataScopeMapper.dataScopeFilter"/>
order by r.role_sort
</select>
<select id="selectRolePermissionByUserId" parameterType="Long" resultMap="SysRoleResult">
<include refid="selectRoleVo"/>
WHERE r.del_flag = '0' and ur.user_id = #{userId}
</select>
<select id="selectRoleAll" resultMap="SysRoleResult">
<include refid="selectRoleVo"/>
</select>
<select id="selectRoleListByUserId" parameterType="Long" resultType="Long">
select r.role_id
from sys_role r
@ -72,27 +72,27 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
left join sys_user u on u.user_id = ur.user_id
where u.user_id = #{userId}
</select>
<select id="selectRoleById" parameterType="Long" resultMap="SysRoleResult">
<include refid="selectRoleVo"/>
where r.role_id = #{roleId}
</select>
<select id="selectRolesByUserName" parameterType="String" resultMap="SysRoleResult">
<include refid="selectRoleVo"/>
WHERE r.del_flag = '0' and u.user_name = #{userName}
</select>
<select id="checkRoleNameUnique" parameterType="String" resultMap="SysRoleResult">
<include refid="selectRoleVo"/>
where r.role_name=#{roleName} and r.del_flag = '0' limit 1
</select>
<select id="checkRoleKeyUnique" parameterType="String" resultMap="SysRoleResult">
<include refid="selectRoleVo"/>
where r.role_key=#{roleKey} and r.del_flag = '0' limit 1
</select>
<insert id="insertRole" parameterType="SysRole" useGeneratedKeys="true" keyProperty="roleId">
insert into sys_role(
<if test="roleId != null and roleId != 0">role_id,</if>
@ -120,7 +120,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
sysdate()
)
</insert>
<update id="updateRole" parameterType="SysRole">
update sys_role
<set>
@ -137,16 +137,16 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
</set>
where role_id = #{roleId}
</update>
<delete id="deleteRoleById" parameterType="Long">
update sys_role set del_flag = '2' where role_id = #{roleId}
</delete>
<delete id="deleteRoleByIds" parameterType="Long">
update sys_role set del_flag = '2' where role_id in
<foreach collection="array" item="roleId" open="(" separator="," close=")">
#{roleId}
</foreach>
</foreach>
</delete>
</mapper>
</mapper>