漏洞修复
This commit is contained in:
parent
4e8974b2f7
commit
7fe2bce7dd
|
|
@ -4,6 +4,8 @@ import java.io.Serializable;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
import com.fasterxml.jackson.annotation.JsonFormat;
|
import com.fasterxml.jackson.annotation.JsonFormat;
|
||||||
import com.fasterxml.jackson.annotation.JsonIgnore;
|
import com.fasterxml.jackson.annotation.JsonIgnore;
|
||||||
import com.fasterxml.jackson.annotation.JsonInclude;
|
import com.fasterxml.jackson.annotation.JsonInclude;
|
||||||
|
|
@ -38,10 +40,57 @@ public class BaseEntity implements Serializable
|
||||||
/** 备注 */
|
/** 备注 */
|
||||||
private String remark;
|
private String remark;
|
||||||
|
|
||||||
|
public Long getNewUserId() {
|
||||||
|
return newUserId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setNewUserId(Long newUserId) {
|
||||||
|
this.newUserId = newUserId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getMissionSource() {
|
||||||
|
return missionSource;
|
||||||
|
}
|
||||||
|
|
||||||
|
private Long newUserId;//新的用户id
|
||||||
|
|
||||||
|
private Set<Long> newrole ;//数据权限加了角色id
|
||||||
|
|
||||||
|
private Long newdeptId;//数据权限加了部门id
|
||||||
|
|
||||||
|
private String missionSource;//权限字符
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
public String getMissionSource(String missionSource) {
|
||||||
|
return missionSource;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setMissionSource(String missionSource) {
|
||||||
|
this.missionSource = missionSource;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Long getNewdeptId() {
|
||||||
|
return newdeptId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setNewdeptId(Long newdeptId) {
|
||||||
|
this.newdeptId = newdeptId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Set<Long> getNewrole() {
|
||||||
|
return newrole;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setNewrole(Set<Long> newrole) {
|
||||||
|
this.newrole = newrole;
|
||||||
|
}
|
||||||
|
|
||||||
/** 请求参数 */
|
/** 请求参数 */
|
||||||
@JsonInclude(JsonInclude.Include.NON_EMPTY)
|
@JsonInclude(JsonInclude.Include.NON_EMPTY)
|
||||||
private Map<String, Object> params;
|
private Map<String, Object> params;
|
||||||
|
|
||||||
|
|
||||||
public String getSearchValue()
|
public String getSearchValue()
|
||||||
{
|
{
|
||||||
return searchValue;
|
return searchValue;
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,6 @@
|
||||||
package com.bonus.system.controller;
|
package com.bonus.system.controller;
|
||||||
|
|
||||||
import com.bonus.common.core.domain.R;
|
import com.bonus.common.core.domain.R;
|
||||||
//import com.bonus.common.core.utils.WordUtils;
|
|
||||||
import com.bonus.common.core.utils.WordUtils;
|
import com.bonus.common.core.utils.WordUtils;
|
||||||
import com.bonus.common.core.web.controller.BaseController;
|
import com.bonus.common.core.web.controller.BaseController;
|
||||||
import com.bonus.common.core.web.domain.AjaxResult;
|
import com.bonus.common.core.web.domain.AjaxResult;
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,10 @@ import java.util.ArrayList;
|
||||||
import java.util.Iterator;
|
import java.util.Iterator;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
|
import com.bonus.common.core.web.domain.BaseEntity;
|
||||||
|
import com.bonus.system.utils.CommonDataPermissionInfo;
|
||||||
|
import org.springframework.beans.BeanUtils;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
import com.bonus.common.core.constant.UserConstants;
|
import com.bonus.common.core.constant.UserConstants;
|
||||||
|
|
@ -45,6 +49,12 @@ public class SysDeptServiceImpl implements ISysDeptService
|
||||||
@DataScope(deptAlias = "d")
|
@DataScope(deptAlias = "d")
|
||||||
public List<SysDept> selectDeptList(SysDept dept)
|
public List<SysDept> selectDeptList(SysDept dept)
|
||||||
{
|
{
|
||||||
|
try {
|
||||||
|
BaseEntity entity = CommonDataPermissionInfo.backMissionInfo(dept.getParams().get("dataScope").toString());
|
||||||
|
BeanUtils.copyProperties(entity, dept);
|
||||||
|
} catch (Exception e) {
|
||||||
|
e.printStackTrace();
|
||||||
|
}
|
||||||
return deptMapper.selectDeptList(dept);
|
return deptMapper.selectDeptList(dept);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,10 @@ import java.util.Arrays;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
|
import com.bonus.common.core.web.domain.BaseEntity;
|
||||||
|
import com.bonus.system.utils.CommonDataPermissionInfo;
|
||||||
|
import org.springframework.beans.BeanUtils;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
import org.springframework.transaction.annotation.Transactional;
|
import org.springframework.transaction.annotation.Transactional;
|
||||||
|
|
@ -55,6 +59,12 @@ public class SysRoleServiceImpl implements ISysRoleService
|
||||||
@DataScope(deptAlias = "d")
|
@DataScope(deptAlias = "d")
|
||||||
public List<SysRole> selectRoleList(SysRole role)
|
public List<SysRole> selectRoleList(SysRole role)
|
||||||
{
|
{
|
||||||
|
try {
|
||||||
|
BaseEntity entity = CommonDataPermissionInfo.backMissionInfo(role.getParams().get("dataScope").toString());
|
||||||
|
BeanUtils.copyProperties(entity, role);
|
||||||
|
} catch (Exception e) {
|
||||||
|
e.printStackTrace();
|
||||||
|
}
|
||||||
return roleMapper.selectRoleList(role);
|
return roleMapper.selectRoleList(role);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,20 +2,17 @@ package com.bonus.system.service.impl;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.concurrent.TimeUnit;
|
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
import javax.annotation.Resource;
|
|
||||||
import javax.validation.Validator;
|
import javax.validation.Validator;
|
||||||
|
|
||||||
import com.bonus.common.core.constant.CacheConstants;
|
|
||||||
import com.bonus.common.core.constant.Constants;
|
|
||||||
import com.bonus.common.core.domain.R;
|
import com.bonus.common.core.domain.R;
|
||||||
import com.bonus.common.core.utils.VerificationCodeUtils;
|
|
||||||
import com.bonus.common.core.utils.sms.SmsUtils;
|
import com.bonus.common.core.utils.sms.SmsUtils;
|
||||||
import com.bonus.common.redis.service.RedisService;
|
import com.bonus.common.core.web.domain.BaseEntity;
|
||||||
|
import com.bonus.system.utils.CommonDataPermissionInfo;
|
||||||
import org.apache.poi.ss.formula.functions.T;
|
import org.apache.poi.ss.formula.functions.T;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
import org.springframework.beans.BeanUtils;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
import org.springframework.mail.SimpleMailMessage;
|
import org.springframework.mail.SimpleMailMessage;
|
||||||
|
|
@ -95,7 +92,14 @@ public class SysUserServiceImpl implements ISysUserService {
|
||||||
@Override
|
@Override
|
||||||
@DataScope(deptAlias = "d", userAlias = "u")
|
@DataScope(deptAlias = "d", userAlias = "u")
|
||||||
public List<SysUser> selectUserList(SysUser user) {
|
public List<SysUser> selectUserList(SysUser user) {
|
||||||
return userMapper.selectUserList(user);
|
try {
|
||||||
|
BaseEntity entity = CommonDataPermissionInfo.backMissionInfo(user.getParams().get("dataScope").toString());
|
||||||
|
BeanUtils.copyProperties(entity, user);
|
||||||
|
} catch (Exception e) {
|
||||||
|
e.printStackTrace();
|
||||||
|
}
|
||||||
|
List<SysUser> sysUsers = userMapper.selectUserList(user);
|
||||||
|
return sysUsers;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -107,6 +111,12 @@ public class SysUserServiceImpl implements ISysUserService {
|
||||||
@Override
|
@Override
|
||||||
@DataScope(deptAlias = "d", userAlias = "u")
|
@DataScope(deptAlias = "d", userAlias = "u")
|
||||||
public List<SysUser> selectAllocatedList(SysUser user) {
|
public List<SysUser> selectAllocatedList(SysUser user) {
|
||||||
|
try {
|
||||||
|
BaseEntity entity = CommonDataPermissionInfo.backMissionInfo(user.getParams().get("dataScope").toString());
|
||||||
|
BeanUtils.copyProperties(entity, user);
|
||||||
|
} catch (Exception e) {
|
||||||
|
e.printStackTrace();
|
||||||
|
}
|
||||||
return userMapper.selectAllocatedList(user);
|
return userMapper.selectAllocatedList(user);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -119,6 +129,12 @@ public class SysUserServiceImpl implements ISysUserService {
|
||||||
@Override
|
@Override
|
||||||
@DataScope(deptAlias = "d", userAlias = "u")
|
@DataScope(deptAlias = "d", userAlias = "u")
|
||||||
public List<SysUser> selectUnallocatedList(SysUser user) {
|
public List<SysUser> selectUnallocatedList(SysUser user) {
|
||||||
|
try {
|
||||||
|
BaseEntity entity = CommonDataPermissionInfo.backMissionInfo(user.getParams().get("dataScope").toString());
|
||||||
|
BeanUtils.copyProperties(entity, user);
|
||||||
|
} catch (Exception e) {
|
||||||
|
e.printStackTrace();
|
||||||
|
}
|
||||||
return userMapper.selectUnallocatedList(user);
|
return userMapper.selectUnallocatedList(user);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,50 @@
|
||||||
|
package com.bonus.system.utils;
|
||||||
|
|
||||||
|
import com.bonus.common.core.web.domain.BaseEntity;
|
||||||
|
import com.bonus.common.security.utils.SecurityUtils;
|
||||||
|
import com.bonus.system.api.domain.SysRole;
|
||||||
|
import com.bonus.system.api.domain.SysUser;
|
||||||
|
import com.bonus.system.api.model.LoginUser;
|
||||||
|
|
||||||
|
import java.util.HashSet;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
|
public class CommonDataPermissionInfo {
|
||||||
|
|
||||||
|
public static BaseEntity backMissionInfo(String dataScope){
|
||||||
|
BaseEntity entity = new BaseEntity();
|
||||||
|
Set<Long> roleIds = new HashSet<>();
|
||||||
|
LoginUser loginUser = SecurityUtils.getLoginUser();
|
||||||
|
if (loginUser != null) {
|
||||||
|
SysUser sysUser = loginUser.getSysUser();
|
||||||
|
if (sysUser != null) {
|
||||||
|
Long deptId = sysUser.getDeptId();
|
||||||
|
entity.setNewUserId(sysUser.getUserId());
|
||||||
|
List<SysRole> roles = sysUser.getRoles();
|
||||||
|
if (roles != null) {
|
||||||
|
entity.setNewdeptId(deptId);
|
||||||
|
// 如果需要记录多个角色ID,可以使用Set或List
|
||||||
|
for (SysRole role : roles) {
|
||||||
|
roleIds.add(role.getRoleId());
|
||||||
|
entity.setMissionSource(role.getDataScope());
|
||||||
|
// 只在第一次迭代时设置dataScope,且dataScope不为空的情况下
|
||||||
|
if (dataScope.isEmpty() && !"".equals(role.getDataScope())) {
|
||||||
|
entity.setMissionSource(dataScope);
|
||||||
|
break;
|
||||||
|
}else if(roles.size()>1){
|
||||||
|
entity.setMissionSource(4+"");
|
||||||
|
}
|
||||||
|
|
||||||
|
// 设置角色ID集合
|
||||||
|
entity.setNewrole(roleIds);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return entity;
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -52,7 +52,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
|
||||||
and date_format(r.create_time,'%y%m%d') <= date_format(#{params.endTime},'%y%m%d')
|
and date_format(r.create_time,'%y%m%d') <= date_format(#{params.endTime},'%y%m%d')
|
||||||
</if>
|
</if>
|
||||||
<!-- 数据范围过滤 -->
|
<!-- 数据范围过滤 -->
|
||||||
${params.dataScope}
|
<include refid="com.bonus.system.mapper.DataScopeMapper.dataScopeFilter"/>
|
||||||
order by r.role_sort
|
order by r.role_sort
|
||||||
</select>
|
</select>
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue