漏洞修复
This commit is contained in:
parent
4e8974b2f7
commit
7fe2bce7dd
|
|
@ -4,6 +4,8 @@ import java.io.Serializable;
|
|||
import java.util.Date;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import com.fasterxml.jackson.annotation.JsonFormat;
|
||||
import com.fasterxml.jackson.annotation.JsonIgnore;
|
||||
import com.fasterxml.jackson.annotation.JsonInclude;
|
||||
|
|
@ -38,10 +40,57 @@ public class BaseEntity implements Serializable
|
|||
/** 备注 */
|
||||
private String remark;
|
||||
|
||||
public Long getNewUserId() {
|
||||
return newUserId;
|
||||
}
|
||||
|
||||
public void setNewUserId(Long newUserId) {
|
||||
this.newUserId = newUserId;
|
||||
}
|
||||
|
||||
public String getMissionSource() {
|
||||
return missionSource;
|
||||
}
|
||||
|
||||
private Long newUserId;//新的用户id
|
||||
|
||||
private Set<Long> newrole ;//数据权限加了角色id
|
||||
|
||||
private Long newdeptId;//数据权限加了部门id
|
||||
|
||||
private String missionSource;//权限字符
|
||||
|
||||
|
||||
|
||||
public String getMissionSource(String missionSource) {
|
||||
return missionSource;
|
||||
}
|
||||
|
||||
public void setMissionSource(String missionSource) {
|
||||
this.missionSource = missionSource;
|
||||
}
|
||||
|
||||
public Long getNewdeptId() {
|
||||
return newdeptId;
|
||||
}
|
||||
|
||||
public void setNewdeptId(Long newdeptId) {
|
||||
this.newdeptId = newdeptId;
|
||||
}
|
||||
|
||||
public Set<Long> getNewrole() {
|
||||
return newrole;
|
||||
}
|
||||
|
||||
public void setNewrole(Set<Long> newrole) {
|
||||
this.newrole = newrole;
|
||||
}
|
||||
|
||||
/** 请求参数 */
|
||||
@JsonInclude(JsonInclude.Include.NON_EMPTY)
|
||||
private Map<String, Object> params;
|
||||
|
||||
|
||||
public String getSearchValue()
|
||||
{
|
||||
return searchValue;
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
package com.bonus.system.controller;
|
||||
|
||||
import com.bonus.common.core.domain.R;
|
||||
//import com.bonus.common.core.utils.WordUtils;
|
||||
import com.bonus.common.core.utils.WordUtils;
|
||||
import com.bonus.common.core.web.controller.BaseController;
|
||||
import com.bonus.common.core.web.domain.AjaxResult;
|
||||
|
|
|
|||
|
|
@ -4,6 +4,10 @@ import java.util.ArrayList;
|
|||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import com.bonus.common.core.web.domain.BaseEntity;
|
||||
import com.bonus.system.utils.CommonDataPermissionInfo;
|
||||
import org.springframework.beans.BeanUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
import com.bonus.common.core.constant.UserConstants;
|
||||
|
|
@ -45,6 +49,12 @@ public class SysDeptServiceImpl implements ISysDeptService
|
|||
@DataScope(deptAlias = "d")
|
||||
public List<SysDept> selectDeptList(SysDept dept)
|
||||
{
|
||||
try {
|
||||
BaseEntity entity = CommonDataPermissionInfo.backMissionInfo(dept.getParams().get("dataScope").toString());
|
||||
BeanUtils.copyProperties(entity, dept);
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
return deptMapper.selectDeptList(dept);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,10 @@ import java.util.Arrays;
|
|||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
import com.bonus.common.core.web.domain.BaseEntity;
|
||||
import com.bonus.system.utils.CommonDataPermissionInfo;
|
||||
import org.springframework.beans.BeanUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
|
|
@ -55,6 +59,12 @@ public class SysRoleServiceImpl implements ISysRoleService
|
|||
@DataScope(deptAlias = "d")
|
||||
public List<SysRole> selectRoleList(SysRole role)
|
||||
{
|
||||
try {
|
||||
BaseEntity entity = CommonDataPermissionInfo.backMissionInfo(role.getParams().get("dataScope").toString());
|
||||
BeanUtils.copyProperties(entity, role);
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
return roleMapper.selectRoleList(role);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -2,20 +2,17 @@ package com.bonus.system.service.impl;
|
|||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
import java.util.stream.Collectors;
|
||||
import javax.annotation.Resource;
|
||||
import javax.validation.Validator;
|
||||
|
||||
import com.bonus.common.core.constant.CacheConstants;
|
||||
import com.bonus.common.core.constant.Constants;
|
||||
import com.bonus.common.core.domain.R;
|
||||
import com.bonus.common.core.utils.VerificationCodeUtils;
|
||||
import com.bonus.common.core.utils.sms.SmsUtils;
|
||||
import com.bonus.common.redis.service.RedisService;
|
||||
import com.bonus.common.core.web.domain.BaseEntity;
|
||||
import com.bonus.system.utils.CommonDataPermissionInfo;
|
||||
import org.apache.poi.ss.formula.functions.T;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.BeanUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.mail.SimpleMailMessage;
|
||||
|
|
@ -95,7 +92,14 @@ public class SysUserServiceImpl implements ISysUserService {
|
|||
@Override
|
||||
@DataScope(deptAlias = "d", userAlias = "u")
|
||||
public List<SysUser> selectUserList(SysUser user) {
|
||||
return userMapper.selectUserList(user);
|
||||
try {
|
||||
BaseEntity entity = CommonDataPermissionInfo.backMissionInfo(user.getParams().get("dataScope").toString());
|
||||
BeanUtils.copyProperties(entity, user);
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
List<SysUser> sysUsers = userMapper.selectUserList(user);
|
||||
return sysUsers;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -107,6 +111,12 @@ public class SysUserServiceImpl implements ISysUserService {
|
|||
@Override
|
||||
@DataScope(deptAlias = "d", userAlias = "u")
|
||||
public List<SysUser> selectAllocatedList(SysUser user) {
|
||||
try {
|
||||
BaseEntity entity = CommonDataPermissionInfo.backMissionInfo(user.getParams().get("dataScope").toString());
|
||||
BeanUtils.copyProperties(entity, user);
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
return userMapper.selectAllocatedList(user);
|
||||
}
|
||||
|
||||
|
|
@ -119,6 +129,12 @@ public class SysUserServiceImpl implements ISysUserService {
|
|||
@Override
|
||||
@DataScope(deptAlias = "d", userAlias = "u")
|
||||
public List<SysUser> selectUnallocatedList(SysUser user) {
|
||||
try {
|
||||
BaseEntity entity = CommonDataPermissionInfo.backMissionInfo(user.getParams().get("dataScope").toString());
|
||||
BeanUtils.copyProperties(entity, user);
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
return userMapper.selectUnallocatedList(user);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,50 @@
|
|||
package com.bonus.system.utils;
|
||||
|
||||
import com.bonus.common.core.web.domain.BaseEntity;
|
||||
import com.bonus.common.security.utils.SecurityUtils;
|
||||
import com.bonus.system.api.domain.SysRole;
|
||||
import com.bonus.system.api.domain.SysUser;
|
||||
import com.bonus.system.api.model.LoginUser;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
public class CommonDataPermissionInfo {
|
||||
|
||||
public static BaseEntity backMissionInfo(String dataScope){
|
||||
BaseEntity entity = new BaseEntity();
|
||||
Set<Long> roleIds = new HashSet<>();
|
||||
LoginUser loginUser = SecurityUtils.getLoginUser();
|
||||
if (loginUser != null) {
|
||||
SysUser sysUser = loginUser.getSysUser();
|
||||
if (sysUser != null) {
|
||||
Long deptId = sysUser.getDeptId();
|
||||
entity.setNewUserId(sysUser.getUserId());
|
||||
List<SysRole> roles = sysUser.getRoles();
|
||||
if (roles != null) {
|
||||
entity.setNewdeptId(deptId);
|
||||
// 如果需要记录多个角色ID,可以使用Set或List
|
||||
for (SysRole role : roles) {
|
||||
roleIds.add(role.getRoleId());
|
||||
entity.setMissionSource(role.getDataScope());
|
||||
// 只在第一次迭代时设置dataScope,且dataScope不为空的情况下
|
||||
if (dataScope.isEmpty() && !"".equals(role.getDataScope())) {
|
||||
entity.setMissionSource(dataScope);
|
||||
break;
|
||||
}else if(roles.size()>1){
|
||||
entity.setMissionSource(4+"");
|
||||
}
|
||||
|
||||
// 设置角色ID集合
|
||||
entity.setNewrole(roleIds);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return entity;
|
||||
|
||||
}
|
||||
}
|
||||
|
|
@ -52,7 +52,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
|
|||
and date_format(r.create_time,'%y%m%d') <= date_format(#{params.endTime},'%y%m%d')
|
||||
</if>
|
||||
<!-- 数据范围过滤 -->
|
||||
${params.dataScope}
|
||||
<include refid="com.bonus.system.mapper.DataScopeMapper.dataScopeFilter"/>
|
||||
order by r.role_sort
|
||||
</select>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue