越权日志

bns/js/public/public.js

@@ -242,7 +242,7 @@ var Ajax = function () {
         // post方式需要自己设置http的请求头，来模仿表单提交。
         // 放在open方法之后，send方法之前。
         xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
-        xhr.setRequestHeader('token', token);
+        xhr.setRequestHeader('Authorization', token);
         //xhr.setRequestHeader("key","222");    //将token放在header 里面
         if (that.headers != '') {
             xhr.setRequestHeader("encrypt", that.headers);

bns/js/system/htmlpermission.js

@@ -6,9 +6,9 @@ function getLocalpath(){
 	let usJosn=JSON.parse(us);
 	let yq=getHtmlPermission(usJosn.menus,url[1]);
 	console.log(yq)
-	if(!yq){
+	if(yq){
-		console.log(url[1])
+		addLogs(url,url[1],usJosn.nickName);
-		top.window.location.href = login_url;	
+		//top.window.location.href = login_url;	
 	}
 }
 function getHtmlPermission(menus,html){
@@ -27,3 +27,19 @@ function getHtmlPermission(menus,html){
 	}
 		return false;
 }
+function addLogs(url,urlParam,userName) {
+    $.ajax({
+        url: dataUrl + 'system/sys/logs/addLogs'  ,
+        headers: {
+			'Authorization': localStorage.getItem("tokens")
+        },
+        data: {
+            'userName': userName ,
+			'operParam': url,
+			'operMeth': urlParam
+        },
+        type: 'post',
+        success: function () {
+        }
+    });
+}

bns/js/system/public_utils.js

@@ -14,13 +14,13 @@ function error(event, xhr, settings, er){
 		console.error(settings);
 		console.error(er);
 }
-(() => {
+// (() => {
-    function ban() {
+//     function ban() {
-      setInterval(() => {
+//       setInterval(() => {
-        debugger;
+//         debugger;
-      }, 50);
+//       }, 50);
-    }
+//     }
-    try {
+//     try {
-      ban();
+//       ban();
-    } catch (err) { }
+//     } catch (err) { }
-})();
+// })();