ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java
@@ -5,12 +5,9 @@ import com.ruoyi.common.core.domain.entity.SysMenu; import com.ruoyi.common.core.domain.entity.SysUser; import com.ruoyi.common.core.domain.model.LoginBody; import com.ruoyi.common.core.domain.model.LoginUser; import com.ruoyi.common.utils.SecurityUtils; import com.ruoyi.common.utils.ServletUtils; import com.ruoyi.framework.web.service.SysLoginService; import com.ruoyi.framework.web.service.SysPermissionService; import com.ruoyi.framework.web.service.TokenService; import com.ruoyi.system.service.ISysMenuService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.GetMapping; @@ -40,9 +37,6 @@ @Autowired private SysPermissionService permissionService; @Autowired private TokenService tokenService; /** * 登录方法 * @@ -68,8 +62,7 @@ @GetMapping("getInfo") public AjaxResult getInfo() { LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest()); SysUser user = loginUser.getUser(); SysUser user = SecurityUtils.getLoginUser().getUser(); // 角色集合 Set<String> roles = permissionService.getRolePermission(user); // 权限集合 ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysProfileController.java
@@ -8,7 +8,6 @@ import com.ruoyi.common.core.domain.model.LoginUser; import com.ruoyi.common.enums.BusinessType; import com.ruoyi.common.utils.SecurityUtils; import com.ruoyi.common.utils.ServletUtils; import com.ruoyi.common.utils.StringUtils; import com.ruoyi.framework.web.service.TokenService; import com.ruoyi.system.domain.SysOss; @@ -46,7 +45,7 @@ @GetMapping public AjaxResult profile() { LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest()); LoginUser loginUser = getLoginUser(); SysUser user = loginUser.getUser(); Map<String,Object> ajax = new HashMap<>(); ajax.put("user", user); @@ -72,17 +71,17 @@ { return AjaxResult.error("修改用户'" + user.getUserName() + "'失败,邮箱账号已存在"); } LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest()); LoginUser loginUser = getLoginUser(); SysUser sysUser = loginUser.getUser(); user.setUserId(sysUser.getUserId()); user.setPassword(null); if (userService.updateUserProfile(user) > 0) { // 更新缓存用户信息 loginUser.getUser().setNickName(user.getNickName()); loginUser.getUser().setPhonenumber(user.getPhonenumber()); loginUser.getUser().setEmail(user.getEmail()); loginUser.getUser().setSex(user.getSex()); sysUser.setNickName(user.getNickName()); sysUser.setPhonenumber(user.getPhonenumber()); sysUser.setEmail(user.getEmail()); sysUser.setSex(user.getSex()); tokenService.setLoginUser(loginUser); return AjaxResult.success(); } @@ -96,7 +95,7 @@ @PutMapping("/updatePwd") public AjaxResult updatePwd(String oldPassword, String newPassword) { LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest()); LoginUser loginUser = getLoginUser(); String userName = loginUser.getUsername(); String password = loginUser.getPassword(); if (!SecurityUtils.matchesPassword(oldPassword, password)) @@ -126,7 +125,7 @@ { if (!file.isEmpty()) { LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest()); LoginUser loginUser = getLoginUser(); SysOss oss = iSysOssService.upload(file); String avatar = oss.getUrl(); if (userService.updateUserAvatar(loginUser.getUsername(), avatar)) ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java
@@ -9,7 +9,6 @@ import com.ruoyi.common.core.domain.model.LoginUser; import com.ruoyi.common.core.page.TableDataInfo; import com.ruoyi.common.enums.BusinessType; import com.ruoyi.common.utils.ServletUtils; import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.poi.ExcelUtil; import com.ruoyi.framework.web.service.SysPermissionService; @@ -115,7 +114,7 @@ if (roleService.updateRole(role) > 0) { // 更新缓存用户权限 LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest()); LoginUser loginUser = getLoginUser(); if (StringUtils.isNotNull(loginUser.getUser()) && !loginUser.getUser().isAdmin()) { loginUser.setPermissions(permissionService.getMenuPermission(loginUser.getUser())); ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
@@ -10,11 +10,9 @@ import com.ruoyi.common.core.domain.entity.SysDept; import com.ruoyi.common.core.domain.entity.SysRole; import com.ruoyi.common.core.domain.entity.SysUser; import com.ruoyi.common.core.domain.model.LoginUser; import com.ruoyi.common.core.page.TableDataInfo; import com.ruoyi.common.enums.BusinessType; import com.ruoyi.common.utils.SecurityUtils; import com.ruoyi.common.utils.ServletUtils; import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.poi.ExcelUtil; import com.ruoyi.framework.web.service.TokenService; @@ -54,9 +52,6 @@ @Autowired private ISysPostService postService; @Autowired private TokenService tokenService; /** * 获取用户列表 */ @@ -92,8 +87,7 @@ { List<SysUserImportVo> userListVo = ExcelUtil.importExcel(file.getInputStream(), SysUserImportVo.class); List<SysUser> userList = BeanUtil.copyToList(userListVo, SysUser.class); LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest()); String operName = loginUser.getUsername(); String operName = getUsername(); String message = userService.importUser(userList, updateSupport, operName); return AjaxResult.success(message); } ruoyi-common/src/main/java/com/ruoyi/common/constant/Constants.java
@@ -139,4 +139,8 @@ */ public static final String LOOKUP_RMI = "rmi://"; /** * LDAP 远程方法调用 */ public static final String LOOKUP_LDAP = "ldap://"; } ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
@@ -5,10 +5,10 @@ import com.ruoyi.common.core.domain.entity.SysRole; import com.ruoyi.common.core.domain.entity.SysUser; import com.ruoyi.common.core.domain.model.LoginUser; import com.ruoyi.common.utils.ServletUtils; import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.reflect.ReflectUtils; import com.ruoyi.common.utils.spring.SpringUtils; import com.ruoyi.common.utils.SecurityUtils; import com.ruoyi.framework.web.service.TokenService; import org.aspectj.lang.JoinPoint; import org.aspectj.lang.Signature; @@ -78,7 +78,7 @@ return; } // 获取当前的用户 LoginUser loginUser = SpringUtils.getBean(TokenService.class).getLoginUser(ServletUtils.getRequest()); LoginUser loginUser = SecurityUtils.getLoginUser(); if (StringUtils.isNotNull(loginUser)) { SysUser currentUser = loginUser.getUser(); // 如果是超级管理员,则不过滤数据 ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java
@@ -8,6 +8,7 @@ import com.ruoyi.common.utils.ServletUtils; import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.spring.SpringUtils; import com.ruoyi.common.utils.ServletUtils; import com.ruoyi.framework.web.service.AsyncService; import com.ruoyi.framework.web.service.TokenService; import com.ruoyi.system.domain.SysOperLog; @@ -83,7 +84,7 @@ } // 获取当前的用户 LoginUser loginUser = SpringUtils.getBean(TokenService.class).getLoginUser(ServletUtils.getRequest()); LoginUser loginUser = SecurityUtils.getLoginUser(); // *========数据库日志=========*// SysOperLog operLog = new SysOperLog(); ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/PermissionService.java
@@ -1,6 +1,7 @@ package com.ruoyi.framework.web.service; import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.SecurityUtils; import com.ruoyi.common.core.domain.entity.SysRole; import com.ruoyi.common.core.domain.model.LoginUser; import com.ruoyi.common.utils.ServletUtils; @@ -28,9 +29,6 @@ private static final String PERMISSION_DELIMETER = ","; @Autowired private TokenService tokenService; /** * 验证用户是否具备某权限 * @@ -43,7 +41,7 @@ { return false; } LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest()); LoginUser loginUser = SecurityUtils.getLoginUser(); if (StringUtils.isNull(loginUser) || CollectionUtils.isEmpty(loginUser.getPermissions())) { return false; @@ -74,7 +72,7 @@ { return false; } LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest()); LoginUser loginUser = SecurityUtils.getLoginUser(); if (StringUtils.isNull(loginUser) || CollectionUtils.isEmpty(loginUser.getPermissions())) { return false; @@ -102,7 +100,7 @@ { return false; } LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest()); LoginUser loginUser = SecurityUtils.getLoginUser(); if (StringUtils.isNull(loginUser) || CollectionUtils.isEmpty(loginUser.getUser().getRoles())) { return false; @@ -141,7 +139,7 @@ { return false; } LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest()); LoginUser loginUser = SecurityUtils.getLoginUser(); if (StringUtils.isNull(loginUser) || CollectionUtils.isEmpty(loginUser.getUser().getRoles())) { return false; ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java
@@ -80,6 +80,10 @@ { return error("新增任务'" + job.getJobName() + "'失败,目标字符串不允许'rmi://'调用"); } else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_LDAP)) { return error("新增任务'" + job.getJobName() + "'失败,目标字符串不允许'ldap://'调用"); } else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), new String[] { Constants.HTTP, Constants.HTTPS })) { return error("新增任务'" + job.getJobName() + "'失败,目标字符串不允许'http(s)//'调用"); @@ -104,6 +108,10 @@ { return error("修改任务'" + job.getJobName() + "'失败,目标字符串不允许'rmi://'调用"); } else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_LDAP)) { return error("修改任务'" + job.getJobName() + "'失败,目标字符串不允许'ldap://'调用"); } else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), new String[] { Constants.HTTP, Constants.HTTPS })) { return error("修改任务'" + job.getJobName() + "'失败,目标字符串不允许'http(s)//'调用"); ruoyi-ui/src/layout/index.vue
@@ -8,7 +8,7 @@ <tags-view v-if="needTagsView" /> </div> <app-main /> <right-panel v-if="showSettings"> <right-panel> <settings /> </right-panel> </div> @@ -39,7 +39,6 @@ sideTheme: state => state.settings.sideTheme, sidebar: state => state.app.sidebar, device: state => state.app.device, showSettings: state => state.settings.showSettings, needTagsView: state => state.settings.tagsView, fixedHeader: state => state.settings.fixedHeader }),
