From 098d3347a0df808908aab8c554cd7c4febc5e6d9 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期一, 26 八月 2024 11:43:59 +0800
Subject: [PATCH] !577 发布 5.2.2 正式版 安全性提升 Merge pull request !577 from 疯狂的狮子Li/dev
---
ruoyi-common/ruoyi-common-mybatis/src/main/java/org/dromara/common/mybatis/helper/DataPermissionHelper.java | 61 +++++++++++++++++++++++++++++-
1 files changed, 58 insertions(+), 3 deletions(-)
diff --git a/ruoyi-common/ruoyi-common-mybatis/src/main/java/org/dromara/common/mybatis/helper/DataPermissionHelper.java b/ruoyi-common/ruoyi-common-mybatis/src/main/java/org/dromara/common/mybatis/helper/DataPermissionHelper.java
index 7f6ab1f..932f173 100644
--- a/ruoyi-common/ruoyi-common-mybatis/src/main/java/org/dromara/common/mybatis/helper/DataPermissionHelper.java
+++ b/ruoyi-common/ruoyi-common-mybatis/src/main/java/org/dromara/common/mybatis/helper/DataPermissionHelper.java
@@ -2,14 +2,17 @@
import cn.dev33.satoken.context.SaHolder;
import cn.dev33.satoken.context.model.SaStorage;
+import cn.hutool.core.collection.CollectionUtil;
import cn.hutool.core.util.ObjectUtil;
import com.baomidou.mybatisplus.core.plugins.IgnoreStrategy;
import com.baomidou.mybatisplus.core.plugins.InterceptorIgnoreHelper;
import lombok.AccessLevel;
import lombok.NoArgsConstructor;
+import org.dromara.common.core.utils.reflect.ReflectUtils;
import java.util.HashMap;
import java.util.Map;
+import java.util.Stack;
import java.util.function.Supplier;
/**
@@ -24,17 +27,37 @@
private static final String DATA_PERMISSION_KEY = "data:permission";
+ private static final ThreadLocal<Stack<Integer>> REENTRANT_IGNORE = ThreadLocal.withInitial(Stack::new);
+
+ /**
+ * 浠庝笂涓嬫枃涓幏鍙栨寚瀹氶敭鐨勫彉閲忓�硷紝骞跺皢鍏惰浆鎹负鎸囧畾鐨勭被鍨�
+ *
+ * @param key 鍙橀噺鐨勯敭
+ * @param <T> 鍙橀噺鍊肩殑绫诲瀷
+ * @return 鎸囧畾閿殑鍙橀噺鍊硷紝濡傛灉涓嶅瓨鍦ㄥ垯杩斿洖 null
+ */
public static <T> T getVariable(String key) {
Map<String, Object> context = getContext();
return (T) context.get(key);
}
-
+ /**
+ * 鍚戜笂涓嬫枃涓缃寚瀹氶敭鐨勫彉閲忓��
+ *
+ * @param key 瑕佽缃殑鍙橀噺鐨勯敭
+ * @param value 瑕佽缃殑鍙橀噺鍊�
+ */
public static void setVariable(String key, Object value) {
Map<String, Object> context = getContext();
context.put(key, value);
}
+ /**
+ * 鑾峰彇鏁版嵁鏉冮檺涓婁笅鏂�
+ *
+ * @return 瀛樺偍鍦⊿aStorage涓殑Map瀵硅薄锛岀敤浜庡瓨鍌ㄦ暟鎹潈闄愮浉鍏崇殑涓婁笅鏂囦俊鎭�
+ * @throws NullPointerException 濡傛灉鏁版嵁鏉冮檺涓婁笅鏂囩被鍨嬪紓甯革紝鍒欐姏鍑篘ullPointerException
+ */
public static Map<String, Object> getContext() {
SaStorage saStorage = SaHolder.getStorage();
Object attribute = saStorage.get(DATA_PERMISSION_KEY);
@@ -48,18 +71,50 @@
throw new NullPointerException("data permission context type exception");
}
+ private static IgnoreStrategy getIgnoreStrategy() {
+ Object ignoreStrategyLocal = ReflectUtils.getStaticFieldValue(ReflectUtils.getField(InterceptorIgnoreHelper.class, "IGNORE_STRATEGY_LOCAL"));
+ if (ignoreStrategyLocal instanceof ThreadLocal<?> IGNORE_STRATEGY_LOCAL) {
+ if (IGNORE_STRATEGY_LOCAL.get() instanceof IgnoreStrategy ignoreStrategy) {
+ return ignoreStrategy;
+ }
+ }
+ return null;
+ }
+
/**
* 寮�鍚拷鐣ユ暟鎹潈闄�(寮�鍚悗闇�鎵嬪姩璋冪敤 {@link #disableIgnore()} 鍏抽棴)
*/
public static void enableIgnore() {
- InterceptorIgnoreHelper.handle(IgnoreStrategy.builder().dataPermission(true).build());
+ IgnoreStrategy ignoreStrategy = getIgnoreStrategy();
+ if (ObjectUtil.isNull(ignoreStrategy)) {
+ InterceptorIgnoreHelper.handle(IgnoreStrategy.builder().dataPermission(true).build());
+ } else {
+ ignoreStrategy.setDataPermission(true);
+ }
+ Stack<Integer> reentrantStack = REENTRANT_IGNORE.get();
+ reentrantStack.push(reentrantStack.size() + 1);
}
/**
* 鍏抽棴蹇界暐鏁版嵁鏉冮檺
*/
public static void disableIgnore() {
- InterceptorIgnoreHelper.clearIgnoreStrategy();
+ IgnoreStrategy ignoreStrategy = getIgnoreStrategy();
+ if (ObjectUtil.isNotNull(ignoreStrategy)) {
+ boolean noOtherIgnoreStrategy = !Boolean.TRUE.equals(ignoreStrategy.getDynamicTableName())
+ && !Boolean.TRUE.equals(ignoreStrategy.getBlockAttack())
+ && !Boolean.TRUE.equals(ignoreStrategy.getIllegalSql())
+ && !Boolean.TRUE.equals(ignoreStrategy.getTenantLine())
+ && CollectionUtil.isEmpty(ignoreStrategy.getOthers());
+ Stack<Integer> reentrantStack = REENTRANT_IGNORE.get();
+ boolean empty = reentrantStack.isEmpty() || reentrantStack.pop() == 1;
+ if (noOtherIgnoreStrategy && empty) {
+ InterceptorIgnoreHelper.clearIgnoreStrategy();
+ } else if (empty) {
+ ignoreStrategy.setDataPermission(false);
+ }
+
+ }
}
/**
--
Gitblit v1.9.3