From 4f0a584efcbe51c5c232ab6f75a8d760b15d5e03 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期五, 01 四月 2022 17:57:00 +0800
Subject: [PATCH] update springboot 2.6.5 => 2.6.6 修复 CVE-2022-22965 漏洞
---
ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysMenuServiceImpl.java | 79 ++++++++++++++++++++++++---------------
1 files changed, 48 insertions(+), 31 deletions(-)
diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysMenuServiceImpl.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysMenuServiceImpl.java
index 9c3bfeb..2f9d002 100644
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysMenuServiceImpl.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysMenuServiceImpl.java
@@ -1,14 +1,16 @@
package com.ruoyi.system.service.impl;
+import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.lang.tree.Tree;
+import cn.hutool.core.util.ObjectUtil;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.core.domain.entity.SysMenu;
import com.ruoyi.common.core.domain.entity.SysRole;
-import com.ruoyi.common.core.domain.entity.SysUser;
-import com.ruoyi.common.core.mybatisplus.core.ServicePlusImpl;
-import com.ruoyi.common.utils.SecurityUtils;
+import com.ruoyi.common.helper.LoginHelper;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.TreeBuildUtils;
import com.ruoyi.system.domain.SysRoleMenu;
@@ -18,7 +20,7 @@
import com.ruoyi.system.mapper.SysRoleMapper;
import com.ruoyi.system.mapper.SysRoleMenuMapper;
import com.ruoyi.system.service.ISysMenuService;
-import org.springframework.beans.factory.annotation.Autowired;
+import lombok.RequiredArgsConstructor;
import org.springframework.stereotype.Service;
import java.util.*;
@@ -28,14 +30,13 @@
*
* @author Lion Li
*/
+@RequiredArgsConstructor
@Service
-public class SysMenuServiceImpl extends ServicePlusImpl<SysMenuMapper, SysMenu, SysMenu> implements ISysMenuService {
+public class SysMenuServiceImpl implements ISysMenuService {
- @Autowired
- private SysRoleMapper roleMapper;
-
- @Autowired
- private SysRoleMenuMapper roleMenuMapper;
+ private final SysMenuMapper baseMapper;
+ private final SysRoleMapper roleMapper;
+ private final SysRoleMenuMapper roleMenuMapper;
/**
* 鏍规嵁鐢ㄦ埛鏌ヨ绯荤粺鑿滃崟鍒楄〃
@@ -58,16 +59,22 @@
public List<SysMenu> selectMenuList(SysMenu menu, Long userId) {
List<SysMenu> menuList = null;
// 绠$悊鍛樻樉绀烘墍鏈夎彍鍗曚俊鎭�
- if (SysUser.isAdmin(userId)) {
- menuList = list(new LambdaQueryWrapper<SysMenu>()
+ if (LoginHelper.isAdmin(userId)) {
+ menuList = baseMapper.selectList(new LambdaQueryWrapper<SysMenu>()
.like(StringUtils.isNotBlank(menu.getMenuName()), SysMenu::getMenuName, menu.getMenuName())
.eq(StringUtils.isNotBlank(menu.getVisible()), SysMenu::getVisible, menu.getVisible())
.eq(StringUtils.isNotBlank(menu.getStatus()), SysMenu::getStatus, menu.getStatus())
.orderByAsc(SysMenu::getParentId)
.orderByAsc(SysMenu::getOrderNum));
} else {
- menu.getParams().put("userId", userId);
- menuList = baseMapper.selectMenuListByUserId(menu);
+ QueryWrapper<SysMenu> wrapper = Wrappers.query();
+ wrapper.eq("ur.user_id", userId)
+ .like(StringUtils.isNotBlank(menu.getMenuName()), "m.menu_name", menu.getMenuName())
+ .eq(StringUtils.isNotBlank(menu.getVisible()), "m.visible", menu.getVisible())
+ .eq(StringUtils.isNotBlank(menu.getStatus()), "m.status", menu.getStatus())
+ .orderByAsc("m.parent_id")
+ .orderByAsc("m.order_num");
+ menuList = baseMapper.selectMenuListByUserId(wrapper);
}
return menuList;
}
@@ -99,7 +106,7 @@
@Override
public List<SysMenu> selectMenuTreeByUserId(Long userId) {
List<SysMenu> menus = null;
- if (SecurityUtils.isAdmin(userId)) {
+ if (LoginHelper.isAdmin(userId)) {
menus = baseMapper.selectMenuTreeAll();
} else {
menus = baseMapper.selectMenuTreeByUserId(userId);
@@ -116,7 +123,7 @@
@Override
public List<Long> selectMenuListByRoleId(Long roleId) {
SysRole role = roleMapper.selectById(roleId);
- return baseMapper.selectMenuListByRoleId(roleId, role.isMenuCheckStrictly());
+ return baseMapper.selectMenuListByRoleId(roleId, role.getMenuCheckStrictly());
}
/**
@@ -134,9 +141,9 @@
router.setName(getRouteName(menu));
router.setPath(getRouterPath(menu));
router.setComponent(getComponent(menu));
- router.setQuery(menu.getQuery());
+ router.setQuery(menu.getQueryParam());
router.setMeta(new MetaVo(menu.getMenuName(), menu.getIcon(), StringUtils.equals("1", menu.getIsCache()), menu.getPath()));
- List<SysMenu> cMenus = (List<SysMenu>) menu.getChildren();
+ List<SysMenu> cMenus = menu.getChildren();
if (!cMenus.isEmpty() && UserConstants.TYPE_DIR.equals(menu.getMenuType())) {
router.setAlwaysShow(true);
router.setRedirect("noRedirect");
@@ -149,15 +156,15 @@
children.setComponent(menu.getComponent());
children.setName(StringUtils.capitalize(menu.getPath()));
children.setMeta(new MetaVo(menu.getMenuName(), menu.getIcon(), StringUtils.equals("1", menu.getIsCache()), menu.getPath()));
- children.setQuery(menu.getQuery());
+ children.setQuery(menu.getQueryParam());
childrenList.add(children);
router.setChildren(childrenList);
} else if (menu.getParentId().intValue() == 0 && isInnerLink(menu)) {
router.setMeta(new MetaVo(menu.getMenuName(), menu.getIcon()));
- router.setPath("/inner");
+ router.setPath("/");
List<RouterVo> childrenList = new ArrayList<RouterVo>();
RouterVo children = new RouterVo();
- String routerPath = StringUtils.replaceEach(menu.getPath(), new String[]{Constants.HTTP, Constants.HTTPS}, new String[]{"", ""});
+ String routerPath = innerLinkReplaceEach(menu.getPath());
children.setPath(routerPath);
children.setComponent(UserConstants.INNER_LINK);
children.setName(StringUtils.capitalize(routerPath));
@@ -178,6 +185,9 @@
*/
@Override
public List<Tree<Long>> buildMenuTreeSelect(List<SysMenu> menus) {
+ if (CollUtil.isEmpty(menus)) {
+ return CollUtil.newArrayList();
+ }
return TreeBuildUtils.build(menus, (menu, tree) ->
tree.setId(menu.getMenuId())
.setParentId(menu.getParentId())
@@ -193,7 +203,7 @@
*/
@Override
public SysMenu selectMenuById(Long menuId) {
- return getById(menuId);
+ return baseMapper.selectById(menuId);
}
/**
@@ -204,8 +214,7 @@
*/
@Override
public boolean hasChildByMenuId(Long menuId) {
- long result = count(new LambdaQueryWrapper<SysMenu>().eq(SysMenu::getParentId, menuId));
- return result > 0;
+ return baseMapper.exists(new LambdaQueryWrapper<SysMenu>().eq(SysMenu::getParentId, menuId));
}
/**
@@ -216,8 +225,7 @@
*/
@Override
public boolean checkMenuExistRole(Long menuId) {
- long result = roleMenuMapper.selectCount(new LambdaQueryWrapper<SysRoleMenu>().eq(SysRoleMenu::getMenuId, menuId));
- return result > 0;
+ return roleMenuMapper.exists(new LambdaQueryWrapper<SysRoleMenu>().eq(SysRoleMenu::getMenuId, menuId));
}
/**
@@ -261,12 +269,11 @@
*/
@Override
public String checkMenuNameUnique(SysMenu menu) {
- Long menuId = StringUtils.isNull(menu.getMenuId()) ? -1L : menu.getMenuId();
- long count = count(new LambdaQueryWrapper<SysMenu>()
+ boolean exist = baseMapper.exists(new LambdaQueryWrapper<SysMenu>()
.eq(SysMenu::getMenuName, menu.getMenuName())
.eq(SysMenu::getParentId, menu.getParentId())
- .ne(SysMenu::getMenuId, menuId));
- if (count > 0) {
+ .ne(ObjectUtil.isNotNull(menu.getMenuId()), SysMenu::getMenuId, menu.getMenuId()));
+ if (exist) {
return UserConstants.NOT_UNIQUE;
}
return UserConstants.UNIQUE;
@@ -297,7 +304,7 @@
String routerPath = menu.getPath();
// 鍐呴摼鎵撳紑澶栫綉鏂瑰紡
if (menu.getParentId().intValue() != 0 && isInnerLink(menu)) {
- routerPath = StringUtils.replaceEach(routerPath, new String[]{Constants.HTTP, Constants.HTTPS}, new String[]{"", ""});
+ routerPath = innerLinkReplaceEach(routerPath);
}
// 闈炲閾惧苟涓旀槸涓�绾х洰褰曪紙绫诲瀷涓虹洰褰曪級
if (0 == menu.getParentId().intValue() && UserConstants.TYPE_DIR.equals(menu.getMenuType())
@@ -415,4 +422,14 @@
private boolean hasChild(List<SysMenu> list, SysMenu t) {
return getChildList(list, t).size() > 0;
}
+
+ /**
+ * 鍐呴摼鍩熷悕鐗规畩瀛楃鏇挎崲
+ *
+ * @return
+ */
+ public String innerLinkReplaceEach(String path) {
+ return StringUtils.replaceEach(path, new String[]{Constants.HTTP, Constants.HTTPS},
+ new String[]{"", ""});
+ }
}
--
Gitblit v1.9.3