From 9ed5b521d613edb51b160cca931ee680019e2896 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期二, 07 三月 2023 22:26:13 +0800
Subject: [PATCH] fix 修复 用户密码暴露问题
---
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysMenuController.java | 45 +++++++++++++++++++++++++++++++++++++++++++--
1 files changed, 43 insertions(+), 2 deletions(-)
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysMenuController.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysMenuController.java
index b40acbb..8a19b5d 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysMenuController.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysMenuController.java
@@ -1,7 +1,10 @@
package com.ruoyi.system.controller.system;
import cn.dev33.satoken.annotation.SaCheckPermission;
+import cn.dev33.satoken.annotation.SaCheckRole;
+import cn.dev33.satoken.annotation.SaMode;
import cn.hutool.core.lang.tree.Tree;
+import com.ruoyi.common.core.constant.TenantConstants;
import com.ruoyi.common.core.constant.UserConstants;
import com.ruoyi.common.core.domain.R;
import com.ruoyi.common.core.utils.StringUtils;
@@ -35,6 +38,10 @@
/**
* 鑾峰彇鑿滃崟鍒楄〃
*/
+ @SaCheckRole(value = {
+ TenantConstants.SUPER_ADMIN_ROLE_KEY,
+ TenantConstants.TENANT_ADMIN_ROLE_KEY
+ }, mode = SaMode.OR)
@SaCheckPermission("system:menu:list")
@GetMapping("/list")
public R<List<SysMenuVo>> list(SysMenuBo menu) {
@@ -47,6 +54,10 @@
*
* @param menuId 鑿滃崟ID
*/
+ @SaCheckRole(value = {
+ TenantConstants.SUPER_ADMIN_ROLE_KEY,
+ TenantConstants.TENANT_ADMIN_ROLE_KEY
+ }, mode = SaMode.OR)
@SaCheckPermission("system:menu:query")
@GetMapping(value = "/{menuId}")
public R<SysMenuVo> getInfo(@PathVariable Long menuId) {
@@ -56,6 +67,11 @@
/**
* 鑾峰彇鑿滃崟涓嬫媺鏍戝垪琛�
*/
+ @SaCheckRole(value = {
+ TenantConstants.SUPER_ADMIN_ROLE_KEY,
+ TenantConstants.TENANT_ADMIN_ROLE_KEY
+ }, mode = SaMode.OR)
+ @SaCheckPermission("system:menu:query")
@GetMapping("/treeselect")
public R<List<Tree<Long>>> treeselect(SysMenuBo menu) {
List<SysMenuVo> menus = menuService.selectMenuList(menu, LoginHelper.getUserId());
@@ -67,6 +83,11 @@
*
* @param roleId 瑙掕壊ID
*/
+ @SaCheckRole(value = {
+ TenantConstants.SUPER_ADMIN_ROLE_KEY,
+ TenantConstants.TENANT_ADMIN_ROLE_KEY
+ }, mode = SaMode.OR)
+ @SaCheckPermission("system:menu:query")
@GetMapping(value = "/roleMenuTreeselect/{roleId}")
public R<MenuTreeSelectVo> roleMenuTreeselect(@PathVariable("roleId") Long roleId) {
List<SysMenuVo> menus = menuService.selectMenuList(LoginHelper.getUserId());
@@ -77,13 +98,30 @@
}
/**
+ * 鍔犺浇瀵瑰簲绉熸埛濂楅鑿滃崟鍒楄〃鏍�
+ *
+ * @param packageId 绉熸埛濂楅ID
+ */
+ @SaCheckRole(TenantConstants.SUPER_ADMIN_ROLE_KEY)
+ @SaCheckPermission("system:menu:query")
+ @GetMapping(value = "/tenantPackageMenuTreeselect/{packageId}")
+ public R<MenuTreeSelectVo> tenantPackageMenuTreeselect(@PathVariable("packageId") Long packageId) {
+ List<SysMenuVo> menus = menuService.selectMenuList(LoginHelper.getUserId());
+ MenuTreeSelectVo selectVo = new MenuTreeSelectVo();
+ selectVo.setCheckedKeys(menuService.selectMenuListByPackageId(packageId));
+ selectVo.setMenus(menuService.buildMenuTreeSelect(menus));
+ return R.ok(selectVo);
+ }
+
+ /**
* 鏂板鑿滃崟
*/
+ @SaCheckRole(TenantConstants.SUPER_ADMIN_ROLE_KEY)
@SaCheckPermission("system:menu:add")
@Log(title = "鑿滃崟绠$悊", businessType = BusinessType.INSERT)
@PostMapping
public R<Void> add(@Validated @RequestBody SysMenuBo menu) {
- if (UserConstants.NOT_UNIQUE.equals(menuService.checkMenuNameUnique(menu))) {
+ if (!menuService.checkMenuNameUnique(menu)) {
return R.fail("鏂板鑿滃崟'" + menu.getMenuName() + "'澶辫触锛岃彍鍗曞悕绉板凡瀛樺湪");
} else if (UserConstants.YES_FRAME.equals(menu.getIsFrame()) && !StringUtils.ishttp(menu.getPath())) {
return R.fail("鏂板鑿滃崟'" + menu.getMenuName() + "'澶辫触锛屽湴鍧�蹇呴』浠ttp(s)://寮�澶�");
@@ -94,11 +132,12 @@
/**
* 淇敼鑿滃崟
*/
+ @SaCheckRole(TenantConstants.SUPER_ADMIN_ROLE_KEY)
@SaCheckPermission("system:menu:edit")
@Log(title = "鑿滃崟绠$悊", businessType = BusinessType.UPDATE)
@PutMapping
public R<Void> edit(@Validated @RequestBody SysMenuBo menu) {
- if (UserConstants.NOT_UNIQUE.equals(menuService.checkMenuNameUnique(menu))) {
+ if (!menuService.checkMenuNameUnique(menu)) {
return R.fail("淇敼鑿滃崟'" + menu.getMenuName() + "'澶辫触锛岃彍鍗曞悕绉板凡瀛樺湪");
} else if (UserConstants.YES_FRAME.equals(menu.getIsFrame()) && !StringUtils.ishttp(menu.getPath())) {
return R.fail("淇敼鑿滃崟'" + menu.getMenuName() + "'澶辫触锛屽湴鍧�蹇呴』浠ttp(s)://寮�澶�");
@@ -113,6 +152,7 @@
*
* @param menuId 鑿滃崟ID
*/
+ @SaCheckRole(TenantConstants.SUPER_ADMIN_ROLE_KEY)
@SaCheckPermission("system:menu:remove")
@Log(title = "鑿滃崟绠$悊", businessType = BusinessType.DELETE)
@DeleteMapping("/{menuId}")
@@ -125,4 +165,5 @@
}
return toAjax(menuService.deleteMenuById(menuId));
}
+
}
--
Gitblit v1.9.3