From 4e8dd706d568d1276ad82a0bf8f4ba13c5dac5ef Mon Sep 17 00:00:00 2001
From: 0慕容雪0 <ytu.mxh@163.com>
Date: 星期五, 10 三月 2023 16:22:35 +0800
Subject: [PATCH] update ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java. DataScopeAspect,数据权限切面处理类中，用户多角色情况下，若所有角色都不包含传递过来的权限字符，这个时候sqlString也会为空，会导致用户拥有全部数据权限，所以要限制一下, 可以根据conditions集合是否为空，来判断循环时所有角色是否都是在判断权限字符时continue了。 复现方法: 在使用@DataScope注解时permission定义了值,这个值所有角色不包含。

---
 ruoyi-admin/src/main/java/com/ruoyi/web/controller/monitor/SysLogininforController.java |   23 +++++++++++++++++++----
 1 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/monitor/SysLogininforController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/monitor/SysLogininforController.java
index 14f57fd..f9f262e 100644
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/monitor/SysLogininforController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/monitor/SysLogininforController.java
@@ -1,11 +1,13 @@
 package com.ruoyi.web.controller.monitor;
 
 import java.util.List;
+import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import com.ruoyi.common.annotation.Log;
@@ -14,6 +16,7 @@
 import com.ruoyi.common.core.page.TableDataInfo;
 import com.ruoyi.common.enums.BusinessType;
 import com.ruoyi.common.utils.poi.ExcelUtil;
+import com.ruoyi.framework.web.service.SysPasswordService;
 import com.ruoyi.system.domain.SysLogininfor;
 import com.ruoyi.system.service.ISysLogininforService;
 
@@ -29,6 +32,9 @@
     @Autowired
     private ISysLogininforService logininforService;
 
+    @Autowired
+    private SysPasswordService passwordService;
+
     @PreAuthorize("@ss.hasPermi('monitor:logininfor:list')")
     @GetMapping("/list")
     public TableDataInfo list(SysLogininfor logininfor)
@@ -40,12 +46,12 @@
 
     @Log(title = "登录日志", businessType = BusinessType.EXPORT)
     @PreAuthorize("@ss.hasPermi('monitor:logininfor:export')")
-    @GetMapping("/export")
-    public AjaxResult export(SysLogininfor logininfor)
+    @PostMapping("/export")
+    public void export(HttpServletResponse response, SysLogininfor logininfor)
     {
         List<SysLogininfor> list = logininforService.selectLogininforList(logininfor);
         ExcelUtil<SysLogininfor> util = new ExcelUtil<SysLogininfor>(SysLogininfor.class);
-        return util.exportExcel(list, "登录日志");
+        util.exportExcel(response, list, "登录日志");
     }
 
     @PreAuthorize("@ss.hasPermi('monitor:logininfor:remove')")
@@ -62,6 +68,15 @@
     public AjaxResult clean()
     {
         logininforService.cleanLogininfor();
-        return AjaxResult.success();
+        return success();
+    }
+
+    @PreAuthorize("@ss.hasPermi('monitor:logininfor:unlock')")
+    @Log(title = "账户解锁", businessType = BusinessType.OTHER)
+    @GetMapping("/unlock/{userName}")
+    public AjaxResult unlock(@PathVariable("userName") String userName)
+    {
+        passwordService.clearLoginRecordCache(userName);
+        return success();
     }
 }

--
Gitblit v1.9.2