From 4e8dd706d568d1276ad82a0bf8f4ba13c5dac5ef Mon Sep 17 00:00:00 2001
From: 0慕容雪0 <ytu.mxh@163.com>
Date: 星期五, 10 三月 2023 16:22:35 +0800
Subject: [PATCH] update ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java. DataScopeAspect,数据权限切面处理类中,用户多角色情况下,若所有角色都不包含传递过来的权限字符,这个时候sqlString也会为空,会导致用户拥有全部数据权限,所以要限制一下, 可以根据conditions集合是否为空,来判断循环时所有角色是否都是在判断权限字符时continue了。 复现方法: 在使用@DataScope注解时permission定义了值,这个值所有角色不包含。
---
ruoyi-framework/src/main/java/com/ruoyi/framework/config/ResourcesConfig.java | 37 ++++++++++++++++++++++++++++++++++---
1 files changed, 34 insertions(+), 3 deletions(-)
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/ResourcesConfig.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/ResourcesConfig.java
index 2e120aa..4e067a7 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/ResourcesConfig.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/ResourcesConfig.java
@@ -1,7 +1,13 @@
package com.ruoyi.framework.config;
+import java.util.concurrent.TimeUnit;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
+import org.springframework.http.CacheControl;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@@ -24,11 +30,13 @@
public void addResourceHandlers(ResourceHandlerRegistry registry)
{
/** 本地文件上传路径 */
- registry.addResourceHandler(Constants.RESOURCE_PREFIX + "/**").addResourceLocations("file:" + RuoYiConfig.getProfile() + "/");
+ registry.addResourceHandler(Constants.RESOURCE_PREFIX + "/**")
+ .addResourceLocations("file:" + RuoYiConfig.getProfile() + "/");
/** swagger配置 */
- registry.addResourceHandler("swagger-ui.html").addResourceLocations("classpath:/META-INF/resources/");
- registry.addResourceHandler("/webjars/**").addResourceLocations("classpath:/META-INF/resources/webjars/");
+ registry.addResourceHandler("/swagger-ui/**")
+ .addResourceLocations("classpath:/META-INF/resources/webjars/springfox-swagger-ui/")
+ .setCacheControl(CacheControl.maxAge(5, TimeUnit.HOURS).cachePublic());;
}
/**
@@ -39,4 +47,27 @@
{
registry.addInterceptor(repeatSubmitInterceptor).addPathPatterns("/**");
}
+
+ /**
+ * 跨域配置
+ */
+ @Bean
+ public CorsFilter corsFilter()
+ {
+ CorsConfiguration config = new CorsConfiguration();
+ config.setAllowCredentials(true);
+ // 设置访问源地址
+ config.addAllowedOriginPattern("*");
+ // 设置访问源请求头
+ config.addAllowedHeader("*");
+ // 设置访问源请求方法
+ config.addAllowedMethod("*");
+ // 有效期 1800秒
+ config.setMaxAge(1800L);
+ // 添加映射路径,拦截一切请求
+ UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+ source.registerCorsConfiguration("/**", config);
+ // 返回新的CorsFilter
+ return new CorsFilter(source);
+ }
}
\ No newline at end of file
--
Gitblit v1.9.2