From 5d20be2976d4f9958f98532b5adc08dbfb96ea74 Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期一, 13 四月 2020 11:58:03 +0800
Subject: [PATCH] 升级fastjson到最新版1.2.68 修复安全加固

---
 ruoyi/src/main/resources/mybatis/system/SysMenuMapper.xml |   21 +++++++++++++++++++--
 1 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/ruoyi/src/main/resources/mybatis/system/SysMenuMapper.xml b/ruoyi/src/main/resources/mybatis/system/SysMenuMapper.xml
index d233602..179a679 100644
--- a/ruoyi/src/main/resources/mybatis/system/SysMenuMapper.xml
+++ b/ruoyi/src/main/resources/mybatis/system/SysMenuMapper.xml
@@ -47,6 +47,22 @@
 		from sys_menu m where m.menu_type in ('M', 'C') and m.visible = 0
 		order by m.parent_id, m.order_num
 	</select>
+	
+	<select id="selectMenuListByUserId" parameterType="SysMenu" resultMap="SysMenuResult">
+		select distinct m.menu_id, m.parent_id, m.menu_name, m.path, m.component, m.visible, ifnull(m.perms,'') as perms, m.is_frame, m.menu_type, m.icon, m.order_num, m.create_time
+		from sys_menu m
+		left join sys_role_menu rm on m.menu_id = rm.menu_id
+		left join sys_user_role ur on rm.role_id = ur.role_id
+		left join sys_role ro on ur.role_id = ro.role_id
+		where ur.user_id = #{params.userId}
+		<if test="menuName != null and menuName != ''">
+            AND menu_name like concat('%', #{menuName}, '%')
+		</if>
+		<if test="visible != null and visible != ''">
+            AND visible = #{visible}
+		</if>
+		order by m.parent_id, m.order_num
+	</select>
     
     <select id="selectMenuTreeByUserId" parameterType="Long" resultMap="SysMenuResult">
 		select distinct m.menu_id, m.parent_id, m.menu_name, m.path, m.component, m.visible, ifnull(m.perms,'') as perms, m.is_frame, m.menu_type, m.icon, m.order_num, m.create_time
@@ -80,7 +96,8 @@
 		from sys_menu m
 			 left join sys_role_menu rm on m.menu_id = rm.menu_id
 			 left join sys_user_role ur on rm.role_id = ur.role_id
-		where ur.user_id = #{userId}
+			 left join sys_role r on r.role_id = ur.role_id
+		where m.visible = '0' and r.status = '0' and ur.user_id = #{userId}
 	</select>
 	
 	<select id="selectMenuById" parameterType="Long" resultMap="SysMenuResult">
@@ -101,7 +118,7 @@
 		update sys_menu
 		<set>
 			<if test="menuName != null and menuName != ''">menu_name = #{menuName},</if>
-			<if test="parentId != null and parentId != 0">parent_id = #{parentId},</if>
+			<if test="parentId != null">parent_id = #{parentId},</if>
 			<if test="orderNum != null and orderNum != ''">order_num = #{orderNum},</if>
 			<if test="path != null and path != ''">path = #{path},</if>
 			<if test="component != null and component != ''">component = #{component},</if>

--
Gitblit v1.9.2