From 6b5dd4d2be69759a8a2452195d0fb0b0ef52e72a Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期三, 28 七月 2021 16:04:59 +0800
Subject: [PATCH] 优化XSS跨站脚本过滤
---
ruoyi-ui/src/views/system/menu/index.vue | 213 +++++++++++++++++++++++++++++++++++++++-------------
1 files changed, 159 insertions(+), 54 deletions(-)
diff --git a/ruoyi-ui/src/views/system/menu/index.vue b/ruoyi-ui/src/views/system/menu/index.vue
index 0cf7d60..059f8d8 100644
--- a/ruoyi-ui/src/views/system/menu/index.vue
+++ b/ruoyi-ui/src/views/system/menu/index.vue
@@ -1,7 +1,7 @@
<template>
<div class="app-container">
- <el-form :inline="true">
- <el-form-item label="菜单名称">
+ <el-form :model="queryParams" ref="queryForm" :inline="true" v-show="showSearch">
+ <el-form-item label="菜单名称" prop="menuName">
<el-input
v-model="queryParams.menuName"
placeholder="请输入菜单名称"
@@ -10,10 +10,10 @@
@keyup.enter.native="handleQuery"
/>
</el-form-item>
- <el-form-item label="状态">
- <el-select v-model="queryParams.visible" placeholder="菜单状态" clearable size="small">
+ <el-form-item label="状态" prop="status">
+ <el-select v-model="queryParams.status" placeholder="菜单状态" clearable size="small">
<el-option
- v-for="dict in visibleOptions"
+ v-for="dict in statusOptions"
:key="dict.dictValue"
:label="dict.dictLabel"
:value="dict.dictValue"
@@ -22,9 +22,23 @@
</el-form-item>
<el-form-item>
<el-button type="primary" icon="el-icon-search" size="mini" @click="handleQuery">搜索</el-button>
- <el-button type="primary" icon="el-icon-plus" size="mini" @click="handleAdd" v-hasPermi="['system:menu:add']">新增</el-button>
+ <el-button icon="el-icon-refresh" size="mini" @click="resetQuery">重置</el-button>
</el-form-item>
</el-form>
+
+ <el-row :gutter="10" class="mb8">
+ <el-col :span="1.5">
+ <el-button
+ type="primary"
+ plain
+ icon="el-icon-plus"
+ size="mini"
+ @click="handleAdd"
+ v-hasPermi="['system:menu:add']"
+ >新增</el-button>
+ </el-col>
+ <right-toolbar :showSearch.sync="showSearch" @queryTable="getList"></right-toolbar>
+ </el-row>
<el-table
v-loading="loading"
@@ -32,22 +46,22 @@
row-key="menuId"
:tree-props="{children: 'children', hasChildren: 'hasChildren'}"
>
- <el-table-column prop="menuName" label="菜单名称" :show-overflow-tooltip="true" width="130px"></el-table-column>
- <el-table-column prop="icon" label="图标" align="center" width="100px">
+ <el-table-column prop="menuName" label="菜单名称" :show-overflow-tooltip="true" width="160"></el-table-column>
+ <el-table-column prop="icon" label="图标" align="center" width="100">
<template slot-scope="scope">
<svg-icon :icon-class="scope.row.icon" />
</template>
</el-table-column>
- <el-table-column prop="orderNum" label="排序" width="60px"></el-table-column>
- <el-table-column prop="perms" label="权限标识" width="130px" :show-overflow-tooltip="true"></el-table-column>
- <el-table-column prop="component" label="组件路径" width="180px" :show-overflow-tooltip="true"></el-table-column>
- <el-table-column prop="visible" label=" 可见" :formatter="visibleFormat" width="80px"></el-table-column>
- <el-table-column label="创建时间" align="center" prop="createTime" width="180">
+ <el-table-column prop="orderNum" label="排序" width="60"></el-table-column>
+ <el-table-column prop="perms" label="权限标识" :show-overflow-tooltip="true"></el-table-column>
+ <el-table-column prop="component" label="组件路径" :show-overflow-tooltip="true"></el-table-column>
+ <el-table-column prop="status" label="状态" :formatter="statusFormat" width="80"></el-table-column>
+ <el-table-column label="创建时间" align="center" prop="createTime">
<template slot-scope="scope">
- <span>{{ dateFormat(scope.row.createTime) }}</span>
+ <span>{{ parseTime(scope.row.createTime) }}</span>
</template>
</el-table-column>
- <el-table-column label="操作" align="center" width="180" class-name="small-padding fixed-width">
+ <el-table-column label="操作" align="center" class-name="small-padding fixed-width">
<template slot-scope="scope">
<el-button size="mini"
type="text"
@@ -63,7 +77,6 @@
v-hasPermi="['system:menu:add']"
>新增</el-button>
<el-button
- v-if="scope.row.parentId != 0"
size="mini"
type="text"
icon="el-icon-delete"
@@ -75,14 +88,15 @@
</el-table>
<!-- 添加或修改菜单对话框 -->
- <el-dialog :title="title" :visible.sync="open" width="600px">
- <el-form ref="form" :model="form" :rules="rules" label-width="80px">
+ <el-dialog :title="title" :visible.sync="open" width="600px" append-to-body>
+ <el-form ref="form" :model="form" :rules="rules" label-width="100px">
<el-row>
- <el-col :span="24" v-if="form.parentId !== 0">
- <el-form-item label="上级菜单" prop="parentId">
+ <el-col :span="24">
+ <el-form-item label="上级菜单">
<treeselect
v-model="form.parentId"
:options="menuOptions"
+ :normalizer="normalizer"
:show-count="true"
placeholder="选择上级菜单"
/>
@@ -130,7 +144,13 @@
</el-form-item>
</el-col>
<el-col :span="12">
- <el-form-item v-if="form.menuType != 'F'" label="是否外链">
+ <el-form-item v-if="form.menuType != 'F'">
+ <span slot="label">
+ <el-tooltip content="选择是外链则路由地址需要以`http(s)://`开头" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 是否外链
+ </span>
<el-radio-group v-model="form.isFrame">
<el-radio label="0">是</el-radio>
<el-radio label="1">否</el-radio>
@@ -138,28 +158,83 @@
</el-form-item>
</el-col>
<el-col :span="12">
- <el-form-item v-if="form.menuType != 'F'" label="路由地址" prop="path">
+ <el-form-item v-if="form.menuType != 'F'" prop="path">
+ <span slot="label">
+ <el-tooltip content="访问的路由地址,如:`user`,如外网地址需内链访问则以`http(s)://`开头" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 路由地址
+ </span>
<el-input v-model="form.path" placeholder="请输入路由地址" />
</el-form-item>
</el-col>
<el-col :span="12" v-if="form.menuType == 'C'">
- <el-form-item label="组件路径" prop="component">
+ <el-form-item prop="component">
+ <span slot="label">
+ <el-tooltip content="访问的组件路径,如:`system/user/index`,默认在`views`目录下" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 组件路径
+ </span>
<el-input v-model="form.component" placeholder="请输入组件路径" />
</el-form-item>
</el-col>
<el-col :span="12">
- <el-form-item v-if="form.menuType != 'M'" label="权限标识">
- <el-input v-model="form.perms" placeholder="请权限标识" maxlength="50" />
+ <el-form-item v-if="form.menuType != 'M'">
+ <el-input v-model="form.perms" placeholder="请输入权限标识" maxlength="100" />
+ <span slot="label">
+ <el-tooltip content="控制器中定义的权限字符,如:@PreAuthorize(`@ss.hasPermi('system:user:list')`)" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 权限字符
+ </span>
</el-form-item>
</el-col>
- <el-col :span="24">
- <el-form-item v-if="form.menuType != 'F'" label="菜单状态">
+ <el-col :span="12">
+ <el-form-item v-if="form.menuType != 'F'">
+ <span slot="label">
+ <el-tooltip content="选择隐藏则路由将不会出现在侧边栏,但仍然可以访问" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 显示状态
+ </span>
<el-radio-group v-model="form.visible">
<el-radio
v-for="dict in visibleOptions"
:key="dict.dictValue"
:label="dict.dictValue"
>{{dict.dictLabel}}</el-radio>
+ </el-radio-group>
+ </el-form-item>
+ </el-col>
+ <el-col :span="12">
+ <el-form-item v-if="form.menuType != 'F'">
+ <span slot="label">
+ <el-tooltip content="选择停用则路由将不会出现在侧边栏,也不能被访问" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 菜单状态
+ </span>
+ <el-radio-group v-model="form.status">
+ <el-radio
+ v-for="dict in statusOptions"
+ :key="dict.dictValue"
+ :label="dict.dictValue"
+ >{{dict.dictLabel}}</el-radio>
+ </el-radio-group>
+ </el-form-item>
+ </el-col>
+ <el-col :span="12">
+ <el-form-item v-if="form.menuType == 'C'">
+ <span slot="label">
+ <el-tooltip content="选择是则会被`keep-alive`缓存,需要匹配组件的`name`和地址保持一致" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 是否缓存
+ </span>
+ <el-radio-group v-model="form.isCache">
+ <el-radio label="0">缓存</el-radio>
+ <el-radio label="1">不缓存</el-radio>
</el-radio-group>
</el-form-item>
</el-col>
@@ -174,27 +249,32 @@
</template>
<script>
-import { listMenu, getMenu, treeselect, delMenu, addMenu, updateMenu } from "@/api/system/menu";
+import { listMenu, getMenu, delMenu, addMenu, updateMenu } from "@/api/system/menu";
import Treeselect from "@riophae/vue-treeselect";
import "@riophae/vue-treeselect/dist/vue-treeselect.css";
import IconSelect from "@/components/IconSelect";
export default {
+ name: "Menu",
components: { Treeselect, IconSelect },
data() {
return {
// 遮罩层
loading: true,
+ // 显示搜索条件
+ showSearch: true,
// 菜单表格树数据
menuList: [],
// 菜单树选项
- menuOptions: undefined,
+ menuOptions: [],
// 弹出层标题
title: "",
// 是否显示弹出层
open: false,
- // 菜单状态数据字典
+ // 显示状态数据字典
visibleOptions: [],
+ // 菜单状态数据字典
+ statusOptions: [],
// 查询参数
queryParams: {
menuName: undefined,
@@ -204,14 +284,14 @@
form: {},
// 表单校验
rules: {
- parentId: [
- { required: true, message: "上级菜单不能为空", trigger: "blur" }
- ],
menuName: [
{ required: true, message: "菜单名称不能为空", trigger: "blur" }
],
orderNum: [
{ required: true, message: "菜单顺序不能为空", trigger: "blur" }
+ ],
+ path: [
+ { required: true, message: "路由地址不能为空", trigger: "blur" }
]
}
};
@@ -220,6 +300,9 @@
this.getList();
this.getDicts("sys_show_hide").then(response => {
this.visibleOptions = response.data;
+ });
+ this.getDicts("sys_normal_disable").then(response => {
+ this.statusOptions = response.data;
});
},
methods: {
@@ -231,22 +314,43 @@
getList() {
this.loading = true;
listMenu(this.queryParams).then(response => {
- this.menuList = response.data;
+ this.menuList = this.handleTree(response.data, "menuId");
this.loading = false;
});
},
+ /** 转换菜单数据结构 */
+ normalizer(node) {
+ if (node.children && !node.children.length) {
+ delete node.children;
+ }
+ return {
+ id: node.menuId,
+ label: node.menuName,
+ children: node.children
+ };
+ },
/** 查询菜单下拉树结构 */
getTreeselect() {
- treeselect().then(response => {
- this.menuOptions = response.data;
+ listMenu().then(response => {
+ this.menuOptions = [];
+ const menu = { menuId: 0, menuName: '主类目', children: [] };
+ menu.children = this.handleTree(response.data, "menuId");
+ this.menuOptions.push(menu);
});
},
- // 菜单显示状态字典翻译
+ // 显示状态字典翻译
visibleFormat(row, column) {
if (row.menuType == "F") {
return "";
}
return this.selectDictLabel(this.visibleOptions, row.visible);
+ },
+ // 菜单状态字典翻译
+ statusFormat(row, column) {
+ if (row.menuType == "F") {
+ return "";
+ }
+ return this.selectDictLabel(this.statusOptions, row.status);
},
// 取消按钮
cancel() {
@@ -263,7 +367,9 @@
menuType: "M",
orderNum: undefined,
isFrame: "1",
- visible: "0"
+ isCache: "0",
+ visible: "0",
+ status: "0"
};
this.resetForm("form");
},
@@ -271,12 +377,19 @@
handleQuery() {
this.getList();
},
+ /** 重置按钮操作 */
+ resetQuery() {
+ this.resetForm("queryForm");
+ this.handleQuery();
+ },
/** 新增按钮操作 */
handleAdd(row) {
this.reset();
this.getTreeselect();
- if (row != null) {
+ if (row != null && row.menuId) {
this.form.parentId = row.menuId;
+ } else {
+ this.form.parentId = 0;
}
this.open = true;
this.title = "添加菜单";
@@ -297,23 +410,15 @@
if (valid) {
if (this.form.menuId != undefined) {
updateMenu(this.form).then(response => {
- if (response.code === 200) {
- this.msgSuccess("修改成功");
- this.open = false;
- this.getList();
- } else {
- this.msgError(response.msg);
- }
+ this.msgSuccess("修改成功");
+ this.open = false;
+ this.getList();
});
} else {
addMenu(this.form).then(response => {
- if (response.code === 200) {
- this.msgSuccess("新增成功");
- this.open = false;
- this.getList();
- } else {
- this.msgError(response.msg);
- }
+ this.msgSuccess("新增成功");
+ this.open = false;
+ this.getList();
});
}
}
@@ -330,7 +435,7 @@
}).then(() => {
this.getList();
this.msgSuccess("删除成功");
- }).catch(function() {});
+ }).catch(() => {});
}
}
};
--
Gitblit v1.9.2