From 6b5dd4d2be69759a8a2452195d0fb0b0ef52e72a Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期三, 28 七月 2021 16:04:59 +0800
Subject: [PATCH] 优化XSS跨站脚本过滤
---
ruoyi-ui/src/views/system/role/index.vue | 162 ++++++++++++++++++++++++++++++++++++++++++-----------
1 files changed, 127 insertions(+), 35 deletions(-)
diff --git a/ruoyi-ui/src/views/system/role/index.vue b/ruoyi-ui/src/views/system/role/index.vue
index 7780c1f..27167c9 100644
--- a/ruoyi-ui/src/views/system/role/index.vue
+++ b/ruoyi-ui/src/views/system/role/index.vue
@@ -50,7 +50,7 @@
></el-date-picker>
</el-form-item>
<el-form-item>
- <el-button type="cyan" icon="el-icon-search" size="mini" @click="handleQuery">搜索</el-button>
+ <el-button type="primary" icon="el-icon-search" size="mini" @click="handleQuery">搜索</el-button>
<el-button icon="el-icon-refresh" size="mini" @click="resetQuery">重置</el-button>
</el-form-item>
</el-form>
@@ -59,6 +59,7 @@
<el-col :span="1.5">
<el-button
type="primary"
+ plain
icon="el-icon-plus"
size="mini"
@click="handleAdd"
@@ -68,6 +69,7 @@
<el-col :span="1.5">
<el-button
type="success"
+ plain
icon="el-icon-edit"
size="mini"
:disabled="single"
@@ -78,6 +80,7 @@
<el-col :span="1.5">
<el-button
type="danger"
+ plain
icon="el-icon-delete"
size="mini"
:disabled="multiple"
@@ -88,8 +91,10 @@
<el-col :span="1.5">
<el-button
type="warning"
+ plain
icon="el-icon-download"
size="mini"
+ :loading="exportLoading"
@click="handleExport"
v-hasPermi="['system:role:export']"
>导出</el-button>
@@ -119,7 +124,7 @@
</template>
</el-table-column>
<el-table-column label="操作" align="center" class-name="small-padding fixed-width">
- <template slot-scope="scope">
+ <template slot-scope="scope" v-if="scope.row.roleId !== 1">
<el-button
size="mini"
type="text"
@@ -130,17 +135,21 @@
<el-button
size="mini"
type="text"
- icon="el-icon-circle-check"
- @click="handleDataScope(scope.row)"
- v-hasPermi="['system:role:edit']"
- >数据权限</el-button>
- <el-button
- size="mini"
- type="text"
icon="el-icon-delete"
@click="handleDelete(scope.row)"
v-hasPermi="['system:role:remove']"
>删除</el-button>
+ <el-dropdown size="mini" @command="(command) => handleCommand(command, scope.row)" v-hasPermi="['system:role:edit']">
+ <span class="el-dropdown-link">
+ <i class="el-icon-d-arrow-right el-icon--right"></i>更多
+ </span>
+ <el-dropdown-menu slot="dropdown">
+ <el-dropdown-item command="handleDataScope" icon="el-icon-circle-check"
+ v-hasPermi="['system:role:edit']">数据权限</el-dropdown-item>
+ <el-dropdown-item command="handleAuthUser" icon="el-icon-user"
+ v-hasPermi="['system:role:edit']">分配用户</el-dropdown-item>
+ </el-dropdown-menu>
+ </el-dropdown>
</template>
</el-table-column>
</el-table>
@@ -155,11 +164,17 @@
<!-- 添加或修改角色配置对话框 -->
<el-dialog :title="title" :visible.sync="open" width="500px" append-to-body>
- <el-form ref="form" :model="form" :rules="rules" label-width="80px">
+ <el-form ref="form" :model="form" :rules="rules" label-width="100px">
<el-form-item label="角色名称" prop="roleName">
<el-input v-model="form.roleName" placeholder="请输入角色名称" />
</el-form-item>
- <el-form-item label="权限字符" prop="roleKey">
+ <el-form-item prop="roleKey">
+ <span slot="label">
+ <el-tooltip content="控制器中定义的权限字符,如:@PreAuthorize(`@ss.hasRole('admin')`)" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 权限字符
+ </span>
<el-input v-model="form.roleKey" placeholder="请输入权限字符" />
</el-form-item>
<el-form-item label="角色顺序" prop="roleSort">
@@ -175,11 +190,16 @@
</el-radio-group>
</el-form-item>
<el-form-item label="菜单权限">
+ <el-checkbox v-model="menuExpand" @change="handleCheckedTreeExpand($event, 'menu')">展开/折叠</el-checkbox>
+ <el-checkbox v-model="menuNodeAll" @change="handleCheckedTreeNodeAll($event, 'menu')">全选/全不选</el-checkbox>
+ <el-checkbox v-model="form.menuCheckStrictly" @change="handleCheckedTreeConnect($event, 'menu')">父子联动</el-checkbox>
<el-tree
+ class="tree-border"
:data="menuOptions"
show-checkbox
ref="menu"
node-key="id"
+ :check-strictly="!form.menuCheckStrictly"
empty-text="加载中,请稍后"
:props="defaultProps"
></el-tree>
@@ -204,7 +224,7 @@
<el-input v-model="form.roleKey" :disabled="true" />
</el-form-item>
<el-form-item label="权限范围">
- <el-select v-model="form.dataScope">
+ <el-select v-model="form.dataScope" @change="dataScopeSelectChange">
<el-option
v-for="item in dataScopeOptions"
:key="item.value"
@@ -214,12 +234,17 @@
</el-select>
</el-form-item>
<el-form-item label="数据权限" v-show="form.dataScope == 2">
+ <el-checkbox v-model="deptExpand" @change="handleCheckedTreeExpand($event, 'dept')">展开/折叠</el-checkbox>
+ <el-checkbox v-model="deptNodeAll" @change="handleCheckedTreeNodeAll($event, 'dept')">全选/全不选</el-checkbox>
+ <el-checkbox v-model="form.deptCheckStrictly" @change="handleCheckedTreeConnect($event, 'dept')">父子联动</el-checkbox>
<el-tree
+ class="tree-border"
:data="deptOptions"
show-checkbox
default-expand-all
ref="dept"
node-key="id"
+ :check-strictly="!form.deptCheckStrictly"
empty-text="加载中,请稍后"
:props="defaultProps"
></el-tree>
@@ -244,6 +269,8 @@
return {
// 遮罩层
loading: true,
+ // 导出遮罩层
+ exportLoading: false,
// 选中数组
ids: [],
// 非单个禁用
@@ -262,6 +289,10 @@
open: false,
// 是否显示弹出层(数据权限)
openDataScope: false,
+ menuExpand: false,
+ menuNodeAll: false,
+ deptExpand: true,
+ deptNodeAll: false,
// 日期范围
dateRange: [],
// 状态数据字典
@@ -354,18 +385,18 @@
// 所有菜单节点数据
getMenuAllCheckedKeys() {
// 目前被选中的菜单节点
- let checkedKeys = this.$refs.menu.getHalfCheckedKeys();
+ let checkedKeys = this.$refs.menu.getCheckedKeys();
// 半选中的菜单节点
- let halfCheckedKeys = this.$refs.menu.getCheckedKeys();
+ let halfCheckedKeys = this.$refs.menu.getHalfCheckedKeys();
checkedKeys.unshift.apply(checkedKeys, halfCheckedKeys);
return checkedKeys;
},
// 所有部门节点数据
getDeptAllCheckedKeys() {
// 目前被选中的部门节点
- let checkedKeys = this.$refs.dept.getHalfCheckedKeys();
+ let checkedKeys = this.$refs.dept.getCheckedKeys();
// 半选中的部门节点
- let halfCheckedKeys = this.$refs.dept.getCheckedKeys();
+ let halfCheckedKeys = this.$refs.dept.getHalfCheckedKeys();
checkedKeys.unshift.apply(checkedKeys, halfCheckedKeys);
return checkedKeys;
},
@@ -413,6 +444,10 @@
if (this.$refs.menu != undefined) {
this.$refs.menu.setCheckedKeys([]);
}
+ this.menuExpand = false,
+ this.menuNodeAll = false,
+ this.deptExpand = true,
+ this.deptNodeAll = false,
this.form = {
roleId: undefined,
roleName: undefined,
@@ -421,6 +456,8 @@
status: "0",
menuIds: [],
deptIds: [],
+ menuCheckStrictly: true,
+ deptCheckStrictly: true,
remark: undefined
};
this.resetForm("form");
@@ -442,6 +479,49 @@
this.single = selection.length!=1
this.multiple = !selection.length
},
+ // 更多操作触发
+ handleCommand(command, row) {
+ switch (command) {
+ case "handleDataScope":
+ this.handleDataScope(row);
+ break;
+ case "handleAuthUser":
+ this.handleAuthUser(row);
+ break;
+ default:
+ break;
+ }
+ },
+ // 树权限(展开/折叠)
+ handleCheckedTreeExpand(value, type) {
+ if (type == 'menu') {
+ let treeList = this.menuOptions;
+ for (let i = 0; i < treeList.length; i++) {
+ this.$refs.menu.store.nodesMap[treeList[i].id].expanded = value;
+ }
+ } else if (type == 'dept') {
+ let treeList = this.deptOptions;
+ for (let i = 0; i < treeList.length; i++) {
+ this.$refs.dept.store.nodesMap[treeList[i].id].expanded = value;
+ }
+ }
+ },
+ // 树权限(全选/全不选)
+ handleCheckedTreeNodeAll(value, type) {
+ if (type == 'menu') {
+ this.$refs.menu.setCheckedNodes(value ? this.menuOptions: []);
+ } else if (type == 'dept') {
+ this.$refs.dept.setCheckedNodes(value ? this.deptOptions: []);
+ }
+ },
+ // 树权限(父子联动)
+ handleCheckedTreeConnect(value, type) {
+ if (type == 'menu') {
+ this.form.menuCheckStrictly = value ? true: false;
+ } else if (type == 'dept') {
+ this.form.deptCheckStrictly = value ? true: false;
+ }
+ },
/** 新增按钮操作 */
handleAdd() {
this.reset();
@@ -459,11 +539,22 @@
this.open = true;
this.$nextTick(() => {
roleMenu.then(res => {
- this.$refs.menu.setCheckedKeys(res.checkedKeys);
+ let checkedKeys = res.checkedKeys
+ checkedKeys.forEach((v) => {
+ this.$nextTick(()=>{
+ this.$refs.menu.setChecked(v, true ,false);
+ })
+ })
});
});
this.title = "修改角色";
});
+ },
+ /** 选择角色权限范围触发 */
+ dataScopeSelectChange(value) {
+ if(value !== '2') {
+ this.$refs.dept.setCheckedKeys([]);
+ }
},
/** 分配数据权限操作 */
handleDataScope(row) {
@@ -480,6 +571,11 @@
this.title = "分配数据权限";
});
},
+ /** 分配用户操作 */
+ handleAuthUser: function(row) {
+ const roleId = row.roleId;
+ this.$router.push("/system/role-auth/user/" + roleId);
+ },
/** 提交按钮 */
submitForm: function() {
this.$refs["form"].validate(valid => {
@@ -487,20 +583,16 @@
if (this.form.roleId != undefined) {
this.form.menuIds = this.getMenuAllCheckedKeys();
updateRole(this.form).then(response => {
- if (response.code === 200) {
- this.msgSuccess("修改成功");
- this.open = false;
- this.getList();
- }
+ this.msgSuccess("修改成功");
+ this.open = false;
+ this.getList();
});
} else {
this.form.menuIds = this.getMenuAllCheckedKeys();
addRole(this.form).then(response => {
- if (response.code === 200) {
- this.msgSuccess("新增成功");
- this.open = false;
- this.getList();
- }
+ this.msgSuccess("新增成功");
+ this.open = false;
+ this.getList();
});
}
}
@@ -511,11 +603,9 @@
if (this.form.roleId != undefined) {
this.form.deptIds = this.getDeptAllCheckedKeys();
dataScope(this.form).then(response => {
- if (response.code === 200) {
- this.msgSuccess("修改成功");
- this.openDataScope = false;
- this.getList();
- }
+ this.msgSuccess("修改成功");
+ this.openDataScope = false;
+ this.getList();
});
}
},
@@ -531,7 +621,7 @@
}).then(() => {
this.getList();
this.msgSuccess("删除成功");
- }).catch(function() {});
+ }).catch(() => {});
},
/** 导出按钮操作 */
handleExport() {
@@ -540,11 +630,13 @@
confirmButtonText: "确定",
cancelButtonText: "取消",
type: "warning"
- }).then(function() {
+ }).then(() => {
+ this.exportLoading = true;
return exportRole(queryParams);
}).then(response => {
this.download(response.msg);
- }).catch(function() {});
+ this.exportLoading = false;
+ }).catch(() => {});
}
}
};
--
Gitblit v1.9.2