From 6b5dd4d2be69759a8a2452195d0fb0b0ef52e72a Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期三, 28 七月 2021 16:04:59 +0800
Subject: [PATCH] 优化XSS跨站脚本过滤
---
ruoyi-ui/src/views/system/user/index.vue | 356 +++++++++++++++++++++++++++++++++++++++++++++--------------
1 files changed, 272 insertions(+), 84 deletions(-)
diff --git a/ruoyi-ui/src/views/system/user/index.vue b/ruoyi-ui/src/views/system/user/index.vue
index 295f9c7..0fe2536 100644
--- a/ruoyi-ui/src/views/system/user/index.vue
+++ b/ruoyi-ui/src/views/system/user/index.vue
@@ -27,8 +27,8 @@
</el-col>
<!--用户数据-->
<el-col :span="20" :xs="24">
- <el-form :inline="true" label-width="68px">
- <el-form-item label="用户名称">
+ <el-form :model="queryParams" ref="queryForm" :inline="true" v-show="showSearch" label-width="68px">
+ <el-form-item label="用户名称" prop="userName">
<el-input
v-model="queryParams.userName"
placeholder="请输入用户名称"
@@ -38,7 +38,7 @@
@keyup.enter.native="handleQuery"
/>
</el-form-item>
- <el-form-item label="手机号码">
+ <el-form-item label="手机号码" prop="phonenumber">
<el-input
v-model="queryParams.phonenumber"
placeholder="请输入手机号码"
@@ -48,7 +48,7 @@
@keyup.enter.native="handleQuery"
/>
</el-form-item>
- <el-form-item label="状态">
+ <el-form-item label="状态" prop="status">
<el-select
v-model="queryParams.status"
placeholder="用户状态"
@@ -78,17 +78,75 @@
</el-form-item>
<el-form-item>
<el-button type="primary" icon="el-icon-search" size="mini" @click="handleQuery">搜索</el-button>
- <el-button type="primary" icon="el-icon-plus" size="mini" @click="handleAdd" v-hasPermi="['system:user:add']">新增</el-button>
+ <el-button icon="el-icon-refresh" size="mini" @click="resetQuery">重置</el-button>
</el-form-item>
</el-form>
- <el-table v-loading="loading" :data="userList">
- <el-table-column label="用户编号" align="center" prop="userId" />
- <el-table-column label="用户名称" align="center" prop="userName" />
- <el-table-column label="用户昵称" align="center" prop="nickName" />
- <el-table-column label="部门" align="center" prop="dept.deptName" />
- <el-table-column label="手机号码" align="center" prop="phonenumber" width="120" />
- <el-table-column label="状态" align="center">
+ <el-row :gutter="10" class="mb8">
+ <el-col :span="1.5">
+ <el-button
+ type="primary"
+ plain
+ icon="el-icon-plus"
+ size="mini"
+ @click="handleAdd"
+ v-hasPermi="['system:user:add']"
+ >新增</el-button>
+ </el-col>
+ <el-col :span="1.5">
+ <el-button
+ type="success"
+ plain
+ icon="el-icon-edit"
+ size="mini"
+ :disabled="single"
+ @click="handleUpdate"
+ v-hasPermi="['system:user:edit']"
+ >修改</el-button>
+ </el-col>
+ <el-col :span="1.5">
+ <el-button
+ type="danger"
+ plain
+ icon="el-icon-delete"
+ size="mini"
+ :disabled="multiple"
+ @click="handleDelete"
+ v-hasPermi="['system:user:remove']"
+ >删除</el-button>
+ </el-col>
+ <el-col :span="1.5">
+ <el-button
+ type="info"
+ plain
+ icon="el-icon-upload2"
+ size="mini"
+ @click="handleImport"
+ v-hasPermi="['system:user:import']"
+ >导入</el-button>
+ </el-col>
+ <el-col :span="1.5">
+ <el-button
+ type="warning"
+ plain
+ icon="el-icon-download"
+ size="mini"
+ :loading="exportLoading"
+ @click="handleExport"
+ v-hasPermi="['system:user:export']"
+ >导出</el-button>
+ </el-col>
+ <right-toolbar :showSearch.sync="showSearch" @queryTable="getList" :columns="columns"></right-toolbar>
+ </el-row>
+
+ <el-table v-loading="loading" :data="userList" @selection-change="handleSelectionChange">
+ <el-table-column type="selection" width="50" align="center" />
+ <el-table-column label="用户编号" align="center" key="userId" prop="userId" v-if="columns[0].visible" />
+ <el-table-column label="用户名称" align="center" key="userName" prop="userName" v-if="columns[1].visible" :show-overflow-tooltip="true" />
+ <el-table-column label="用户昵称" align="center" key="nickName" prop="nickName" v-if="columns[2].visible" :show-overflow-tooltip="true" />
+ <el-table-column label="部门" align="center" key="deptName" prop="dept.deptName" v-if="columns[3].visible" :show-overflow-tooltip="true" />
+ <el-table-column label="手机号码" align="center" key="phonenumber" prop="phonenumber" v-if="columns[4].visible" width="120" />
+ <el-table-column label="状态" align="center" key="status" v-if="columns[5].visible">
<template slot-scope="scope">
<el-switch
v-model="scope.row.status"
@@ -98,18 +156,18 @@
></el-switch>
</template>
</el-table-column>
- <el-table-column label="创建时间" align="center" prop="createTime" width="160">
+ <el-table-column label="创建时间" align="center" prop="createTime" v-if="columns[6].visible" width="160">
<template slot-scope="scope">
- <span>{{ dateFormat(scope.row.createTime) }}</span>
+ <span>{{ parseTime(scope.row.createTime) }}</span>
</template>
</el-table-column>
<el-table-column
label="操作"
align="center"
- width="180"
+ width="160"
class-name="small-padding fixed-width"
>
- <template slot-scope="scope">
+ <template slot-scope="scope" v-if="scope.row.userId !== 1">
<el-button
size="mini"
type="text"
@@ -118,20 +176,23 @@
v-hasPermi="['system:user:edit']"
>修改</el-button>
<el-button
- v-if="scope.row.userId !== 1"
size="mini"
type="text"
icon="el-icon-delete"
@click="handleDelete(scope.row)"
v-hasPermi="['system:user:remove']"
>删除</el-button>
- <el-button
- size="mini"
- type="text"
- icon="el-icon-key"
- @click="handleResetPwd(scope.row)"
- v-hasPermi="['system:user:resetPwd']"
- >重置</el-button>
+ <el-dropdown size="mini" @command="(command) => handleCommand(command, scope.row)" v-hasPermi="['system:user:resetPwd', 'system:user:edit']">
+ <span class="el-dropdown-link">
+ <i class="el-icon-d-arrow-right el-icon--right"></i>更多
+ </span>
+ <el-dropdown-menu slot="dropdown">
+ <el-dropdown-item command="handleResetPwd" icon="el-icon-key"
+ v-hasPermi="['system:user:resetPwd']">重置密码</el-dropdown-item>
+ <el-dropdown-item command="handleAuthRole" icon="el-icon-circle-check"
+ v-hasPermi="['system:user:edit']">分配角色</el-dropdown-item>
+ </el-dropdown-menu>
+ </el-dropdown>
</template>
</el-table-column>
</el-table>
@@ -147,19 +208,21 @@
</el-row>
<!-- 添加或修改参数配置对话框 -->
- <el-dialog :title="title" :visible.sync="open" width="600px">
+ <el-dialog :title="title" :visible.sync="open" width="600px" append-to-body>
<el-form ref="form" :model="form" :rules="rules" label-width="80px">
<el-row>
<el-col :span="12">
<el-form-item label="用户昵称" prop="nickName">
- <el-input v-model="form.nickName" placeholder="请输入用户昵称" />
+ <el-input v-model="form.nickName" placeholder="请输入用户昵称" maxlength="30" />
</el-form-item>
</el-col>
<el-col :span="12">
<el-form-item label="归属部门" prop="deptId">
- <treeselect v-model="form.deptId" :options="deptOptions" placeholder="请选择归属部门" />
+ <treeselect v-model="form.deptId" :options="deptOptions" :show-count="true" placeholder="请选择归属部门" />
</el-form-item>
</el-col>
+ </el-row>
+ <el-row>
<el-col :span="12">
<el-form-item label="手机号码" prop="phonenumber">
<el-input v-model="form.phonenumber" placeholder="请输入手机号码" maxlength="11" />
@@ -170,16 +233,20 @@
<el-input v-model="form.email" placeholder="请输入邮箱" maxlength="50" />
</el-form-item>
</el-col>
+ </el-row>
+ <el-row>
<el-col :span="12">
- <el-form-item label="用户名称" prop="userName">
- <el-input v-model="form.userName" placeholder="请输入用户名称" />
+ <el-form-item v-if="form.userId == undefined" label="用户名称" prop="userName">
+ <el-input v-model="form.userName" placeholder="请输入用户名称" maxlength="30" />
</el-form-item>
</el-col>
<el-col :span="12">
<el-form-item v-if="form.userId == undefined" label="用户密码" prop="password">
- <el-input v-model="form.password" placeholder="请输入用户密码" type="password" />
+ <el-input v-model="form.password" placeholder="请输入用户密码" type="password" maxlength="20" show-password/>
</el-form-item>
</el-col>
+ </el-row>
+ <el-row>
<el-col :span="12">
<el-form-item label="用户性别">
<el-select v-model="form.sex" placeholder="请选择">
@@ -203,7 +270,8 @@
</el-radio-group>
</el-form-item>
</el-col>
-
+ </el-row>
+ <el-row>
<el-col :span="12">
<el-form-item label="岗位">
<el-select v-model="form.postIds" multiple placeholder="请选择">
@@ -230,6 +298,8 @@
</el-select>
</el-form-item>
</el-col>
+ </el-row>
+ <el-row>
<el-col :span="24">
<el-form-item label="备注">
<el-input v-model="form.remark" type="textarea" placeholder="请输入内容"></el-input>
@@ -242,23 +312,63 @@
<el-button @click="cancel">取 消</el-button>
</div>
</el-dialog>
+
+ <!-- 用户导入对话框 -->
+ <el-dialog :title="upload.title" :visible.sync="upload.open" width="400px" append-to-body>
+ <el-upload
+ ref="upload"
+ :limit="1"
+ accept=".xlsx, .xls"
+ :headers="upload.headers"
+ :action="upload.url + '?updateSupport=' + upload.updateSupport"
+ :disabled="upload.isUploading"
+ :on-progress="handleFileUploadProgress"
+ :on-success="handleFileSuccess"
+ :auto-upload="false"
+ drag
+ >
+ <i class="el-icon-upload"></i>
+ <div class="el-upload__text">将文件拖到此处,或<em>点击上传</em></div>
+ <div class="el-upload__tip text-center" slot="tip">
+ <div class="el-upload__tip" slot="tip">
+ <el-checkbox v-model="upload.updateSupport" /> 是否更新已经存在的用户数据
+ </div>
+ <span>仅允许导入xls、xlsx格式文件。</span>
+ <el-link type="primary" :underline="false" style="font-size:12px;vertical-align: baseline;" @click="importTemplate">下载模板</el-link>
+ </div>
+ </el-upload>
+ <div slot="footer" class="dialog-footer">
+ <el-button type="primary" @click="submitFileForm">确 定</el-button>
+ <el-button @click="upload.open = false">取 消</el-button>
+ </div>
+ </el-dialog>
</div>
</template>
<script>
-import { listUser, getUser, delUser, addUser, updateUser, resetUserPwd, changeUserStatus } from "@/api/system/user";
+import { listUser, getUser, delUser, addUser, updateUser, exportUser, resetUserPwd, changeUserStatus, importTemplate } from "@/api/system/user";
+import { getToken } from "@/utils/auth";
import { treeselect } from "@/api/system/dept";
-import { listPost } from "@/api/system/post";
-import { listRole } from "@/api/system/role";
import Treeselect from "@riophae/vue-treeselect";
import "@riophae/vue-treeselect/dist/vue-treeselect.css";
export default {
+ name: "User",
components: { Treeselect },
data() {
return {
// 遮罩层
loading: true,
+ // 导出遮罩层
+ exportLoading: false,
+ // 选中数组
+ ids: [],
+ // 非单个禁用
+ single: true,
+ // 非多个禁用
+ multiple: true,
+ // 显示搜索条件
+ showSearch: true,
// 总条数
total: 0,
// 用户表格数据
@@ -289,6 +399,21 @@
children: "children",
label: "label"
},
+ // 用户导入参数
+ upload: {
+ // 是否显示弹出层(用户导入)
+ open: false,
+ // 弹出层标题(用户导入)
+ title: "",
+ // 是否禁用上传
+ isUploading: false,
+ // 是否更新已经存在的用户数据
+ updateSupport: 0,
+ // 设置上传的请求头部
+ headers: { Authorization: "Bearer " + getToken() },
+ // 上传的地址
+ url: process.env.VUE_APP_BASE_API + "/system/user/importData"
+ },
// 查询参数
queryParams: {
pageNum: 1,
@@ -298,6 +423,16 @@
status: undefined,
deptId: undefined
},
+ // 列信息
+ columns: [
+ { key: 0, label: `用户编号`, visible: true },
+ { key: 1, label: `用户名称`, visible: true },
+ { key: 2, label: `用户昵称`, visible: true },
+ { key: 3, label: `部门`, visible: true },
+ { key: 4, label: `手机号码`, visible: true },
+ { key: 5, label: `状态`, visible: true },
+ { key: 6, label: `创建时间`, visible: true }
+ ],
// 表单校验
rules: {
userName: [
@@ -306,11 +441,9 @@
nickName: [
{ required: true, message: "用户昵称不能为空", trigger: "blur" }
],
- deptId: [
- { required: true, message: "归属部门不能为空", trigger: "blur" }
- ],
password: [
- { required: true, message: "用户密码不能为空", trigger: "blur" }
+ { required: true, message: "用户密码不能为空", trigger: "blur" },
+ { min: 5, max: 20, message: '用户密码长度必须介于 5 和 20 之间', trigger: 'blur' }
],
email: [
{
@@ -345,7 +478,7 @@
this.sexOptions = response.data;
});
this.getConfigKey("sys.user.initPassword").then(response => {
- this.initPassword = response.data;
+ this.initPassword = response.msg;
});
},
methods: {
@@ -375,18 +508,6 @@
this.queryParams.deptId = data.id;
this.getList();
},
- /** 查询岗位列表 */
- getPosts() {
- listPost().then(response => {
- this.postOptions = response.rows;
- });
- },
- /** 查询角色列表 */
- getRoles() {
- listRole().then(response => {
- this.roleOptions = response.rows;
- });
- },
// 用户状态修改
handleStatusChange(row) {
let text = row.status === "0" ? "启用" : "停用";
@@ -411,7 +532,7 @@
reset() {
this.form = {
userId: undefined,
- deptId: 100,
+ deptId: undefined,
userName: undefined,
nickName: undefined,
password: undefined,
@@ -427,27 +548,55 @@
},
/** 搜索按钮操作 */
handleQuery() {
- this.queryParams.page = 1;
+ this.queryParams.pageNum = 1;
this.getList();
+ },
+ /** 重置按钮操作 */
+ resetQuery() {
+ this.dateRange = [];
+ this.resetForm("queryForm");
+ this.handleQuery();
+ },
+ // 多选框选中数据
+ handleSelectionChange(selection) {
+ this.ids = selection.map(item => item.userId);
+ this.single = selection.length != 1;
+ this.multiple = !selection.length;
+ },
+ // 更多操作触发
+ handleCommand(command, row) {
+ switch (command) {
+ case "handleResetPwd":
+ this.handleResetPwd(row);
+ break;
+ case "handleAuthRole":
+ this.handleAuthRole(row);
+ break;
+ default:
+ break;
+ }
},
/** 新增按钮操作 */
handleAdd() {
this.reset();
this.getTreeselect();
- this.getPosts();
- this.getRoles();
- this.open = true;
- this.title = "添加用户";
- this.form.password = this.initPassword;
+ getUser().then(response => {
+ this.postOptions = response.posts;
+ this.roleOptions = response.roles;
+ this.open = true;
+ this.title = "添加用户";
+ this.form.password = this.initPassword;
+ });
},
/** 修改按钮操作 */
handleUpdate(row) {
this.reset();
this.getTreeselect();
- this.getPosts();
- this.getRoles();
- getUser(row.userId).then(response => {
+ const userId = row.userId || this.ids;
+ getUser(userId).then(response => {
this.form = response.data;
+ this.postOptions = response.posts;
+ this.roleOptions = response.roles;
this.form.postIds = response.postIds;
this.form.roleIds = response.roleIds;
this.open = true;
@@ -459,16 +608,20 @@
handleResetPwd(row) {
this.$prompt('请输入"' + row.userName + '"的新密码', "提示", {
confirmButtonText: "确定",
- cancelButtonText: "取消"
+ cancelButtonText: "取消",
+ closeOnClickModal: false,
+ inputPattern: /^.{5,20}$/,
+ inputErrorMessage: "用户密码长度必须介于 5 和 20 之间",
}).then(({ value }) => {
resetUserPwd(row.userId, value).then(response => {
- if (response.code === 200) {
- this.msgSuccess("修改成功,新密码是:" + value);
- } else {
- this.msgError(response.msg);
- }
+ this.msgSuccess("修改成功,新密码是:" + value);
});
}).catch(() => {});
+ },
+ /** 分配角色操作 */
+ handleAuthRole: function(row) {
+ const userId = row.userId;
+ this.$router.push("/system/user-auth/role/" + userId);
},
/** 提交按钮 */
submitForm: function() {
@@ -476,23 +629,15 @@
if (valid) {
if (this.form.userId != undefined) {
updateUser(this.form).then(response => {
- if (response.code === 200) {
- this.msgSuccess("修改成功");
- this.open = false;
- this.getList();
- } else {
- this.msgError(response.msg);
- }
+ this.msgSuccess("修改成功");
+ this.open = false;
+ this.getList();
});
} else {
addUser(this.form).then(response => {
- if (response.code === 200) {
- this.msgSuccess("新增成功");
- this.open = false;
- this.getList();
- } else {
- this.msgError(response.msg);
- }
+ this.msgSuccess("新增成功");
+ this.open = false;
+ this.getList();
});
}
}
@@ -500,16 +645,59 @@
},
/** 删除按钮操作 */
handleDelete(row) {
- this.$confirm('是否确认删除名称为"' + row.userName + '"的数据项?', "警告", {
+ const userIds = row.userId || this.ids;
+ this.$confirm('是否确认删除用户编号为"' + userIds + '"的数据项?', "警告", {
confirmButtonText: "确定",
cancelButtonText: "取消",
type: "warning"
}).then(function() {
- return delUser(row.userId);
+ return delUser(userIds);
}).then(() => {
this.getList();
this.msgSuccess("删除成功");
- }).catch(function() {});
+ }).catch(() => {});
+ },
+ /** 导出按钮操作 */
+ handleExport() {
+ const queryParams = this.queryParams;
+ this.$confirm('是否确认导出所有用户数据项?', "警告", {
+ confirmButtonText: "确定",
+ cancelButtonText: "取消",
+ type: "warning"
+ }).then(() => {
+ this.exportLoading = true;
+ return exportUser(queryParams);
+ }).then(response => {
+ this.download(response.msg);
+ this.exportLoading = false;
+ }).catch(() => {});
+ },
+ /** 导入按钮操作 */
+ handleImport() {
+ this.upload.title = "用户导入";
+ this.upload.open = true;
+ },
+ /** 下载模板操作 */
+ importTemplate() {
+ importTemplate().then(response => {
+ this.download(response.msg);
+ });
+ },
+ // 文件上传中处理
+ handleFileUploadProgress(event, file, fileList) {
+ this.upload.isUploading = true;
+ },
+ // 文件上传成功处理
+ handleFileSuccess(response, file, fileList) {
+ this.upload.open = false;
+ this.upload.isUploading = false;
+ this.$refs.upload.clearFiles();
+ this.$alert(response.msg, "导入结果", { dangerouslyUseHTMLString: true });
+ this.getList();
+ },
+ // 提交上传文件
+ submitFileForm() {
+ this.$refs.upload.submit();
}
}
};
--
Gitblit v1.9.2