From 6b5dd4d2be69759a8a2452195d0fb0b0ef52e72a Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期三, 28 七月 2021 16:04:59 +0800
Subject: [PATCH] 优化XSS跨站脚本过滤
---
ruoyi-ui/src/views/system/user/index.vue | 37 +++++++++++++++++++------------------
1 files changed, 19 insertions(+), 18 deletions(-)
diff --git a/ruoyi-ui/src/views/system/user/index.vue b/ruoyi-ui/src/views/system/user/index.vue
index 7f419c9..0fe2536 100644
--- a/ruoyi-ui/src/views/system/user/index.vue
+++ b/ruoyi-ui/src/views/system/user/index.vue
@@ -167,7 +167,7 @@
width="160"
class-name="small-padding fixed-width"
>
- <template slot-scope="scope">
+ <template slot-scope="scope" v-if="scope.row.userId !== 1">
<el-button
size="mini"
type="text"
@@ -175,13 +175,18 @@
@click="handleUpdate(scope.row)"
v-hasPermi="['system:user:edit']"
>修改</el-button>
- <el-dropdown size="mini" @command="(command) => handleCommand(command, scope.row)">
+ <el-button
+ size="mini"
+ type="text"
+ icon="el-icon-delete"
+ @click="handleDelete(scope.row)"
+ v-hasPermi="['system:user:remove']"
+ >删除</el-button>
+ <el-dropdown size="mini" @command="(command) => handleCommand(command, scope.row)" v-hasPermi="['system:user:resetPwd', 'system:user:edit']">
<span class="el-dropdown-link">
- <i class="el-icon-d-arrow-right el-icon--right"></i>更多操作
+ <i class="el-icon-d-arrow-right el-icon--right"></i>更多
</span>
<el-dropdown-menu slot="dropdown">
- <el-dropdown-item command="handleDelete" v-if="scope.row.userId !== 1" icon="el-icon-delete"
- v-hasPermi="['system:user:remove']">删除用户</el-dropdown-item>
<el-dropdown-item command="handleResetPwd" icon="el-icon-key"
v-hasPermi="['system:user:resetPwd']">重置密码</el-dropdown-item>
<el-dropdown-item command="handleAuthRole" icon="el-icon-circle-check"
@@ -237,7 +242,7 @@
</el-col>
<el-col :span="12">
<el-form-item v-if="form.userId == undefined" label="用户密码" prop="password">
- <el-input v-model="form.password" placeholder="请输入用户密码" type="password" maxlength="20" />
+ <el-input v-model="form.password" placeholder="请输入用户密码" type="password" maxlength="20" show-password/>
</el-form-item>
</el-col>
</el-row>
@@ -323,15 +328,14 @@
drag
>
<i class="el-icon-upload"></i>
- <div class="el-upload__text">
- 将文件拖到此处,或
- <em>点击上传</em>
+ <div class="el-upload__text">将文件拖到此处,或<em>点击上传</em></div>
+ <div class="el-upload__tip text-center" slot="tip">
+ <div class="el-upload__tip" slot="tip">
+ <el-checkbox v-model="upload.updateSupport" /> 是否更新已经存在的用户数据
+ </div>
+ <span>仅允许导入xls、xlsx格式文件。</span>
+ <el-link type="primary" :underline="false" style="font-size:12px;vertical-align: baseline;" @click="importTemplate">下载模板</el-link>
</div>
- <div class="el-upload__tip" slot="tip">
- <el-checkbox v-model="upload.updateSupport" />是否更新已经存在的用户数据
- <el-link type="info" style="font-size:12px" @click="importTemplate">下载模板</el-link>
- </div>
- <div class="el-upload__tip" style="color:red" slot="tip">提示:仅允许导入“xls”或“xlsx”格式文件!</div>
</el-upload>
<div slot="footer" class="dialog-footer">
<el-button type="primary" @click="submitFileForm">确 定</el-button>
@@ -562,9 +566,6 @@
// 更多操作触发
handleCommand(command, row) {
switch (command) {
- case "handleDelete":
- this.handleDelete(row);
- break;
case "handleResetPwd":
this.handleResetPwd(row);
break;
@@ -620,7 +621,7 @@
/** 分配角色操作 */
handleAuthRole: function(row) {
const userId = row.userId;
- this.$router.push("/auth/role/" + userId);
+ this.$router.push("/system/user-auth/role/" + userId);
},
/** 提交按钮 */
submitForm: function() {
--
Gitblit v1.9.2