From 9502203bbee72439c8f54aa692958f443a2ceeeb Mon Sep 17 00:00:00 2001
From: 若依 <yzz_ivy@163.com>
Date: 星期日, 14 三月 2021 16:32:07 +0800
Subject: [PATCH] !187 【漏洞修复】升级commons-collections版本,解决3.2.1版本的反序列化漏洞问题 Merge pull request !187 from Delusive/master
---
ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java | 16 ++++++++--------
1 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java
index ec8113e..35f6276 100644
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java
@@ -10,9 +10,11 @@
import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.core.domain.TreeSelect;
import com.ruoyi.common.core.domain.entity.SysDept;
+import com.ruoyi.common.core.domain.entity.SysRole;
import com.ruoyi.common.exception.CustomException;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.system.mapper.SysDeptMapper;
+import com.ruoyi.system.mapper.SysRoleMapper;
import com.ruoyi.system.service.ISysDeptService;
/**
@@ -25,6 +27,9 @@
{
@Autowired
private SysDeptMapper deptMapper;
+
+ @Autowired
+ private SysRoleMapper roleMapper;
/**
* 查询部门管理数据
@@ -93,7 +98,8 @@
@Override
public List<Integer> selectDeptListByRoleId(Long roleId)
{
- return deptMapper.selectDeptListByRoleId(roleId);
+ SysRole role = roleMapper.selectRoleById(roleId);
+ return deptMapper.selectDeptListByRoleId(roleId, role.isDeptCheckStrictly());
}
/**
@@ -267,13 +273,7 @@
{
if (hasChild(list, tChild))
{
- // 判断是否有子节点
- Iterator<SysDept> it = childList.iterator();
- while (it.hasNext())
- {
- SysDept n = (SysDept) it.next();
- recursionFn(list, n);
- }
+ recursionFn(list, tChild);
}
}
}
--
Gitblit v1.9.2