From c1db17dd771f202647ec56898f6b09cf00947a26 Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期二, 26 五月 2020 11:54:46 +0800
Subject: [PATCH] 限制外链地址必须以http(s)://开头
---
ruoyi/src/main/java/com/ruoyi/project/system/controller/SysMenuController.java | 39 ++++++++++++++++++++++++++++++++-------
1 files changed, 32 insertions(+), 7 deletions(-)
diff --git a/ruoyi/src/main/java/com/ruoyi/project/system/controller/SysMenuController.java b/ruoyi/src/main/java/com/ruoyi/project/system/controller/SysMenuController.java
index 173c0fa..a958f62 100644
--- a/ruoyi/src/main/java/com/ruoyi/project/system/controller/SysMenuController.java
+++ b/ruoyi/src/main/java/com/ruoyi/project/system/controller/SysMenuController.java
@@ -12,10 +12,15 @@
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
+import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.utils.SecurityUtils;
+import com.ruoyi.common.utils.ServletUtils;
+import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.framework.aspectj.lang.annotation.Log;
import com.ruoyi.framework.aspectj.lang.enums.BusinessType;
+import com.ruoyi.framework.security.LoginUser;
+import com.ruoyi.framework.security.service.TokenService;
import com.ruoyi.framework.web.controller.BaseController;
import com.ruoyi.framework.web.domain.AjaxResult;
import com.ruoyi.project.system.domain.SysMenu;
@@ -33,6 +38,9 @@
@Autowired
private ISysMenuService menuService;
+ @Autowired
+ private TokenService tokenService;
+
/**
* 获取菜单列表
*/
@@ -40,8 +48,10 @@
@GetMapping("/list")
public AjaxResult list(SysMenu menu)
{
- List<SysMenu> menus = menuService.selectMenuList(menu);
- return AjaxResult.success(menuService.buildMenuTree(menus));
+ LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
+ Long userId = loginUser.getUser().getUserId();
+ List<SysMenu> menus = menuService.selectMenuList(menu, userId);
+ return AjaxResult.success(menus);
}
/**
@@ -57,22 +67,27 @@
/**
* 获取菜单下拉树列表
*/
- @PreAuthorize("@ss.hasPermi('system:menu:query')")
@GetMapping("/treeselect")
- public AjaxResult treeselect(SysMenu dept)
+ public AjaxResult treeselect(SysMenu menu)
{
- List<SysMenu> menus = menuService.selectMenuList(dept);
+ LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
+ Long userId = loginUser.getUser().getUserId();
+ List<SysMenu> menus = menuService.selectMenuList(menu, userId);
return AjaxResult.success(menuService.buildMenuTreeSelect(menus));
}
/**
* 加载对应角色菜单列表树
*/
- @PreAuthorize("@ss.hasPermi('system:menu:query')")
@GetMapping(value = "/roleMenuTreeselect/{roleId}")
public AjaxResult roleMenuTreeselect(@PathVariable("roleId") Long roleId)
{
- return AjaxResult.success(menuService.selectMenuListByRoleId(roleId));
+ LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
+ List<SysMenu> menus = menuService.selectMenuList(loginUser.getUser().getUserId());
+ AjaxResult ajax = AjaxResult.success();
+ ajax.put("checkedKeys", menuService.selectMenuListByRoleId(roleId));
+ ajax.put("menus", menuService.buildMenuTreeSelect(menus));
+ return ajax;
}
/**
@@ -86,6 +101,11 @@
if (UserConstants.NOT_UNIQUE.equals(menuService.checkMenuNameUnique(menu)))
{
return AjaxResult.error("新增菜单'" + menu.getMenuName() + "'失败,菜单名称已存在");
+ }
+ else if (UserConstants.YES_FRAME.equals(menu.getIsFrame())
+ && !StringUtils.startsWithAny(menu.getPath(), Constants.HTTP, Constants.HTTPS))
+ {
+ return AjaxResult.error("新增菜单'" + menu.getMenuName() + "'失败,地址必须以http(s)://开头");
}
menu.setCreateBy(SecurityUtils.getUsername());
return toAjax(menuService.insertMenu(menu));
@@ -103,6 +123,11 @@
{
return AjaxResult.error("修改菜单'" + menu.getMenuName() + "'失败,菜单名称已存在");
}
+ else if (UserConstants.YES_FRAME.equals(menu.getIsFrame())
+ && !StringUtils.startsWithAny(menu.getPath(), Constants.HTTP, Constants.HTTPS))
+ {
+ return AjaxResult.error("新增菜单'" + menu.getMenuName() + "'失败,地址必须以http(s)://开头");
+ }
menu.setUpdateBy(SecurityUtils.getUsername());
return toAjax(menuService.updateMenu(menu));
}
--
Gitblit v1.9.2