From 0144cb855f39048b379a80d9d597293c09310e86 Mon Sep 17 00:00:00 2001 From: RuoYi Date: Wed, 5 Jun 2024 11:53:53 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E4=BB=A3=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ruoyi-admin/pom.xml | 1 + .../com/ruoyi/common/core/text/Convert.java | 4 +++ .../framework/aspectj/DataScopeAspect.java | 28 +++++++++++++------ .../web/exception/GlobalExceptionHandler.java | 10 ++++++- 4 files changed, 33 insertions(+), 10 deletions(-) diff --git a/ruoyi-admin/pom.xml b/ruoyi-admin/pom.xml index 2e28443e9..9dec6b97f 100644 --- a/ruoyi-admin/pom.xml +++ b/ruoyi-admin/pom.xml @@ -123,6 +123,7 @@ **/*.min.js **/*.min.css **/fileinput.js + **/validate/** **/bootstrap-table/** diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/core/text/Convert.java b/ruoyi-common/src/main/java/com/ruoyi/common/core/text/Convert.java index 8a2ad80a2..938d0c9f2 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/core/text/Convert.java +++ b/ruoyi-common/src/main/java/com/ruoyi/common/core/text/Convert.java @@ -365,6 +365,10 @@ public class Convert */ public static String[] toStrArray(String str) { + if (StringUtils.isEmpty(str)) + { + return new String[] {}; + } return toStrArray(",", str); } diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java index 85ba2f215..f473f4408 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java @@ -90,16 +90,22 @@ public class DataScopeAspect { StringBuilder sqlString = new StringBuilder(); List conditions = new ArrayList(); + List scopeCustomIds = new ArrayList(); + user.getRoles().forEach(role -> { + if (DATA_SCOPE_CUSTOM.equals(role.getDataScope()) && StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission))) + { + scopeCustomIds.add(Convert.toStr(role.getRoleId())); + } + }); for (SysRole role : user.getRoles()) { String dataScope = role.getDataScope(); - if (!DATA_SCOPE_CUSTOM.equals(dataScope) && conditions.contains(dataScope)) + if (conditions.contains(dataScope)) { continue; } - if (StringUtils.isNotEmpty(permission) && StringUtils.isNotEmpty(role.getPermissions()) - && !StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission))) + if (!StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission))) { continue; } @@ -111,9 +117,15 @@ public class DataScopeAspect } else if (DATA_SCOPE_CUSTOM.equals(dataScope)) { - sqlString.append(StringUtils.format( - " OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias, - role.getRoleId())); + if (scopeCustomIds.size() > 1) + { + // 多个自定数据权限使用in查询,避免多次拼接。 + sqlString.append(StringUtils.format(" OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id in ({}) ) ", deptAlias, String.join(",", scopeCustomIds))); + } + else + { + sqlString.append(StringUtils.format(" OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias, role.getRoleId())); + } } else if (DATA_SCOPE_DEPT.equals(dataScope)) { @@ -121,9 +133,7 @@ public class DataScopeAspect } else if (DATA_SCOPE_DEPT_AND_CHILD.equals(dataScope)) { - sqlString.append(StringUtils.format( - " OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )", - deptAlias, user.getDeptId(), user.getDeptId())); + sqlString.append(StringUtils.format(" OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )", deptAlias, user.getDeptId(), user.getDeptId())); } else if (DATA_SCOPE_SELF.equals(dataScope)) { diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/exception/GlobalExceptionHandler.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/exception/GlobalExceptionHandler.java index 10f30f456..50aa339fe 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/exception/GlobalExceptionHandler.java +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/exception/GlobalExceptionHandler.java @@ -12,9 +12,12 @@ import org.springframework.web.bind.annotation.RestControllerAdvice; import org.springframework.web.method.annotation.MethodArgumentTypeMismatchException; import org.springframework.web.servlet.ModelAndView; import com.ruoyi.common.core.domain.AjaxResult; +import com.ruoyi.common.core.text.Convert; import com.ruoyi.common.exception.DemoModeException; import com.ruoyi.common.exception.ServiceException; import com.ruoyi.common.utils.ServletUtils; +import com.ruoyi.common.utils.StringUtils; +import com.ruoyi.common.utils.html.EscapeUtil; import com.ruoyi.common.utils.security.PermissionUtils; /** @@ -115,8 +118,13 @@ public class GlobalExceptionHandler HttpServletRequest request) { String requestURI = request.getRequestURI(); + String value = Convert.toStr(e.getValue()); + if (StringUtils.isNotEmpty(value)) + { + value = EscapeUtil.clean(value); + } log.error("请求参数类型不匹配'{}',发生系统异常.", requestURI, e); - return AjaxResult.error(String.format("请求参数类型不匹配,参数[%s]要求类型为:'%s',但输入值为:'%s'", e.getName(), e.getRequiredType().getName(), e.getValue())); + return AjaxResult.error(String.format("请求参数类型不匹配,参数[%s]要求类型为:'%s',但输入值为:'%s'", e.getName(), e.getRequiredType().getName(), value)); } /**