2024年9月6日 将查询全部用户接口添加权限,减少更多的报错消息,添加sql过滤器,
This commit is contained in:
parent
2f94427bd2
commit
d7e9cead84
|
|
@ -89,7 +89,8 @@ public class JeecgBootExceptionHandler {
|
||||||
return Result.error(errorInfoEnum.getError());
|
return Result.error(errorInfoEnum.getError());
|
||||||
}
|
}
|
||||||
//update-end---author:zyf ---date:20220411 for:处理Sentinel限流自定义异常
|
//update-end---author:zyf ---date:20220411 for:处理Sentinel限流自定义异常
|
||||||
return Result.error("操作失败,"+e.getMessage());
|
// return Result.error("操作失败"+e.getMessage());
|
||||||
|
return Result.error("操作失败");
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -21,7 +21,7 @@ public class SqlInjectionUtil {
|
||||||
* (上线修改值 20200501,同步修改前端的盐值)
|
* (上线修改值 20200501,同步修改前端的盐值)
|
||||||
*/
|
*/
|
||||||
private final static String TABLE_DICT_SIGN_SALT = "20200501";
|
private final static String TABLE_DICT_SIGN_SALT = "20200501";
|
||||||
private final static String XSS_STR = "and |extractvalue|updatexml|geohash|gtid_subset|gtid_subtract|exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |;|or |+|user()";
|
private final static String XSS_STR = "and |extractvalue|updatexml|geohash|gtid_subset|gtid_subtract|exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |;|or |+|user()|information_schema";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 正则 user() 匹配更严谨
|
* 正则 user() 匹配更严谨
|
||||||
|
|
|
||||||
|
|
@ -109,6 +109,7 @@ public class SysUserController {
|
||||||
* @param req
|
* @param req
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
|
@RequiresPermissions("system:user:listAll")
|
||||||
@PermissionData(pageComponent = "system/UserList")
|
@PermissionData(pageComponent = "system/UserList")
|
||||||
@RequestMapping(value = "/list", method = RequestMethod.GET)
|
@RequestMapping(value = "/list", method = RequestMethod.GET)
|
||||||
public Result<IPage<SysUser>> queryPageList(SysUser user,@RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
|
public Result<IPage<SysUser>> queryPageList(SysUser user,@RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
|
||||||
|
|
@ -140,7 +141,7 @@ public class SysUserController {
|
||||||
* @param req
|
* @param req
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
//@RequiresPermissions("system:user:listAll")
|
@RequiresPermissions("system:user:listAll")
|
||||||
@RequestMapping(value = "/listAll", method = RequestMethod.GET)
|
@RequestMapping(value = "/listAll", method = RequestMethod.GET)
|
||||||
public Result<IPage<SysUser>> queryAllPageList(SysUser user, @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo,
|
public Result<IPage<SysUser>> queryAllPageList(SysUser user, @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo,
|
||||||
@RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, HttpServletRequest req) {
|
@RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, HttpServletRequest req) {
|
||||||
|
|
@ -148,7 +149,7 @@ public class SysUserController {
|
||||||
return sysUserService.queryPageList(req, queryWrapper, pageSize, pageNo);
|
return sysUserService.queryPageList(req, queryWrapper, pageSize, pageNo);
|
||||||
}
|
}
|
||||||
|
|
||||||
//@RequiresPermissions("system:user:add")
|
@RequiresPermissions("system:user:add")
|
||||||
@RequestMapping(value = "/add", method = RequestMethod.POST)
|
@RequestMapping(value = "/add", method = RequestMethod.POST)
|
||||||
public Result<SysUser> add(@RequestBody JSONObject jsonObject) {
|
public Result<SysUser> add(@RequestBody JSONObject jsonObject) {
|
||||||
Result<SysUser> result = new Result<SysUser>();
|
Result<SysUser> result = new Result<SysUser>();
|
||||||
|
|
@ -178,7 +179,7 @@ public class SysUserController {
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
//@RequiresPermissions("system:user:edit")
|
@RequiresPermissions("system:user:edit")
|
||||||
@RequestMapping(value = "/edit", method = {RequestMethod.PUT,RequestMethod.POST})
|
@RequestMapping(value = "/edit", method = {RequestMethod.PUT,RequestMethod.POST})
|
||||||
public Result<SysUser> edit(@RequestBody JSONObject jsonObject) {
|
public Result<SysUser> edit(@RequestBody JSONObject jsonObject) {
|
||||||
Result<SysUser> result = new Result<SysUser>();
|
Result<SysUser> result = new Result<SysUser>();
|
||||||
|
|
@ -216,7 +217,7 @@ public class SysUserController {
|
||||||
/**
|
/**
|
||||||
* 删除用户
|
* 删除用户
|
||||||
*/
|
*/
|
||||||
//@RequiresPermissions("system:user:delete")
|
@RequiresPermissions("system:user:delete")
|
||||||
@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
|
@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
|
||||||
public Result<?> delete(@RequestParam(name="id",required=true) String id) {
|
public Result<?> delete(@RequestParam(name="id",required=true) String id) {
|
||||||
baseCommonService.addLog("删除用户,id: " +id ,CommonConstant.LOG_TYPE_2, 3);
|
baseCommonService.addLog("删除用户,id: " +id ,CommonConstant.LOG_TYPE_2, 3);
|
||||||
|
|
@ -227,7 +228,7 @@ public class SysUserController {
|
||||||
/**
|
/**
|
||||||
* 批量删除用户
|
* 批量删除用户
|
||||||
*/
|
*/
|
||||||
//@RequiresPermissions("system:user:deleteBatch")
|
@RequiresPermissions("system:user:deleteBatch")
|
||||||
@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
|
@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
|
||||||
public Result<?> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
|
public Result<?> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
|
||||||
baseCommonService.addLog("批量删除用户, ids: " +ids ,CommonConstant.LOG_TYPE_2, 3);
|
baseCommonService.addLog("批量删除用户, ids: " +ids ,CommonConstant.LOG_TYPE_2, 3);
|
||||||
|
|
@ -240,7 +241,7 @@ public class SysUserController {
|
||||||
* @param jsonObject
|
* @param jsonObject
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
//@RequiresPermissions("system:user:frozenBatch")
|
@RequiresPermissions("system:user:frozenBatch")
|
||||||
@RequestMapping(value = "/frozenBatch", method = RequestMethod.PUT)
|
@RequestMapping(value = "/frozenBatch", method = RequestMethod.PUT)
|
||||||
public Result<SysUser> frozenBatch(@RequestBody JSONObject jsonObject) {
|
public Result<SysUser> frozenBatch(@RequestBody JSONObject jsonObject) {
|
||||||
Result<SysUser> result = new Result<SysUser>();
|
Result<SysUser> result = new Result<SysUser>();
|
||||||
|
|
@ -263,7 +264,7 @@ public class SysUserController {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
//@RequiresPermissions("system:user:queryById")
|
@RequiresPermissions("system:user:queryById")
|
||||||
@RequestMapping(value = "/queryById", method = RequestMethod.GET)
|
@RequestMapping(value = "/queryById", method = RequestMethod.GET)
|
||||||
public Result<SysUser> queryById(@RequestParam(name = "id", required = true) String id) {
|
public Result<SysUser> queryById(@RequestParam(name = "id", required = true) String id) {
|
||||||
Result<SysUser> result = new Result<SysUser>();
|
Result<SysUser> result = new Result<SysUser>();
|
||||||
|
|
@ -277,7 +278,7 @@ public class SysUserController {
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
//@RequiresPermissions("system:user:queryUserRole")
|
@RequiresPermissions("system:user:queryUserRole")
|
||||||
@RequestMapping(value = "/queryUserRole", method = RequestMethod.GET)
|
@RequestMapping(value = "/queryUserRole", method = RequestMethod.GET)
|
||||||
public Result<List<String>> queryUserRole(@RequestParam(name = "userid", required = true) String userid) {
|
public Result<List<String>> queryUserRole(@RequestParam(name = "userid", required = true) String userid) {
|
||||||
Result<List<String>> result = new Result<>();
|
Result<List<String>> result = new Result<>();
|
||||||
|
|
@ -326,6 +327,7 @@ public class SysUserController {
|
||||||
* @param sysUser
|
* @param sysUser
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
|
@RequiresPermissions("system:user:checkOnlyUser")
|
||||||
@RequestMapping(value = "/checkOnlyUser", method = RequestMethod.GET)
|
@RequestMapping(value = "/checkOnlyUser", method = RequestMethod.GET)
|
||||||
public Result<Boolean> checkOnlyUser(SysUser sysUser) {
|
public Result<Boolean> checkOnlyUser(SysUser sysUser) {
|
||||||
Result<Boolean> result = new Result<>();
|
Result<Boolean> result = new Result<>();
|
||||||
|
|
@ -353,7 +355,7 @@ public class SysUserController {
|
||||||
/**
|
/**
|
||||||
* 修改密码
|
* 修改密码
|
||||||
*/
|
*/
|
||||||
//@RequiresPermissions("system:user:changepwd")
|
@RequiresPermissions("system:user:changepwd")
|
||||||
@RequestMapping(value = "/changePassword", method = RequestMethod.PUT)
|
@RequestMapping(value = "/changePassword", method = RequestMethod.PUT)
|
||||||
public Result<?> changePassword(@RequestBody SysUser sysUser) {
|
public Result<?> changePassword(@RequestBody SysUser sysUser) {
|
||||||
SysUser u = this.sysUserService.getOne(new LambdaQueryWrapper<SysUser>().eq(SysUser::getUsername, sysUser.getUsername()));
|
SysUser u = this.sysUserService.getOne(new LambdaQueryWrapper<SysUser>().eq(SysUser::getUsername, sysUser.getUsername()));
|
||||||
|
|
@ -476,7 +478,7 @@ public class SysUserController {
|
||||||
* @param request
|
* @param request
|
||||||
* @param sysUser
|
* @param sysUser
|
||||||
*/
|
*/
|
||||||
//@RequiresPermissions("system:user:export")
|
@RequiresPermissions("system:user:export")
|
||||||
@RequestMapping(value = "/exportXls")
|
@RequestMapping(value = "/exportXls")
|
||||||
public ModelAndView exportXls(SysUser sysUser,HttpServletRequest request) {
|
public ModelAndView exportXls(SysUser sysUser,HttpServletRequest request) {
|
||||||
// Step.1 组装查询条件
|
// Step.1 组装查询条件
|
||||||
|
|
@ -509,7 +511,7 @@ public class SysUserController {
|
||||||
* @param response
|
* @param response
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
//@RequiresPermissions("system:user:import")
|
@RequiresPermissions("system:user:import")
|
||||||
@RequestMapping(value = "/importExcel", method = RequestMethod.POST)
|
@RequestMapping(value = "/importExcel", method = RequestMethod.POST)
|
||||||
public Result<?> importExcel(HttpServletRequest request, HttpServletResponse response)throws IOException {
|
public Result<?> importExcel(HttpServletRequest request, HttpServletResponse response)throws IOException {
|
||||||
MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;
|
MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;
|
||||||
|
|
@ -664,7 +666,7 @@ public class SysUserController {
|
||||||
* @param
|
* @param
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
//@RequiresPermissions("system:user:addUserRole")
|
@RequiresPermissions("system:user:addUserRole")
|
||||||
@RequestMapping(value = "/addSysUserRole", method = RequestMethod.POST)
|
@RequestMapping(value = "/addSysUserRole", method = RequestMethod.POST)
|
||||||
public Result<String> addSysUserRole(@RequestBody SysUserRoleVO sysUserRoleVO) {
|
public Result<String> addSysUserRole(@RequestBody SysUserRoleVO sysUserRoleVO) {
|
||||||
Result<String> result = new Result<String>();
|
Result<String> result = new Result<String>();
|
||||||
|
|
@ -695,7 +697,7 @@ public class SysUserController {
|
||||||
* @param
|
* @param
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
//@RequiresPermissions("system:user:deleteRole")
|
@RequiresPermissions("system:user:deleteRole")
|
||||||
@RequestMapping(value = "/deleteUserRole", method = RequestMethod.DELETE)
|
@RequestMapping(value = "/deleteUserRole", method = RequestMethod.DELETE)
|
||||||
public Result<SysUserRole> deleteUserRole(@RequestParam(name="roleId") String roleId,
|
public Result<SysUserRole> deleteUserRole(@RequestParam(name="roleId") String roleId,
|
||||||
@RequestParam(name="userId",required=true) String userId
|
@RequestParam(name="userId",required=true) String userId
|
||||||
|
|
@ -719,7 +721,7 @@ public class SysUserController {
|
||||||
* @param
|
* @param
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
//@RequiresPermissions("system:user:deleteRoleBatch")
|
@RequiresPermissions("system:user:deleteRoleBatch")
|
||||||
@RequestMapping(value = "/deleteUserRoleBatch", method = RequestMethod.DELETE)
|
@RequestMapping(value = "/deleteUserRoleBatch", method = RequestMethod.DELETE)
|
||||||
public Result<SysUserRole> deleteUserRoleBatch(
|
public Result<SysUserRole> deleteUserRoleBatch(
|
||||||
@RequestParam(name="roleId") String roleId,
|
@RequestParam(name="roleId") String roleId,
|
||||||
|
|
@ -850,7 +852,7 @@ public class SysUserController {
|
||||||
/**
|
/**
|
||||||
* 给指定部门添加对应的用户
|
* 给指定部门添加对应的用户
|
||||||
*/
|
*/
|
||||||
//@RequiresPermissions("system:user:editDepartWithUser")
|
@RequiresPermissions("system:user:editDepartWithUser")
|
||||||
@RequestMapping(value = "/editSysDepartWithUser", method = RequestMethod.POST)
|
@RequestMapping(value = "/editSysDepartWithUser", method = RequestMethod.POST)
|
||||||
public Result<String> editSysDepartWithUser(@RequestBody SysDepartUsersVO sysDepartUsersVO) {
|
public Result<String> editSysDepartWithUser(@RequestBody SysDepartUsersVO sysDepartUsersVO) {
|
||||||
Result<String> result = new Result<String>();
|
Result<String> result = new Result<String>();
|
||||||
|
|
@ -879,7 +881,7 @@ public class SysUserController {
|
||||||
/**
|
/**
|
||||||
* 删除指定机构的用户关系
|
* 删除指定机构的用户关系
|
||||||
*/
|
*/
|
||||||
//@RequiresPermissions("system:user:deleteUserInDepart")
|
@RequiresPermissions("system:user:deleteUserInDepart")
|
||||||
@RequestMapping(value = "/deleteUserInDepart", method = RequestMethod.DELETE)
|
@RequestMapping(value = "/deleteUserInDepart", method = RequestMethod.DELETE)
|
||||||
public Result<SysUserDepart> deleteUserInDepart(@RequestParam(name="depId") String depId,
|
public Result<SysUserDepart> deleteUserInDepart(@RequestParam(name="depId") String depId,
|
||||||
@RequestParam(name="userId",required=true) String userId
|
@RequestParam(name="userId",required=true) String userId
|
||||||
|
|
@ -911,7 +913,7 @@ public class SysUserController {
|
||||||
/**
|
/**
|
||||||
* 批量删除指定机构的用户关系
|
* 批量删除指定机构的用户关系
|
||||||
*/
|
*/
|
||||||
//@RequiresPermissions("system:user:deleteUserInDepartBatch")
|
@RequiresPermissions("system:user:deleteUserInDepartBatch")
|
||||||
@RequestMapping(value = "/deleteUserInDepartBatch", method = RequestMethod.DELETE)
|
@RequestMapping(value = "/deleteUserInDepartBatch", method = RequestMethod.DELETE)
|
||||||
public Result<SysUserDepart> deleteUserInDepartBatch(
|
public Result<SysUserDepart> deleteUserInDepartBatch(
|
||||||
@RequestParam(name="depId") String depId,
|
@RequestParam(name="depId") String depId,
|
||||||
|
|
@ -1286,7 +1288,7 @@ public class SysUserController {
|
||||||
* @param userIds 被删除的用户ID,多个id用半角逗号分割
|
* @param userIds 被删除的用户ID,多个id用半角逗号分割
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
//@RequiresPermissions("system:user:deleteRecycleBin")
|
@RequiresPermissions("system:user:deleteRecycleBin")
|
||||||
@RequestMapping(value = "/deleteRecycleBin", method = RequestMethod.DELETE)
|
@RequestMapping(value = "/deleteRecycleBin", method = RequestMethod.DELETE)
|
||||||
public Result deleteRecycleBin(@RequestParam("userIds") String userIds) {
|
public Result deleteRecycleBin(@RequestParam("userIds") String userIds) {
|
||||||
if (StringUtils.isNotBlank(userIds)) {
|
if (StringUtils.isNotBlank(userIds)) {
|
||||||
|
|
@ -1663,7 +1665,7 @@ public class SysUserController {
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
@PostMapping("/login/setting/userEdit")
|
@PostMapping("/login/setting/userEdit")
|
||||||
//@RequiresPermissions("system:user:setting:edit")
|
@RequiresPermissions("system:user:setting:edit")
|
||||||
public Result<String> userEdit(@RequestBody SysUser sysUser, HttpServletRequest request) {
|
public Result<String> userEdit(@RequestBody SysUser sysUser, HttpServletRequest request) {
|
||||||
String username = JwtUtil.getUserNameByToken(request);
|
String username = JwtUtil.getUserNameByToken(request);
|
||||||
SysUser user = sysUserService.getById(sysUser.getId());
|
SysUser user = sysUserService.getById(sysUser.getId());
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue