Browse Source

权限报表问题修复,应用隔离接口问题修复

ZL 2 months ago
parent
commit
9d2903cd6e

+ 12 - 3
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysPermissionController.java

@@ -135,12 +135,13 @@ public class SysPermissionController {
 													  @RequestParam(name = "appId", required = false)String appId,
 													  @RequestParam(name = "business", required = false)String business,
 													  @RequestParam(name = "permission", required = false)String permission,
+													  @RequestParam(name = "appIds", required = false)String ids,
 													  HttpServletRequest req) {
 		long start = System.currentTimeMillis();
 		Result<List<SysPermissionReportVO>> result = new Result<>();
 		LoginUser loginUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
 		Boolean isAdmin = loginUser.getUsername().equals("admin");
-		if (appId.isEmpty()&&!isAdmin){
+		if (oConvertUtils.isEmpty(ids)&&!isAdmin){
 			result.setResult(new ArrayList<>());
 			result.setSuccess(true);
 			return result;
@@ -153,10 +154,18 @@ public class SysPermissionController {
 
 		try{
 			List<SysPermissionReportVO> list = new ArrayList<>();
+			String permissionSql = "";
+			if (oConvertUtils.isNotEmpty(ids)){
+				String[] idArray = ids.split(",");
+				for (String id:idArray){
+					permissionSql += "'"+id+"',";
+				}
+				permissionSql = permissionSql.substring(0,permissionSql.length()-1);
+			}
 			if("role".equals(type)){
-				 list = sysPermissionService.reportRole(sysPermission);
+				 list = sysPermissionService.reportRole(sysPermission,permissionSql);
 			}else {
-				list = sysPermissionService.reportUser(sysPermission);
+				list = sysPermissionService.reportUser(sysPermission,permissionSql);
 			}
 
 			result.setResult(list);

+ 2 - 2
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/SysPermissionMapper.java

@@ -85,8 +85,8 @@ public interface SysPermissionMapper extends BaseMapper<SysPermission> {
 	@InterceptorIgnore(tenantLine = "true")
     List<SysPermission> queryPermissionByTestRoleId();
 
-	List<SysPermissionReportVO> reportRole(SysPermissionReportVO sysPermission);
+	List<SysPermissionReportVO> reportRole(@Param("vo") SysPermissionReportVO sysPermission,@Param("permissionSql")String permissionSql);
 
-	List<SysPermissionReportVO> reportUser(SysPermissionReportVO sysPermission);
+	List<SysPermissionReportVO> reportUser(@Param("vo")SysPermissionReportVO sysPermission,@Param("permissionSql")String permissionSql);
 
 }

+ 18 - 13
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/xml/SysPermissionMapper.xml

@@ -364,14 +364,17 @@
 		WHERE
 			p.menu_type = 2
 			AND p.del_flag = 0
-		<if test="permission !=null and permission != ''">
-			AND p.name LIKE CONCAT('%', #{permission},'%')
+		<if test="vo.permission !=null and vo.permission != ''">
+			AND p.name LIKE CONCAT('%', #{vo.permission},'%')
 		</if>
-		<if test="business !=null and business != ''">
-			AND p1.name LIKE CONCAT('%', #{business},'%')
+		<if test="vo.business !=null and vo.business != ''">
+			AND p1.name LIKE CONCAT('%', #{vo.business},'%')
 		</if>
-		<if test="appId !=null and appId != ''">
-			AND  p.app_id = #{appId}
+		<if test="vo.appId !=null and vo.appId != ''">
+			AND  p.app_id = #{vo.appId}
+		</if>
+		<if test="permissionSql !=null and permissionSql != ''">
+			AND  p.app_id IN (${permissionSql})
 		</if>
 		ORDER BY
 			r.role_name,
@@ -428,16 +431,18 @@
 		) AS UserAllPermission
 		WHERE 1 = 1
 
-		<if test="permission !=null and permission != ''">
-			AND permission LIKE CONCAT('%', #{permission},'%')
+		<if test="vo.permission !=null and vo.permission != ''">
+			AND permission LIKE CONCAT('%', #{vo.permission},'%')
 		</if>
-		<if test="business !=null and business != ''">
-			AND business LIKE CONCAT('%', #{business},'%')
+		<if test="vo.business !=null and vo.business != ''">
+			AND business LIKE CONCAT('%', #{vo.business},'%')
 		</if>
-		<if test="appId !=null and appId != ''">
-			AND  appId = #{appId}
+		<if test="vo.appId !=null and vo.appId != ''">
+			AND  appId = #{vo.appId}
+		</if>
+		<if test="permissionSql !=null and permissionSql != ''">
+			AND  appId IN (${permissionSql})
 		</if>
-
 		GROUP BY
 		username,
 		realname,

+ 2 - 2
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/ISysPermissionService.java

@@ -113,6 +113,6 @@ public interface ISysPermissionService extends IService<SysPermission> {
 	 */
 	 boolean checkPermDuplication(String id, String url,Boolean alwaysShow);
 
-	List<SysPermissionReportVO> reportRole(SysPermissionReportVO sysPermission);
-	List<SysPermissionReportVO> reportUser(SysPermissionReportVO sysPermission);
+	List<SysPermissionReportVO> reportRole(SysPermissionReportVO sysPermission,String permissionSql);
+	List<SysPermissionReportVO> reportUser(SysPermissionReportVO sysPermission,String permissionSql);
 }

+ 19 - 12
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/AppmanageServiceImpl.java

@@ -7,6 +7,7 @@ import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.system.query.QueryGenerator;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.RedisUtil;
+import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.modules.base.service.BaseCommonService;
 import org.jeecg.modules.system.controller.SysUserController;
 import org.jeecg.modules.system.entity.AppmanageEntity.*;
@@ -652,18 +653,24 @@ public class AppmanageServiceImpl implements AppmanageService {
     @Override
     public List<AppBaseInfo> appList() {
         String sql = QueryGenerator.installAuthJdbc(AppBaseInfo.class);
-        //对sql进行处理避免注入
-        if (sql.startsWith(" and id in (")&& sql.endsWith(")")){
-            StringBuilder inSql = new StringBuilder("AND id IN (");
-            String inClause = sql.substring(" and id in (".length(), sql.length() - 1);
-            List<String> ids = Arrays.asList(inClause.split(","));
-            if (!ids.isEmpty()){
-                ids.forEach(id -> inSql.append(id).append(","));
-                inSql.deleteCharAt(inSql.length() - 1);
-            }else inSql.append(inClause);
-            inSql .append(") ");
-            return baseInfoMapper.appList(inSql.toString());
+        if (oConvertUtils.isNotEmpty(sql)){
+            //对sql进行处理避免注入
+            if (sql.startsWith(" and id in (")&& sql.endsWith(")")){
+                StringBuilder inSql = new StringBuilder("AND id IN (");
+                String inClause = sql.substring(" and id in (".length(), sql.length() - 1);
+                List<String> ids = Arrays.asList(inClause.split(","));
+                if (!ids.isEmpty()){
+                    ids.forEach(id -> inSql.append(id).append(","));
+                    inSql.deleteCharAt(inSql.length() - 1);
+                }else inSql.append(inClause);
+                inSql .append(") ");
+                return baseInfoMapper.appList(inSql.toString());
+            }
+        }else {
+            LoginUser loginUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
+            Boolean isAdmin = loginUser.getUsername().equals("admin");
+            if (isAdmin) return baseInfoMapper.appList("");
         }
-        return baseInfoMapper.appList("");
+        return new ArrayList<>();
     }
 }

+ 4 - 4
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysPermissionServiceImpl.java

@@ -350,14 +350,14 @@ public class SysPermissionServiceImpl extends ServiceImpl<SysPermissionMapper, S
 	}
 
 	@Override
-	public List<SysPermissionReportVO> reportRole(SysPermissionReportVO sysPermission) {
-		return sysPermissionMapper.reportRole(sysPermission);
+	public List<SysPermissionReportVO> reportRole(SysPermissionReportVO sysPermission , String permissionSql) {
+		return sysPermissionMapper.reportRole(sysPermission, permissionSql);
 	}
 
 
 	@Override
-	public List<SysPermissionReportVO> reportUser(SysPermissionReportVO sysPermission) {
+	public List<SysPermissionReportVO> reportUser(SysPermissionReportVO sysPermission,String permissionSql) {
 		//用户权限报表需汇总角色权限与用户独立权限
-		return sysPermissionMapper.reportUser(sysPermission);
+		return sysPermissionMapper.reportUser(sysPermission, permissionSql);
 	}
 }