优化用户管理下的授权角色、授权数据、重置密码权限不严谨问题。
This commit is contained in:
thinkgem
@@ -9,6 +9,7 @@ import java.util.Map;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.apache.shiro.authz.annotation.Logical;
|
||||
import org.apache.shiro.authz.annotation.RequiresPermissions;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Controller;
|
||||
@@ -37,6 +38,7 @@ import com.jeesite.modules.sys.service.PostService;
|
||||
import com.jeesite.modules.sys.service.RoleService;
|
||||
import com.jeesite.modules.sys.service.UserService;
|
||||
import com.jeesite.modules.sys.utils.EmpUtils;
|
||||
import com.jeesite.modules.sys.utils.UserUtils;
|
||||
|
||||
/**
|
||||
* 员工用户Controller
|
||||
@@ -131,7 +133,7 @@ public class EmpUserController extends BaseController {
|
||||
return "modules/sys/user/empUserForm";
|
||||
}
|
||||
|
||||
@RequiresPermissions("sys:empUser:edit")
|
||||
@RequiresPermissions(value={"sys:empUser:edit","sys:empUser:authRole"}, logical=Logical.OR)
|
||||
@PostMapping(value = "save")
|
||||
@ResponseBody
|
||||
public String save(@Validated EmpUser empUser, String oldLoginCode, String op, HttpServletRequest request) {
|
||||
@@ -144,12 +146,14 @@ public class EmpUserController extends BaseController {
|
||||
if (!Global.TRUE.equals(userService.checkLoginCode(oldLoginCode, empUser.getLoginCode()/*, null*/))) {
|
||||
return renderResult(Global.FALSE, text("保存用户失败,登录账号''{0}''已存在", empUser.getLoginCode()));
|
||||
}
|
||||
if (StringUtils.inString(op, Global.OP_ADD, Global.OP_EDIT)){
|
||||
if (StringUtils.inString(op, Global.OP_ADD, Global.OP_EDIT)
|
||||
&& UserUtils.getSubject().isPermitted("sys:empUser:edit")){
|
||||
empUser.setUserType(User.USER_TYPE_EMPLOYEE);
|
||||
empUser.setMgrType(User.MGR_TYPE_NOT_ADMIN);
|
||||
empUserService.save(empUser);
|
||||
}
|
||||
if (StringUtils.inString(op, Global.OP_ADD, Global.OP_AUTH)){
|
||||
if (StringUtils.inString(op, Global.OP_ADD, Global.OP_AUTH)
|
||||
&& UserUtils.getSubject().isPermitted("sys:empUser:authRole")){
|
||||
userService.saveAuth(empUser);
|
||||
}
|
||||
return renderResult(Global.TRUE, text("保存用户''{0}''成功", empUser.getUserName()));
|
||||
@@ -233,7 +237,7 @@ public class EmpUserController extends BaseController {
|
||||
* @param empUser
|
||||
* @return
|
||||
*/
|
||||
@RequiresPermissions("sys:empUser:edit")
|
||||
@RequiresPermissions("sys:empUser:updateStatus")
|
||||
@ResponseBody
|
||||
@RequestMapping(value = "disable")
|
||||
public String disable(EmpUser empUser) {
|
||||
@@ -256,7 +260,7 @@ public class EmpUserController extends BaseController {
|
||||
* @param empUser
|
||||
* @return
|
||||
*/
|
||||
@RequiresPermissions("sys:empUser:edit")
|
||||
@RequiresPermissions("sys:empUser:updateStatus")
|
||||
@ResponseBody
|
||||
@RequestMapping(value = "enable")
|
||||
public String enable(EmpUser empUser) {
|
||||
@@ -276,7 +280,7 @@ public class EmpUserController extends BaseController {
|
||||
* @param empUser
|
||||
* @return
|
||||
*/
|
||||
@RequiresPermissions("sys:empUser:edit")
|
||||
@RequiresPermissions("sys:empUser:resetpwd")
|
||||
@RequestMapping(value = "resetpwd")
|
||||
@ResponseBody
|
||||
public String resetpwd(EmpUser empUser) {
|
||||
@@ -315,7 +319,7 @@ public class EmpUserController extends BaseController {
|
||||
/**
|
||||
* 用户授权数据权限
|
||||
*/
|
||||
@RequiresPermissions("sys:empUser:edit")
|
||||
@RequiresPermissions("sys:empUser:authDataScope")
|
||||
@RequestMapping(value = "formAuthDataScope")
|
||||
public String formAuthDataScope(EmpUser empUser, Model model, HttpServletRequest request) {
|
||||
UserDataScope userDataScope = new UserDataScope();
|
||||
@@ -330,7 +334,7 @@ public class EmpUserController extends BaseController {
|
||||
/**
|
||||
* 保存用户授权数据权限
|
||||
*/
|
||||
@RequiresPermissions("sys:empUser:edit")
|
||||
@RequiresPermissions("sys:empUser:authDataScope")
|
||||
@RequestMapping(value = "saveAuthDataScope")
|
||||
@ResponseBody
|
||||
public String saveAuthDataScope(EmpUser empUser, HttpServletRequest request) {
|
||||
|
||||
@@ -1,20 +1,5 @@
|
||||
# 温馨提示:不建议直接修改此文件,为了平台升级方便,建议将需要修改的参数值,复制到jeesite.yml里进行覆盖该参数值。
|
||||
|
||||
#============================#
|
||||
#===== Project settings =====#
|
||||
#============================#
|
||||
|
||||
# 产品或项目名称、版本、版权年份
|
||||
productName: JeeSite Demo
|
||||
productVersion: V4.0
|
||||
copyrightYear: 2018
|
||||
|
||||
# 软件提供商公司或个人名称
|
||||
companyName: ThinkGem
|
||||
|
||||
#是否演示模式
|
||||
demoMode: false
|
||||
|
||||
#============================#
|
||||
#===== Database sttings =====#
|
||||
#============================#
|
||||
@@ -22,38 +7,6 @@ demoMode: false
|
||||
# 数据库连接
|
||||
jdbc:
|
||||
|
||||
# # Mysql 数据库配置
|
||||
# type: mysql
|
||||
# driver: com.mysql.jdbc.Driver
|
||||
# url: jdbc:mysql://127.0.0.1:3306/jeesite?useUnicode=true&characterEncoding=utf-8&zeroDateTimeBehavior=convertToNull
|
||||
# username: root
|
||||
# password: 123456
|
||||
# testSql: SELECT 1
|
||||
#
|
||||
# # Oracle 数据库配置
|
||||
# type: oracle
|
||||
# driver: oracle.jdbc.driver.OracleDriver
|
||||
# url: jdbc:oracle:thin:@127.0.0.1:1521/orcl
|
||||
# username: jeesite
|
||||
# password: jeesite
|
||||
# testSql: SELECT 1 FROM DUAL
|
||||
#
|
||||
# # Sql Server 数据库配置
|
||||
# type: mssql
|
||||
# driver: net.sourceforge.jtds.jdbc.Driver
|
||||
# url: jdbc:jtds:sqlserver://127.0.0.1:1433/jeesite
|
||||
# username: jeesite
|
||||
# password: jeesite
|
||||
# testSql: SELECT 1
|
||||
#
|
||||
# # PostgreSql 数据库配置(注意:一定要创建的schema与username相同,否则将找不到数据表字典信息)
|
||||
# type: postgresql
|
||||
# driver: org.postgresql.Driver
|
||||
# url: jdbc:postgresql://127.0.0.1:5432/jeesite
|
||||
# username: jeesite
|
||||
# password: jeesite
|
||||
# testSql: SELECT 1
|
||||
|
||||
# 连接信息加密
|
||||
encrypt:
|
||||
|
||||
@@ -445,11 +398,15 @@ msg:
|
||||
realtime:
|
||||
# 是否开启
|
||||
enabled: true
|
||||
# 消息发送任务Bean名称
|
||||
sendTaskBeanName: msgLocalSendTask
|
||||
# 消息实时推送任务Bean名称
|
||||
beanName: msgLocalPushTask
|
||||
|
||||
# 推送失败次数,如果推送次数超过了设定次数,仍不成功,则放弃并保存到历史
|
||||
pushFailNumber: 3
|
||||
|
||||
# 邮件发送参数
|
||||
email:
|
||||
beanName: emailSendService
|
||||
fromAddress: jeesite_demo@163.com
|
||||
fromPassword: jeesitedemo1234
|
||||
fromHostName: smtp.163.com
|
||||
@@ -458,12 +415,15 @@ msg:
|
||||
|
||||
# 短信网关
|
||||
sms:
|
||||
beanName: smsSendService
|
||||
url: http://host:port/msg/sendSms
|
||||
data: account=demo&pswd=demo&product=
|
||||
prefix: ~
|
||||
suffix: 【JeeSite】
|
||||
|
||||
# 微信相关
|
||||
weixin:
|
||||
beanName: weixinSendService
|
||||
#微信应用ID
|
||||
appid: ~
|
||||
#微信应用密钥
|
||||
|
||||
@@ -46,7 +46,7 @@ else {
|
||||
<% if (@ObjectUtils.toBoolean(@Global.getConfig('error.page.printErrorInfo', 'true'))){ %>
|
||||
<div class="box mt20">
|
||||
${@StringUtils.toHtml(@ExceptionUtils.getStackTraceAsString(ex))}<br/>
|
||||
此异常信息若不想输出,可打开jeesite.properties文件,设置error.page.printErrorInfo=false即可
|
||||
此异常信息若不想输出,可打开jeesite.yml文件,设置error.page.printErrorInfo=false即可
|
||||
</div>
|
||||
<% } %>
|
||||
<% } %>
|
||||
|
||||
@@ -115,18 +115,30 @@ $('#dataGrid').dataGrid({
|
||||
var actions = [];
|
||||
<% if(hasPermi('sys:empUser:edit')){ %>
|
||||
actions.push('<a href="${ctx}/sys/empUser/form?userCode='+row.userCode+'&op=edit" class="btnList" title="${text('编辑用户')}"><i class="fa fa-pencil"></i></a> ');
|
||||
<% } %>
|
||||
<% if(hasPermi('sys:empUser:updateStatus')){ %>
|
||||
if (row.status == Global.STATUS_NORMAL){
|
||||
actions.push('<a href="${ctx}/sys/empUser/disable?userCode='+row.userCode+'" class="btnList" title="${text('停用用户')}" data-confirm="${text('确认要停用该用户吗?')}"><i class="glyphicon glyphicon-ban-circle"></i></a> ');
|
||||
}
|
||||
if (row.status == Global.STATUS_DISABLE){
|
||||
actions.push('<a href="${ctx}/sys/empUser/enable?userCode='+row.userCode+'" class="btnList" title="${text('启用用户')}" data-confirm="${text('确认要启用该用户吗?')}"><i class="glyphicon glyphicon-ok-circle"></i></a> ');
|
||||
}
|
||||
<% } %>
|
||||
<% if(hasPermi('sys:empUser:edit')){ %>
|
||||
actions.push('<a href="${ctx}/sys/empUser/delete?userCode='+row.userCode+'" class="btnList" title="${text('删除用户')}" data-confirm="${text('确认要删除该用户吗?')}"><i class="fa fa-trash-o"></i></a> ');
|
||||
<% } %>
|
||||
<% if(hasPermi('sys:empUser:authRole,sys:empUser:authDataScope,sys:empUser:resetpwd', 'or')){ %>
|
||||
actions.push('<a href="javascript:" class="btnMore" title="${text('更多操作')}"><i class="fa fa-chevron-circle-right"></i></a> ');
|
||||
actions.push('<div class="moreItems">');
|
||||
actions.push('<a href="${ctx}/sys/empUser/form?userCode='+row.userCode+'&op=auth" class="btn btn-default btn-xs btnList" title="${text('用户分配角色')}"><i class="fa fa-check-square-o"></i> ${text('分配角色')}</a> ');
|
||||
actions.push('<a href="${ctx}/sys/empUser/formAuthDataScope?userCode='+row.userCode+'" class="btn btn-default btn-xs btnList" title="${text('用户分配数据权限')}"><i class="fa fa-check-circle-o"></i> ${text('数据权限')}</a> ');
|
||||
actions.push('<a href="${ctx}/sys/empUser/resetpwd?userCode='+row.userCode+'" class="btn btn-default btn-xs btnList" title="${text('用户密码重置')}" data-confirm="${text('确认要将该用户密码重置到初始状态吗?')}"><i class="fa fa-reply-all"></i> ${text('重置密码')}</a> ');
|
||||
<% if(hasPermi('sys:empUser:authRole')){ %>
|
||||
actions.push('<a href="${ctx}/sys/empUser/form?userCode='+row.userCode+'&op=auth" class="btn btn-default btn-xs btnList" title="${text('用户分配角色')}"><i class="fa fa-check-square-o"></i> ${text('分配角色')}</a> ');
|
||||
<% } %>
|
||||
<% if(hasPermi('sys:empUser:authDataScope')){ %>
|
||||
actions.push('<a href="${ctx}/sys/empUser/formAuthDataScope?userCode='+row.userCode+'" class="btn btn-default btn-xs btnList" title="${text('用户分配数据权限')}"><i class="fa fa-check-circle-o"></i> ${text('数据权限')}</a> ');
|
||||
<% } %>
|
||||
<% if(hasPermi('sys:empUser:resetpwd')){ %>
|
||||
actions.push('<a href="${ctx}/sys/empUser/resetpwd?userCode='+row.userCode+'" class="btn btn-default btn-xs btnList" title="${text('用户密码重置')}" data-confirm="${text('确认要将该用户密码重置到初始状态吗?')}"><i class="fa fa-reply-all"></i> ${text('重置密码')}</a> ');
|
||||
<% } %>
|
||||
actions.push('</div>');
|
||||
<% } %>
|
||||
return actions.join('');
|
||||
|
||||
@@ -6,6 +6,7 @@ package com.jeesite.test;
|
||||
import java.util.Date;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.test.annotation.Rollback;
|
||||
import org.springframework.test.context.ActiveProfiles;
|
||||
@@ -17,6 +18,8 @@ import com.jeesite.modules.msg.entity.content.AppMsgContent;
|
||||
import com.jeesite.modules.msg.entity.content.EmailMsgContent;
|
||||
import com.jeesite.modules.msg.entity.content.PcMsgContent;
|
||||
import com.jeesite.modules.msg.entity.content.SmsMsgContent;
|
||||
import com.jeesite.modules.msg.service.MsgPushService;
|
||||
import com.jeesite.modules.msg.task.MsgLocalPushTask;
|
||||
import com.jeesite.modules.msg.utils.MsgPushUtils;
|
||||
|
||||
/**
|
||||
@@ -28,8 +31,27 @@ import com.jeesite.modules.msg.utils.MsgPushUtils;
|
||||
@SpringBootTest(classes=ApplicationTest.class)
|
||||
@Rollback(false)
|
||||
public class MsgPushTest extends BaseSpringContextTests {
|
||||
|
||||
|
||||
@Test
|
||||
public void testSend(){
|
||||
// for (int i=0; i<1; i++){
|
||||
// testPC();
|
||||
// testApp();
|
||||
// testSMS();
|
||||
// testMail();
|
||||
// }
|
||||
testTask();
|
||||
}
|
||||
|
||||
@Autowired
|
||||
private MsgPushService msgPushService;
|
||||
|
||||
public void testTask(){
|
||||
MsgLocalPushTask task = new MsgLocalPushTask();
|
||||
task.setMsgPushService(msgPushService);
|
||||
task.execute();
|
||||
}
|
||||
|
||||
public void testPC(){
|
||||
PcMsgContent msgContent = new PcMsgContent();
|
||||
msgContent.setTitle("提示信息");
|
||||
@@ -43,7 +65,6 @@ public class MsgPushTest extends BaseSpringContextTests {
|
||||
MsgPushUtils.push(msgContent, "BizKey", "BizType", "system", new Date(), Global.YES);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testApp(){
|
||||
AppMsgContent msgContent = new AppMsgContent();
|
||||
msgContent.setTitle("提示信息");
|
||||
@@ -56,7 +77,6 @@ public class MsgPushTest extends BaseSpringContextTests {
|
||||
MsgPushUtils.push(msgContent, "BizKey", "BizType", "system", new Date(), Global.YES);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSMS(){
|
||||
SmsMsgContent msgContent = new SmsMsgContent();
|
||||
msgContent.setTitle("提示信息");
|
||||
@@ -69,7 +89,6 @@ public class MsgPushTest extends BaseSpringContextTests {
|
||||
MsgPushUtils.push(msgContent, "BizKey", "BizType", "system", new Date(), Global.YES);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMail(){
|
||||
EmailMsgContent msgContent = new EmailMsgContent();
|
||||
msgContent.setTitle("提示信息");
|
||||
@@ -81,15 +100,5 @@ public class MsgPushTest extends BaseSpringContextTests {
|
||||
// 延迟推送消息
|
||||
MsgPushUtils.push(msgContent, "BizKey", "BizType", "system", new Date(), Global.YES);
|
||||
}
|
||||
|
||||
// @Test
|
||||
// public void test(){
|
||||
// for (int i=0; i<5; i++){
|
||||
// testPC();
|
||||
// testApp();
|
||||
// testSMS();
|
||||
// testMail();
|
||||
// }
|
||||
// }
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user