优化用户管理下的授权角色、授权数据、重置密码权限不严谨问题。

2018-05-22 22:13:38 +08:00
parent 18ba4b9075
commit dc3d70e96f
6 changed files with 63 additions and 100 deletions
--- a/modules/core/src/main/java/com/jeesite/modules/sys/web/user/EmpUserController.java
+++ b/modules/core/src/main/java/com/jeesite/modules/sys/web/user/EmpUserController.java
@@ -9,6 +9,7 @@ import java.util.Map;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
@@ -37,6 +38,7 @@ import com.jeesite.modules.sys.service.PostService;
 import com.jeesite.modules.sys.service.RoleService;
 import com.jeesite.modules.sys.service.UserService;
 import com.jeesite.modules.sys.utils.EmpUtils;
 import com.jeesite.modules.sys.utils.UserUtils;
 /**
 * 员工用户Controller
@@ -131,7 +133,7 @@ public class EmpUserController extends BaseController {
 		return "modules/sys/user/empUserForm";
 	}
-	@RequiresPermissions("sys:empUser:edit")
+	@RequiresPermissions(value={"sys:empUser:edit","sys:empUser:authRole"}, logical=Logical.OR)
 	@PostMapping(value = "save")
 	@ResponseBody
 	public String save(@Validated EmpUser empUser, String oldLoginCode, String op, HttpServletRequest request) {
@@ -144,12 +146,14 @@ public class EmpUserController extends BaseController {
 		if (!Global.TRUE.equals(userService.checkLoginCode(oldLoginCode, empUser.getLoginCode()/*, null*/))) {
 			return renderResult(Global.FALSE, text("保存用户失败，登录账号''{0}''已存在", empUser.getLoginCode()));
 		}
-		if (StringUtils.inString(op, Global.OP_ADD, Global.OP_EDIT)){
+		if (StringUtils.inString(op, Global.OP_ADD, Global.OP_EDIT)
 				&& UserUtils.getSubject().isPermitted("sys:empUser:edit")){
 			empUser.setUserType(User.USER_TYPE_EMPLOYEE);
 			empUser.setMgrType(User.MGR_TYPE_NOT_ADMIN);
 			empUserService.save(empUser);
 		}
-		if (StringUtils.inString(op, Global.OP_ADD, Global.OP_AUTH)){
+		if (StringUtils.inString(op, Global.OP_ADD, Global.OP_AUTH)
 				&& UserUtils.getSubject().isPermitted("sys:empUser:authRole")){
 			userService.saveAuth(empUser);
 		}
 		return renderResult(Global.TRUE, text("保存用户''{0}''成功", empUser.getUserName()));
@@ -233,7 +237,7 @@ public class EmpUserController extends BaseController {
 	 * @param empUser
 	 * @return
 	 */
-	@RequiresPermissions("sys:empUser:edit")
+	@RequiresPermissions("sys:empUser:updateStatus")
 	@ResponseBody
 	@RequestMapping(value = "disable")
 	public String disable(EmpUser empUser) {
@@ -256,7 +260,7 @@ public class EmpUserController extends BaseController {
 	 * @param empUser
 	 * @return
 	 */
-	@RequiresPermissions("sys:empUser:edit")
+	@RequiresPermissions("sys:empUser:updateStatus")
 	@ResponseBody
 	@RequestMapping(value = "enable")
 	public String enable(EmpUser empUser) {
@@ -276,7 +280,7 @@ public class EmpUserController extends BaseController {
 	 * @param empUser
 	 * @return
 	 */
-	@RequiresPermissions("sys:empUser:edit")
+	@RequiresPermissions("sys:empUser:resetpwd")
 	@RequestMapping(value = "resetpwd")
 	@ResponseBody
 	public String resetpwd(EmpUser empUser) {
@@ -315,7 +319,7 @@ public class EmpUserController extends BaseController {
 	/** 
 	 * 用户授权数据权限
 	 */
-	@RequiresPermissions("sys:empUser:edit")
+	@RequiresPermissions("sys:empUser:authDataScope")
 	@RequestMapping(value = "formAuthDataScope")
 	public String formAuthDataScope(EmpUser empUser, Model model, HttpServletRequest request) {
 		UserDataScope userDataScope = new UserDataScope();
@@ -330,7 +334,7 @@ public class EmpUserController extends BaseController {
 	/** 
 	 * 保存用户授权数据权限
 	 */
-	@RequiresPermissions("sys:empUser:edit")
+	@RequiresPermissions("sys:empUser:authDataScope")
 	@RequestMapping(value = "saveAuthDataScope")
 	@ResponseBody
 	public String saveAuthDataScope(EmpUser empUser, HttpServletRequest request) {
--- a/modules/core/src/main/resources/config/jeesite-core.yml
+++ b/modules/core/src/main/resources/config/jeesite-core.yml
@@ -1,20 +1,5 @@
 # 温馨提示：不建议直接修改此文件，为了平台升级方便，建议将需要修改的参数值，复制到jeesite.yml里进行覆盖该参数值。
 #============================#
 #===== Project settings =====#
 #============================#
 # 产品或项目名称、版本、版权年份
 productName: JeeSite Demo
 productVersion: V4.0
 copyrightYear: 2018
 # 软件提供商公司或个人名称
 companyName: ThinkGem
 #是否演示模式
 demoMode: false
 #============================#
 #===== Database sttings =====#
 #============================#
@@ -22,38 +7,6 @@ demoMode: false
 # 数据库连接
 jdbc: 
 #  # Mysql 数据库配置
 #  type: mysql
 #  driver: com.mysql.jdbc.Driver
 #  url: jdbc:mysql://127.0.0.1:3306/jeesite?useUnicode=true&characterEncoding=utf-8&zeroDateTimeBehavior=convertToNull
 #  username: root
 #  password: 123456
 #  testSql: SELECT 1
 #
 #  # Oracle 数据库配置
 #  type: oracle
 #  driver: oracle.jdbc.driver.OracleDriver
 #  url: jdbc:oracle:thin:@127.0.0.1:1521/orcl
 #  username: jeesite
 #  password: jeesite
 #  testSql: SELECT 1 FROM DUAL
 #
 #  # Sql Server 数据库配置
 #  type: mssql
 #  driver: net.sourceforge.jtds.jdbc.Driver
 #  url: jdbc:jtds:sqlserver://127.0.0.1:1433/jeesite
 #  username: jeesite
 #  password: jeesite
 #  testSql: SELECT 1
 #  
 #  # PostgreSql 数据库配置（注意：一定要创建的schema与username相同，否则将找不到数据表字典信息）
 #  type: postgresql
 #  driver: org.postgresql.Driver
 #  url: jdbc:postgresql://127.0.0.1:5432/jeesite
 #  username: jeesite
 #  password: jeesite
 #  testSql: SELECT 1
  # 连接信息加密
  encrypt:
@@ -445,11 +398,15 @@ msg:
  realtime:
    # 是否开启
    enabled: true
-    # 消息发送任务Bean名称
+    # 消息实时推送任务Bean名称
-    sendTaskBeanName: msgLocalSendTask
+    beanName: msgLocalPushTask
  # 推送失败次数，如果推送次数超过了设定次数，仍不成功，则放弃并保存到历史
  pushFailNumber: 3
  # 邮件发送参数
  email:
    beanName: emailSendService
    fromAddress: jeesite_demo@163.com
    fromPassword: jeesitedemo1234
    fromHostName: smtp.163.com
@@ -458,12 +415,15 @@ msg:
  # 短信网关
  sms:
    beanName: smsSendService
    url: http://host:port/msg/sendSms
    data: account=demo&pswd=demo&product=
    prefix: ~
    suffix: 【JeeSite】
  # 微信相关
  weixin:
    beanName: weixinSendService
    #微信应用ID
    appid: ~
    #微信应用密钥
--- a/modules/core/src/main/resources/views/error/500.html
+++ b/modules/core/src/main/resources/views/error/500.html
@@ -46,7 +46,7 @@ else {
 <% if (@ObjectUtils.toBoolean(@Global.getConfig('error.page.printErrorInfo', 'true'))){ %>
 <div class="box mt20">
 	${@StringUtils.toHtml(@ExceptionUtils.getStackTraceAsString(ex))}<br/>
-	此异常信息若不想输出，可打开jeesite.properties文件，设置error.page.printErrorInfo=false即可
+	此异常信息若不想输出，可打开jeesite.yml文件，设置error.page.printErrorInfo=false即可
 </div>
 <% } %>
 <% } %>
--- a/modules/core/src/main/resources/views/modules/sys/user/empUserList.html
+++ b/modules/core/src/main/resources/views/modules/sys/user/empUserList.html
@@ -115,18 +115,30 @@ $('#dataGrid').dataGrid({
 			var actions = [];
 			<% if(hasPermi('sys:empUser:edit')){ %>
 				actions.push('<a href="${ctx}/sys/empUser/form?userCode='+row.userCode+'&op=edit" class="btnList" title="${text('编辑用户')}"><i class="fa fa-pencil"></i></a>&nbsp;');
 			<% } %>
 			<% if(hasPermi('sys:empUser:updateStatus')){ %>
 				if (row.status == Global.STATUS_NORMAL){
 					actions.push('<a href="${ctx}/sys/empUser/disable?userCode='+row.userCode+'" class="btnList" title="${text('停用用户')}" data-confirm="${text('确认要停用该用户吗？')}"><i class="glyphicon glyphicon-ban-circle"></i></a>&nbsp;');
 				}
 				if (row.status == Global.STATUS_DISABLE){
 					actions.push('<a href="${ctx}/sys/empUser/enable?userCode='+row.userCode+'" class="btnList" title="${text('启用用户')}" data-confirm="${text('确认要启用该用户吗？')}"><i class="glyphicon glyphicon-ok-circle"></i></a>&nbsp;');
 				}
 			<% } %>
 			<% if(hasPermi('sys:empUser:edit')){ %>
 				actions.push('<a href="${ctx}/sys/empUser/delete?userCode='+row.userCode+'" class="btnList" title="${text('删除用户')}" data-confirm="${text('确认要删除该用户吗？')}"><i class="fa fa-trash-o"></i></a>&nbsp;');
 			<% } %>
 			<% if(hasPermi('sys:empUser:authRole,sys:empUser:authDataScope,sys:empUser:resetpwd', 'or')){ %>
 				actions.push('<a href="javascript:" class="btnMore" title="${text('更多操作')}"><i class="fa fa-chevron-circle-right"></i></a>&nbsp;');
 				actions.push('<div class="moreItems">');
-				actions.push('<a href="${ctx}/sys/empUser/form?userCode='+row.userCode+'&op=auth" class="btn btn-default btn-xs btnList" title="${text('用户分配角色')}"><i class="fa fa-check-square-o"></i> ${text('分配角色')}</a>&nbsp;');
+				<% if(hasPermi('sys:empUser:authRole')){ %>
-				actions.push('<a href="${ctx}/sys/empUser/formAuthDataScope?userCode='+row.userCode+'" class="btn btn-default btn-xs btnList" title="${text('用户分配数据权限')}"><i class="fa fa-check-circle-o"></i> ${text('数据权限')}</a>&nbsp;');
+					actions.push('<a href="${ctx}/sys/empUser/form?userCode='+row.userCode+'&op=auth" class="btn btn-default btn-xs btnList" title="${text('用户分配角色')}"><i class="fa fa-check-square-o"></i> ${text('分配角色')}</a>&nbsp;');
-				actions.push('<a href="${ctx}/sys/empUser/resetpwd?userCode='+row.userCode+'" class="btn btn-default btn-xs btnList" title="${text('用户密码重置')}" data-confirm="${text('确认要将该用户密码重置到初始状态吗？')}"><i class="fa fa-reply-all"></i> ${text('重置密码')}</a>&nbsp;');
+				<% } %>
 				<% if(hasPermi('sys:empUser:authDataScope')){ %>
 					actions.push('<a href="${ctx}/sys/empUser/formAuthDataScope?userCode='+row.userCode+'" class="btn btn-default btn-xs btnList" title="${text('用户分配数据权限')}"><i class="fa fa-check-circle-o"></i> ${text('数据权限')}</a>&nbsp;');
 				<% } %>
 				<% if(hasPermi('sys:empUser:resetpwd')){ %>
 					actions.push('<a href="${ctx}/sys/empUser/resetpwd?userCode='+row.userCode+'" class="btn btn-default btn-xs btnList" title="${text('用户密码重置')}" data-confirm="${text('确认要将该用户密码重置到初始状态吗？')}"><i class="fa fa-reply-all"></i> ${text('重置密码')}</a>&nbsp;');
 				<% } %>
 				actions.push('</div>');
 			<% } %>
 			return actions.join('');
--- a/modules/core/src/test/java/com/jeesite/test/MsgPushTest.java
+++ b/modules/core/src/test/java/com/jeesite/test/MsgPushTest.java
@@ -6,6 +6,7 @@ package com.jeesite.test;
 import java.util.Date;
 import org.junit.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.test.annotation.Rollback;
 import org.springframework.test.context.ActiveProfiles;
@@ -17,6 +18,8 @@ import com.jeesite.modules.msg.entity.content.AppMsgContent;
 import com.jeesite.modules.msg.entity.content.EmailMsgContent;
 import com.jeesite.modules.msg.entity.content.PcMsgContent;
 import com.jeesite.modules.msg.entity.content.SmsMsgContent;
 import com.jeesite.modules.msg.service.MsgPushService;
 import com.jeesite.modules.msg.task.MsgLocalPushTask;
 import com.jeesite.modules.msg.utils.MsgPushUtils;
 /**
@@ -30,6 +33,25 @@ import com.jeesite.modules.msg.utils.MsgPushUtils;
 public class MsgPushTest extends BaseSpringContextTests {
 	@Test
 	public void testSend(){
 //		for (int i=0; i<1; i++){
 //			testPC();
 //			testApp();
 //			testSMS();
 //			testMail();
 //		}
 		testTask();
 	}
 	@Autowired
 	private MsgPushService msgPushService;
 	public void testTask(){
 		MsgLocalPushTask task = new MsgLocalPushTask();
 		task.setMsgPushService(msgPushService);
 		task.execute();
 	}
 	public void testPC(){
 		PcMsgContent msgContent = new PcMsgContent();
 		msgContent.setTitle("提示信息");
@@ -43,7 +65,6 @@ public class MsgPushTest extends BaseSpringContextTests {
 		MsgPushUtils.push(msgContent, "BizKey", "BizType", "system", new Date(), Global.YES);
 	}
 	@Test
 	public void testApp(){
 		AppMsgContent msgContent = new AppMsgContent();
 		msgContent.setTitle("提示信息");
@@ -56,7 +77,6 @@ public class MsgPushTest extends BaseSpringContextTests {
 		MsgPushUtils.push(msgContent, "BizKey", "BizType", "system", new Date(), Global.YES);
 	}
 	@Test
 	public void testSMS(){
 		SmsMsgContent msgContent = new SmsMsgContent();
 		msgContent.setTitle("提示信息");
@@ -69,7 +89,6 @@ public class MsgPushTest extends BaseSpringContextTests {
 		MsgPushUtils.push(msgContent, "BizKey", "BizType", "system", new Date(), Global.YES);
 	}
 	@Test
 	public void testMail(){
 		EmailMsgContent msgContent = new EmailMsgContent();
 		msgContent.setTitle("提示信息");
@@ -82,14 +101,4 @@ public class MsgPushTest extends BaseSpringContextTests {
 		MsgPushUtils.push(msgContent, "BizKey", "BizType", "system", new Date(), Global.YES);
 	}
 //	@Test
 //	public void test(){
 //		for (int i=0; i<5; i++){
 //			testPC();
 //			testApp();
 //			testSMS();
 //			testMail();
 //		}
 //	}
 }
--- a/web/src/main/resources/config/jeesite.yml
+++ b/web/src/main/resources/config/jeesite.yml
@@ -405,40 +405,18 @@ jdbc:
 #  realtime:
 #    # 是否开启
 #    enabled: true
-#    # 消息发送任务Bean名称
+#    # 消息实时推送任务Bean名称
-#    sendTaskBeanName: msgLocalSendTask
+#    beanName: msgLocalPushTask
 #
 #  # 邮件发送参数
 #  email:
 #    beanName: emailSendService
 #    fromAddress: test@163.com
 #    fromPassword: 123456
 #    fromHostName: smtp.163.com
 #    sslOnConnect: false
 #    sslSmtpPort: 994
 #
 #  # 短信网关
 #  sms:
 #    url: http://host:port/msg/sendSms
 #    data: account=demo&pswd=demo&product=
 #    suffix: 【JeeSite】
 #
 #  # 微信相关
 #  weixin:
 #    #微信应用ID
 #    appid: ~
 #    #微信应用密钥
 #    secret: ~
 #    # 微信服务器配置
 #    server:
 #      # 微信服务器配置Token
 #      token: ~
 #      # 微信服务器配置EncodingAESKey
 #      aeskey: ~
 #      # 微信服务器是否开启Debug模式，开启后发送未知消息时候会返回消息内容
 #      debug: true
 #    # 微信OAuth登录授权回调地址
 #    oauth:
 #      redirectUri: http://demo.jeesite.com/jeesite
 #============================#
 #===== Video settings =======#