From 48b007543af49c780f6c216c840a965f8a73736f Mon Sep 17 00:00:00 2001 From: wind Date: Sat, 22 Jan 2022 14:05:44 +0000 Subject: [PATCH 1/5] fix css class name --- ruoyi-ui/src/assets/styles/ruoyi.scss | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ruoyi-ui/src/assets/styles/ruoyi.scss b/ruoyi-ui/src/assets/styles/ruoyi.scss index d499fa0bb..e3912cec8 100644 --- a/ruoyi-ui/src/assets/styles/ruoyi.scss +++ b/ruoyi-ui/src/assets/styles/ruoyi.scss @@ -37,7 +37,7 @@ .mb10 { margin-bottom: 10px; } -.ml0 { +.ml10 { margin-left: 10px; } .mt20 { @@ -49,7 +49,7 @@ .mb20 { margin-bottom: 20px; } -.m20 { +.ml20 { margin-left: 20px; } From 1fe08f49c7abf88226f0dadaa239928220522073 Mon Sep 17 00:00:00 2001 From: RuoYi Date: Sun, 23 Jan 2022 10:56:41 +0800 Subject: [PATCH 2/5] =?UTF-8?q?=E5=8D=87=E7=BA=A7spring-boot=E5=88=B0?= =?UTF-8?q?=E6=9C=80=E6=96=B0=E7=89=88=E6=9C=AC2.5.9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pom.xml | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/pom.xml b/pom.xml index c024d33d7..b4d6fe419 100644 --- a/pom.xml +++ b/pom.xml @@ -32,7 +32,6 @@ 3.2.2 4.1.2 2.3 - 2.17.1 0.9.1 @@ -44,7 +43,7 @@ org.springframework.boot spring-boot-dependencies - 2.5.8 + 2.5.9 pom import @@ -151,19 +150,6 @@ ${fastjson.version} - - - org.apache.logging.log4j - log4j-api - ${log4j2.version} - - - - org.apache.logging.log4j - log4j-to-slf4j - ${log4j2.version} - - io.jsonwebtoken From 35664d818d068b9eefde55ab8455de51c2094a3e Mon Sep 17 00:00:00 2001 From: RuoYi Date: Thu, 27 Jan 2022 12:04:21 +0800 Subject: [PATCH 3/5] update ry.bat --- ry.bat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ry.bat b/ry.bat index 9f16232b2..69abee7b2 100644 --- a/ry.bat +++ b/ry.bat @@ -33,7 +33,7 @@ PAUSE PAUSE ) -start javaw %JAVA_OPTS% -jar %AppName% +start javaw %JVM_OPTS% -jar %AppName% echo starting echo Start %AppName% success... From 8007b22b8569dc8036df95adb58f6ca53c8eb04c Mon Sep 17 00:00:00 2001 From: RuoYi Date: Thu, 27 Jan 2022 12:04:40 +0800 Subject: [PATCH 4/5] =?UTF-8?q?=E5=AF=BC=E5=87=BAExcel=E6=97=B6=E5=B1=8F?= =?UTF-8?q?=E8=94=BD=E5=85=AC=E5=BC=8F=EF=BC=8C=E9=98=B2=E6=AD=A2CSV?= =?UTF-8?q?=E6=B3=A8=E5=85=A5=E9=A3=8E=E9=99=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/com/ruoyi/common/utils/poi/ExcelUtil.java | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java index 93a19e870..22b6b574d 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java +++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java @@ -86,6 +86,9 @@ public class ExcelUtil { private static final Logger log = LoggerFactory.getLogger(ExcelUtil.class); + public static final String[] FORMULA_STR = { "=", "-", "+", "@" }; + + /** * Excel sheet最大行数,默认65536 */ @@ -710,7 +713,13 @@ public class ExcelUtil { if (ColumnType.STRING == attr.cellType()) { - cell.setCellValue(StringUtils.isNull(value) ? attr.defaultValue() : value + attr.suffix()); + String cellValue = Convert.toStr(value); + // 对于任何以表达式触发字符 =-+@开头的单元格,直接使用tab字符作为前缀,防止CSV注入。 + if (StringUtils.containsAny(cellValue, FORMULA_STR)) + { + cellValue = StringUtils.replaceEach(cellValue, FORMULA_STR, new String[] { "\t=", "\t-", "\t+", "\t@" }); + } + cell.setCellValue(StringUtils.isNull(cellValue) ? attr.defaultValue() : cellValue + attr.suffix()); } else if (ColumnType.NUMERIC == attr.cellType()) { From 612c4293d16e782e3905edc4e10cf621e1b4e411 Mon Sep 17 00:00:00 2001 From: RuoYi Date: Thu, 27 Jan 2022 12:05:04 +0800 Subject: [PATCH 5/5] =?UTF-8?q?=E7=94=A8=E6=88=B7=E8=AE=BF=E9=97=AE?= =?UTF-8?q?=E6=8E=A7=E5=88=B6=E6=97=B6=E6=A0=A1=E9=AA=8C=E6=95=B0=E6=8D=AE?= =?UTF-8?q?=E6=9D=83=E9=99=90=EF=BC=8C=E9=98=B2=E6=AD=A2=E8=B6=8A=E6=9D=83?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ruoyi/web/controller/system/SysDeptController.java | 8 +++++--- .../ruoyi/web/controller/system/SysRoleController.java | 4 ++++ .../ruoyi/web/controller/system/SysUserController.java | 4 ++++ .../com/ruoyi/system/service/impl/SysRoleServiceImpl.java | 1 + .../com/ruoyi/system/service/impl/SysUserServiceImpl.java | 1 + 5 files changed, 15 insertions(+), 3 deletions(-) diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java index 57dcbd356..6ec2f3ef0 100644 --- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java +++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java @@ -125,16 +125,17 @@ public class SysDeptController extends BaseController @PutMapping public AjaxResult edit(@Validated @RequestBody SysDept dept) { + Long deptId = dept.getDeptId(); + deptService.checkDeptDataScope(deptId); if (UserConstants.NOT_UNIQUE.equals(deptService.checkDeptNameUnique(dept))) { return AjaxResult.error("修改部门'" + dept.getDeptName() + "'失败,部门名称已存在"); } - else if (dept.getParentId().equals(dept.getDeptId())) + else if (dept.getParentId().equals(deptId)) { return AjaxResult.error("修改部门'" + dept.getDeptName() + "'失败,上级部门不能是自己"); } - else if (StringUtils.equals(UserConstants.DEPT_DISABLE, dept.getStatus()) - && deptService.selectNormalChildrenDeptById(dept.getDeptId()) > 0) + else if (StringUtils.equals(UserConstants.DEPT_DISABLE, dept.getStatus()) && deptService.selectNormalChildrenDeptById(deptId) > 0) { return AjaxResult.error("该部门包含未停用的子部门!"); } @@ -158,6 +159,7 @@ public class SysDeptController extends BaseController { return AjaxResult.error("部门存在用户,不允许删除"); } + deptService.checkDeptDataScope(deptId); return toAjax(deptService.deleteDeptById(deptId)); } } diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java index d70fa8158..10b62f1f5 100644 --- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java +++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java @@ -111,6 +111,7 @@ public class SysRoleController extends BaseController public AjaxResult edit(@Validated @RequestBody SysRole role) { roleService.checkRoleAllowed(role); + roleService.checkRoleDataScope(role.getRoleId()); if (UserConstants.NOT_UNIQUE.equals(roleService.checkRoleNameUnique(role))) { return AjaxResult.error("修改角色'" + role.getRoleName() + "'失败,角色名称已存在"); @@ -145,6 +146,7 @@ public class SysRoleController extends BaseController public AjaxResult dataScope(@RequestBody SysRole role) { roleService.checkRoleAllowed(role); + roleService.checkRoleDataScope(role.getRoleId()); return toAjax(roleService.authDataScope(role)); } @@ -157,6 +159,7 @@ public class SysRoleController extends BaseController public AjaxResult changeStatus(@RequestBody SysRole role) { roleService.checkRoleAllowed(role); + roleService.checkRoleDataScope(role.getRoleId()); role.setUpdateBy(getUsername()); return toAjax(roleService.updateRoleStatus(role)); } @@ -236,6 +239,7 @@ public class SysRoleController extends BaseController @PutMapping("/authUser/selectAll") public AjaxResult selectAuthUserAll(Long roleId, Long[] userIds) { + roleService.checkRoleDataScope(roleId); return toAjax(roleService.insertAuthUsers(roleId, userIds)); } } diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java index e9be25e04..60d9de07f 100644 --- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java +++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java @@ -148,6 +148,7 @@ public class SysUserController extends BaseController public AjaxResult edit(@Validated @RequestBody SysUser user) { userService.checkUserAllowed(user); + userService.checkUserDataScope(user.getUserId()); if (StringUtils.isNotEmpty(user.getPhonenumber()) && UserConstants.NOT_UNIQUE.equals(userService.checkPhoneUnique(user))) { @@ -186,6 +187,7 @@ public class SysUserController extends BaseController public AjaxResult resetPwd(@RequestBody SysUser user) { userService.checkUserAllowed(user); + userService.checkUserDataScope(user.getUserId()); user.setPassword(SecurityUtils.encryptPassword(user.getPassword())); user.setUpdateBy(getUsername()); return toAjax(userService.resetPwd(user)); @@ -200,6 +202,7 @@ public class SysUserController extends BaseController public AjaxResult changeStatus(@RequestBody SysUser user) { userService.checkUserAllowed(user); + userService.checkUserDataScope(user.getUserId()); user.setUpdateBy(getUsername()); return toAjax(userService.updateUserStatus(user)); } @@ -227,6 +230,7 @@ public class SysUserController extends BaseController @PutMapping("/authRole") public AjaxResult insertAuthRole(Long userId, Long[] roleIds) { + userService.checkUserDataScope(userId); userService.insertUserAuth(userId, roleIds); return success(); } diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java index f53f975fe..68dd15dd9 100644 --- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java +++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java @@ -361,6 +361,7 @@ public class SysRoleServiceImpl implements ISysRoleService for (Long roleId : roleIds) { checkRoleAllowed(new SysRole(roleId)); + checkRoleDataScope(roleId); SysRole role = selectRoleById(roleId); if (countUserRoleByRoleId(roleId) > 0) { diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java index 8d33286fa..56f3dac72 100644 --- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java +++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java @@ -482,6 +482,7 @@ public class SysUserServiceImpl implements ISysUserService for (Long userId : userIds) { checkUserAllowed(new SysUser(userId)); + checkUserDataScope(userId); } // 删除用户与角色关联 userRoleMapper.deleteUserRole(userIds);