From 57b6759051a5289551549aa4906bf2797e70f768 Mon Sep 17 00:00:00 2001 From: zc <> Date: Sat, 11 Dec 2021 14:47:52 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20JWT=E5=86=85=E5=AE=B9=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?deptId,=E4=BF=AE=E5=A4=8D=E9=83=A8=E9=97=A8=E6=95=B0=E6=8D=AE?= =?UTF-8?q?=E6=9D=83=E9=99=90sql=E6=BC=8F=E6=B4=9E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit JWT内容增加deptId,修复部门数据权限sql漏洞 --- .../com/youlai/admin/dto/UserAuthDTO.java | 5 ++++ .../service/impl/SysDeptServiceImpl.java | 5 ++-- .../main/resources/mapper/SysUserMapper.xml | 3 +- .../config/AuthorizationServerConfig.java | 1 + .../core/userdetails/user/SysUserDetails.java | 2 ++ .../handler/DataPermissionHandlerImpl.java | 29 +++++++------------ 6 files changed, 23 insertions(+), 22 deletions(-) diff --git a/youlai-admin/admin-api/src/main/java/com/youlai/admin/dto/UserAuthDTO.java b/youlai-admin/admin-api/src/main/java/com/youlai/admin/dto/UserAuthDTO.java index a1283c79b..de4da74cc 100644 --- a/youlai-admin/admin-api/src/main/java/com/youlai/admin/dto/UserAuthDTO.java +++ b/youlai-admin/admin-api/src/main/java/com/youlai/admin/dto/UserAuthDTO.java @@ -38,6 +38,11 @@ public class UserAuthDTO { */ private List roles; + /** + * 部门ID + */ + private Long deptId; + } diff --git a/youlai-admin/admin-boot/src/main/java/com/youlai/admin/service/impl/SysDeptServiceImpl.java b/youlai-admin/admin-boot/src/main/java/com/youlai/admin/service/impl/SysDeptServiceImpl.java index 070a10fde..5f013cefb 100644 --- a/youlai-admin/admin-boot/src/main/java/com/youlai/admin/service/impl/SysDeptServiceImpl.java +++ b/youlai-admin/admin-boot/src/main/java/com/youlai/admin/service/impl/SysDeptServiceImpl.java @@ -120,9 +120,8 @@ public class SysDeptServiceImpl extends ServiceImpl impl .eq(SysDept::getStatus, GlobalConstants.STATUS_YES) .orderByAsc(SysDept::getSort) ); - Long userId = JwtUtils.getUserId(); - SysUser user = iSysUserService.getById(userId); - List deptSelectList = recursionTreeSelectList(user.getDeptId(), deptList); + + List deptSelectList = recursionTreeSelectList(JwtUtils.getJwtPayload().getLong("deptId"), deptList); return deptSelectList; } diff --git a/youlai-admin/admin-boot/src/main/resources/mapper/SysUserMapper.xml b/youlai-admin/admin-boot/src/main/resources/mapper/SysUserMapper.xml index ffe920e86..4788bc963 100644 --- a/youlai-admin/admin-boot/src/main/resources/mapper/SysUserMapper.xml +++ b/youlai-admin/admin-boot/src/main/resources/mapper/SysUserMapper.xml @@ -37,13 +37,14 @@ +