diff --git a/pom.xml b/pom.xml index 183a2bb3..66a98587 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ com.ruoyi RuoYi - 1.1.5 + 1.1.6 jar RuoYi @@ -39,6 +39,7 @@ 2.3.0 2.3.2 2.7.0 + 1.11.3 @@ -82,6 +83,13 @@ spring-boot-starter-thymeleaf + + + org.springframework.boot + spring-boot-devtools + true + + net.sourceforge.nekohtml @@ -230,6 +238,13 @@ springfox-swagger-ui ${swagger.version} + + + + org.jsoup + jsoup + ${jsoup.version} + @@ -240,7 +255,7 @@ org.springframework.boot spring-boot-maven-plugin - true + true diff --git a/sql/ry_20180531.sql b/sql/ry_20180604.sql similarity index 93% rename from sql/ry_20180531.sql rename to sql/ry_20180604.sql index 6dd0350e..61e05976 100644 --- a/sql/ry_20180531.sql +++ b/sql/ry_20180604.sql @@ -432,21 +432,17 @@ create table sys_dict_data primary key (dict_code) ) engine=innodb auto_increment=100 default charset=utf8 comment = '字典数据表'; -insert into sys_dict_data values(1, 1, '男', '0', 'sys_user_sex', 'radio radio-info radio-inline', 'Y', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); -insert into sys_dict_data values(2, 2, '女', '1', 'sys_user_sex', 'radio radio-danger radio-inline', 'N', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); -insert into sys_dict_data values(3, 3, '未知', '2', 'sys_user_sex', 'radio radio-warning radio-inline', 'N', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); -insert into sys_dict_data values(4, 1, '显示', '0', 'sys_menu_visible', 'radio radio-info radio-inline', 'Y', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); -insert into sys_dict_data values(5, 2, '隐藏', '1', 'sys_menu_visible', 'radio radio-danger radio-inline', 'N', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); -insert into sys_dict_data values(6, 1, '正常', '0', 'sys_dept_status', 'radio radio-info radio-inline', 'Y', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); -insert into sys_dict_data values(7, 2, '停用', '1', 'sys_dept_status', 'radio radio-danger radio-inline', 'N', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); -insert into sys_dict_data values(8, 1, '正常', '0', 'sys_dict_status', 'radio radio-info radio-inline', 'Y', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); -insert into sys_dict_data values(9, 2, '停用', '1', 'sys_dict_status', 'radio radio-danger radio-inline', 'N', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); -insert into sys_dict_data values(10, 1, '正常', '0', 'sys_post_status', 'radio radio-info radio-inline', 'Y', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); -insert into sys_dict_data values(11, 2, '停用', '1', 'sys_post_status', 'radio radio-danger radio-inline', 'N', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); -insert into sys_dict_data values(12, 1, '正常', '0', 'sys_job_status', 'radio radio-info radio-inline', 'Y', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); -insert into sys_dict_data values(13, 2, '暂停', '1', 'sys_job_status', 'radio radio-danger radio-inline', 'N', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); -insert into sys_dict_data values(14, 1, '是', 'Y', 'sys_yes_no', 'radio radio-info radio-inline', 'Y', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); -insert into sys_dict_data values(15, 2, '否', 'N', 'sys_yes_no', 'radio radio-danger radio-inline', 'N', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); +insert into sys_dict_data values(1, 1, '男', '0', 'sys_user_sex', 'radio radio-info radio-inline', 'Y', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); +insert into sys_dict_data values(2, 2, '女', '1', 'sys_user_sex', 'radio radio-danger radio-inline', 'N', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); +insert into sys_dict_data values(3, 3, '未知', '2', 'sys_user_sex', 'radio radio-warning radio-inline', 'N', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); +insert into sys_dict_data values(4, 1, '显示', '0', 'sys_show_hide', 'radio radio-info radio-inline', 'Y', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); +insert into sys_dict_data values(5, 2, '隐藏', '1', 'sys_show_hide', 'radio radio-danger radio-inline', 'N', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); +insert into sys_dict_data values(6, 1, '正常', '0', 'sys_normal_disable', 'radio radio-info radio-inline', 'Y', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); +insert into sys_dict_data values(7, 2, '停用', '1', 'sys_normal_disable', 'radio radio-danger radio-inline', 'N', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); +insert into sys_dict_data values(8, 1, '正常', '0', 'sys_job_status', 'radio radio-info radio-inline', 'Y', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); +insert into sys_dict_data values(9, 2, '暂停', '1', 'sys_job_status', 'radio radio-danger radio-inline', 'N', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); +insert into sys_dict_data values(10, 1, '是', 'Y', 'sys_yes_no', 'radio radio-info radio-inline', 'Y', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); +insert into sys_dict_data values(11, 2, '否', 'N', 'sys_yes_no', 'radio radio-danger radio-inline', 'N', 0, 'admin', '2018-03-16 11-33-00', 'ry', '2018-03-16 11-33-00', ''); -- ---------------------------- -- 12、参数配置表 diff --git a/src/main/java/com/ruoyi/common/xss/XssFilter.java b/src/main/java/com/ruoyi/common/xss/XssFilter.java new file mode 100644 index 00000000..14cb5cda --- /dev/null +++ b/src/main/java/com/ruoyi/common/xss/XssFilter.java @@ -0,0 +1,42 @@ +package com.ruoyi.common.xss; + +import java.io.IOException; +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.annotation.WebFilter; +import javax.servlet.http.HttpServletRequest; + +/** + * 防止XSS攻击的过滤器 + * + * @author ruoyi + */ +@WebFilter(filterName = "xssFilter", urlPatterns = "/system/*") +public class XssFilter implements Filter +{ + + @Override + public void init(FilterConfig filterConfig) throws ServletException + { + + } + + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) + throws IOException, ServletException + { + XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper((HttpServletRequest) request); + chain.doFilter(xssRequest, response); + } + + @Override + public void destroy() + { + + } + +} \ No newline at end of file diff --git a/src/main/java/com/ruoyi/common/xss/XssHttpServletRequestWrapper.java b/src/main/java/com/ruoyi/common/xss/XssHttpServletRequestWrapper.java new file mode 100644 index 00000000..da1f3cc1 --- /dev/null +++ b/src/main/java/com/ruoyi/common/xss/XssHttpServletRequestWrapper.java @@ -0,0 +1,41 @@ +package com.ruoyi.common.xss; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletRequestWrapper; +import org.jsoup.Jsoup; +import org.jsoup.safety.Whitelist; + +/** + * XSS过滤处理 + * + * @author ruoyi + */ +public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper +{ + + /** + * @param request + */ + public XssHttpServletRequestWrapper(HttpServletRequest request) + { + super(request); + } + + @Override + public String[] getParameterValues(String name) + { + String[] values = super.getParameterValues(name); + if (values != null) + { + int length = values.length; + String[] escapseValues = new String[length]; + for (int i = 0; i < length; i++) + { + // 防xss攻击和过滤前后空格 + escapseValues[i] = Jsoup.clean(values[i], Whitelist.relaxed()).trim(); + } + return escapseValues; + } + return super.getParameterValues(name); + } +} \ No newline at end of file diff --git a/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java b/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java index 0e75c4e9..e1330fda 100644 --- a/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java +++ b/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java @@ -2,7 +2,6 @@ package com.ruoyi.framework.aspectj; import java.lang.reflect.Method; import java.util.Map; - import com.ruoyi.common.utils.AddressUtils; import org.aspectj.lang.JoinPoint; import org.aspectj.lang.Signature; @@ -17,7 +16,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.scheduling.annotation.Async; import org.springframework.scheduling.annotation.EnableAsync; import org.springframework.stereotype.Component; - import com.alibaba.fastjson.JSONObject; import com.ruoyi.common.constant.UserConstants; import com.ruoyi.common.utils.ServletUtils; diff --git a/src/main/java/com/ruoyi/framework/config/FilterConfig.java b/src/main/java/com/ruoyi/framework/config/FilterConfig.java new file mode 100644 index 00000000..f81fdc78 --- /dev/null +++ b/src/main/java/com/ruoyi/framework/config/FilterConfig.java @@ -0,0 +1,28 @@ +package com.ruoyi.framework.config; + +import javax.servlet.DispatcherType; +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import com.ruoyi.common.xss.XssFilter; + +/** + * Filter配置 + * + * @author ruoyi + */ +@Configuration +public class FilterConfig +{ + @Bean + public FilterRegistrationBean xssFilterRegistration() + { + FilterRegistrationBean registration = new FilterRegistrationBean(); + registration.setDispatcherTypes(DispatcherType.REQUEST); + registration.setFilter(new XssFilter()); + registration.addUrlPatterns("/*"); + registration.setName("xssFilter"); + registration.setOrder(Integer.MAX_VALUE); + return registration; + } +} diff --git a/src/main/java/com/ruoyi/project/system/role/controller/RoleController.java b/src/main/java/com/ruoyi/project/system/role/controller/RoleController.java index 23eced43..b25aa662 100644 --- a/src/main/java/com/ruoyi/project/system/role/controller/RoleController.java +++ b/src/main/java/com/ruoyi/project/system/role/controller/RoleController.java @@ -42,7 +42,7 @@ public class RoleController extends BaseController } @RequiresPermissions("system:role:list") - @GetMapping("/list") + @PostMapping("/list") @ResponseBody public TableDataInfo list(Role role) { diff --git a/src/main/java/com/ruoyi/project/system/role/domain/Role.java b/src/main/java/com/ruoyi/project/system/role/domain/Role.java index 9d92e184..f711db3e 100644 --- a/src/main/java/com/ruoyi/project/system/role/domain/Role.java +++ b/src/main/java/com/ruoyi/project/system/role/domain/Role.java @@ -20,7 +20,7 @@ public class Role extends BaseEntity /** 角色排序 */ private String roleSort; /** 角色状态:0正常,1禁用 */ - private int status; + private Integer status; /** 用户是否存在此角色标识 默认不存在 */ private boolean flag = false; /** 菜单组 */ @@ -66,12 +66,12 @@ public class Role extends BaseEntity this.roleSort = roleSort; } - public int getStatus() + public Integer getStatus() { return status; } - public void setStatus(int status) + public void setStatus(Integer status) { this.status = status; } diff --git a/src/main/resources/mybatis/system/RoleMapper.xml b/src/main/resources/mybatis/system/RoleMapper.xml index 77f0dcb5..7259ae60 100644 --- a/src/main/resources/mybatis/system/RoleMapper.xml +++ b/src/main/resources/mybatis/system/RoleMapper.xml @@ -20,8 +20,14 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" diff --git a/src/main/resources/static/css/style.css b/src/main/resources/static/css/style.css index eabf51be..a70f4e57 100644 --- a/src/main/resources/static/css/style.css +++ b/src/main/resources/static/css/style.css @@ -3631,11 +3631,11 @@ code { -o-border-image: none; border-image: none; border-style: solid solid none; - border-width: 4px 0px 0; + border-width: 0px 0px 0; color: inherit; margin-bottom: 0; padding: 14px 15px 7px; - min-height: 48px; + min-height: 40px; } .ibox-content { @@ -3719,7 +3719,7 @@ table.table-mail tr td { .ibox-tools a { cursor: pointer; margin-left: 5px; - color: #c4c4c4; + color: #676a6c; } .ibox-tools a.btn-primary { diff --git a/src/main/resources/static/ruoyi/js/ry-table.js b/src/main/resources/static/ruoyi/js/ry-table.js new file mode 100644 index 00000000..5a51a630 --- /dev/null +++ b/src/main/resources/static/ruoyi/js/ry-table.js @@ -0,0 +1,59 @@ +/** + * 表格通用方法封装处理 + * Copyright (c) 2018 ruoyi + */ +(function($) { + $.extend({ + ryTable: { + _option: {}, + _params: {}, + init: function(options) { + $.ryTable._option = options; + $.ryTable._params = options.queryParams == null ? $.ryTable.queryParams : options.queryParams; + $('.bootstrap-table').bootstrapTable({ + url: options.url, // 请求后台的URL(*) + contentType: "application/x-www-form-urlencoded", // 编码类型 + method: 'post', // 请求方式(*) + toolbar: '#toolbar', // 工具按钮用哪个容器 + cache: false, // 是否使用缓存 + sortable: false, // 是否启用排序 + sortOrder: "asc", // 排序方式 + sortStable: true, // 设置为 true 将获得稳定的排序 + pagination: true, // 是否显示分页(*) + sidePagination: "server", // 启用服务端分页 + pageNumber: 1, // 初始化加载第一页,默认第一页 + pageSize: 10, // 每页的记录行数(*) + pageList: [10, 25, 50], // 可供选择的每页的行数(*) + queryParams: $.ryTable._params, // 传递参数(*) + columns: options.columns // 显示列信息(*) + }); + }, + queryParams: function(params) { + return { + // 传递参数查询参数 + pageSize: params.limit, + pageNum: params.offset / params.limit + 1, + searchValue: params.search, + orderByColumn: params.sort, + isAsc: params.order + }; + }, + refresh: function() { + $(".bootstrap-table").bootstrapTable('refresh', { + url: $.ryTable._option.url + }); + } + } + }); +})(jQuery); + +function default_params(params) { + return { + // 传递参数查询参数 + pageSize: params.limit, + pageNum: params.offset / params.limit + 1, + searchValue: params.search, + orderByColumn: params.sort, + isAsc: params.order + }; +} \ No newline at end of file diff --git a/src/main/resources/static/ruoyi/system/role/role.js b/src/main/resources/static/ruoyi/system/role/role.js index b2d86362..986d130b 100644 --- a/src/main/resources/static/ruoyi/system/role/role.js +++ b/src/main/resources/static/ruoyi/system/role/role.js @@ -1,55 +1,77 @@ var prefix = ctx + "system/role" $(function() { - var columns = [{ - checkbox: true - }, - { - field: 'roleId', - title: '角色编号' - }, - { - field: 'roleName', - title: '角色名称' - }, - { - field: 'roleKey', - title: '权限字符' - }, - { - field: 'roleSort', - title: '显示顺序' - }, - { - field: 'status', - title: '状态', - align: 'center', - formatter: function(value, row, index) { - if (value == 0) { - return '正常'; - } else if (value == 1) { - return '禁用'; - } - } - }, - { - field: 'createDateTimeStr', - title: '创建时间' - }, - { - title: '操作', - align: 'center', - formatter: function(value, row, index) { - var actions = []; - actions.push('编辑 '); - actions.push('删除'); - return actions.join(''); - } - }]; - var url = prefix + "/list"; - $.initTable(columns, url); + var options = { + url: prefix + "/list", + queryParams: queryParams, + columns: [{ + checkbox: true + }, + { + field: 'roleId', + title: '角色编号' + }, + { + field: 'roleName', + title: '角色名称' + }, + { + field: 'roleKey', + title: '权限字符' + }, + { + field: 'roleSort', + title: '显示顺序' + }, + { + field: 'status', + title: '状态', + align: 'center', + formatter: function(value, row, index) { + if (value == 0) { + return '正常'; + } else if (value == 1) { + return '禁用'; + } + } + }, + { + field: 'createDateTimeStr', + title: '创建时间' + }, + { + title: '操作', + align: 'center', + formatter: function(value, row, index) { + var actions = []; + actions.push('编辑 '); + actions.push('删除'); + return actions.join(''); + } + }] + }; + $.ryTable.init(options); }); +/*角色管理-搜索*/ +function search() { + $('.bootstrap-table').bootstrapTable('refresh', queryParams); +} + +function queryParams(params) { + return { + // 传递参数查询参数 + pageSize: params.limit, + pageNum: params.offset / params.limit + 1, + searchValue: params.search, + orderByColumn: params.sort, + isAsc: params.order, + roleName: $("#roleName").val(), + roleKey: $("#roleKey").val(), + status: $("#status option:selected").val() + }; +} + /*角色管理-新增*/ function add() { var url = prefix + '/add'; diff --git a/src/main/resources/templates/include.html b/src/main/resources/templates/include.html index 9aad3b5c..9258d07b 100644 --- a/src/main/resources/templates/include.html +++ b/src/main/resources/templates/include.html @@ -34,8 +34,8 @@ - - + + diff --git a/src/main/resources/templates/main.html b/src/main/resources/templates/main.html index e078f81d..d995948a 100644 --- a/src/main/resources/templates/main.html +++ b/src/main/resources/templates/main.html @@ -94,13 +94,35 @@
+
+
+
+ v1.1.62018.06.04 +
+
+
+
+
    +
  1. 新增用户列表部门列
    2. +
  2. 新增登录地点
    3. +
  3. 新增swagger
    4. +
  4. 修复排序数字校验
    5. +
  5. 优化头像上传文件类型限定为图片
    6. +
  6. 新增XSS过滤
    7. +
  7. 新增热部署提高开发效率
    8. +
  8. 修复treegrid居中无效
    9. +
  9. 角色多条件查询
    10. +
+
+
+
v1.1.52018.05.28
-
+
  1. 优化登录失败刷新验证码
    2. diff --git a/src/main/resources/templates/system/dept/add.html b/src/main/resources/templates/system/dept/add.html index dc7d50f1..3e8abd23 100644 --- a/src/main/resources/templates/system/dept/add.html +++ b/src/main/resources/templates/system/dept/add.html @@ -44,7 +44,7 @@
-
+
diff --git a/src/main/resources/templates/system/dept/edit.html b/src/main/resources/templates/system/dept/edit.html index 4604f687..1270828a 100644 --- a/src/main/resources/templates/system/dept/edit.html +++ b/src/main/resources/templates/system/dept/edit.html @@ -45,7 +45,7 @@
-
+
diff --git a/src/main/resources/templates/system/dict/data/add.html b/src/main/resources/templates/system/dict/data/add.html index f9d2c1bd..3a4a53b8 100644 --- a/src/main/resources/templates/system/dict/data/add.html +++ b/src/main/resources/templates/system/dict/data/add.html @@ -46,7 +46,7 @@
-
+
diff --git a/src/main/resources/templates/system/dict/data/edit.html b/src/main/resources/templates/system/dict/data/edit.html index 09b0d1f9..05280ebb 100644 --- a/src/main/resources/templates/system/dict/data/edit.html +++ b/src/main/resources/templates/system/dict/data/edit.html @@ -47,7 +47,7 @@
-
+
diff --git a/src/main/resources/templates/system/dict/type/add.html b/src/main/resources/templates/system/dict/type/add.html index 7a58c084..55ac2d27 100644 --- a/src/main/resources/templates/system/dict/type/add.html +++ b/src/main/resources/templates/system/dict/type/add.html @@ -19,7 +19,7 @@
-
+
diff --git a/src/main/resources/templates/system/dict/type/edit.html b/src/main/resources/templates/system/dict/type/edit.html index 6bcccbd5..3bc06ff1 100644 --- a/src/main/resources/templates/system/dict/type/edit.html +++ b/src/main/resources/templates/system/dict/type/edit.html @@ -20,7 +20,7 @@
-
+
diff --git a/src/main/resources/templates/system/menu/add.html b/src/main/resources/templates/system/menu/add.html index 209606c0..b2238ba5 100644 --- a/src/main/resources/templates/system/menu/add.html +++ b/src/main/resources/templates/system/menu/add.html @@ -58,7 +58,7 @@
-
+
diff --git a/src/main/resources/templates/system/menu/edit.html b/src/main/resources/templates/system/menu/edit.html index 746eec1b..49e15ea0 100644 --- a/src/main/resources/templates/system/menu/edit.html +++ b/src/main/resources/templates/system/menu/edit.html @@ -59,7 +59,7 @@
-
+
diff --git a/src/main/resources/templates/system/post/add.html b/src/main/resources/templates/system/post/add.html index 7264a846..43816f45 100644 --- a/src/main/resources/templates/system/post/add.html +++ b/src/main/resources/templates/system/post/add.html @@ -25,7 +25,7 @@
-
+
diff --git a/src/main/resources/templates/system/post/edit.html b/src/main/resources/templates/system/post/edit.html index abf3e02c..febb192a 100644 --- a/src/main/resources/templates/system/post/edit.html +++ b/src/main/resources/templates/system/post/edit.html @@ -26,7 +26,7 @@
-
+
diff --git a/src/main/resources/templates/system/role/role.html b/src/main/resources/templates/system/role/role.html index dc38e2ba..4672e59d 100644 --- a/src/main/resources/templates/system/role/role.html +++ b/src/main/resources/templates/system/role/role.html @@ -3,23 +3,70 @@ xmlns:shiro="http://www.pollix.at/thymeleaf/shiro"> - -
- - -
+ +
+
+
+
角色管理
+
+ + 新增 + + + 删除 + +
+
+
+
+
+
+
+ +
+ +
+
+ +
+
+
+ +
+ +
+
+ +
+
+
+ +
+ +
+
+ +
+
+ +
+
+ +
+ +
+ +
+
+
+
- - +