refactor: 菜单增加复合权限校验，防止用户访问无权限页面

2022-07-25 18:12:43 +08:00 · 2022-07-25 18:12:43 +08:00 · 45b81c87ec
commit 45b81c87ec
parent 4dfc930cf8
2 changed files with 28 additions and 2 deletions
--- a/backend/src/main/resources/db/migration/V38__1.13.sql
+++ b/backend/src/main/resources/db/migration/V38__1.13.sql
@ -78,3 +78,19 @@ ADD COLUMN `update_time` bigint(13) NULL COMMENT '更新时间' AFTER `update_by

 ALTER TABLE `sys_task_email`
 ADD COLUMN `view_ids` varchar(255) NULL COMMENT '视图ID集合' AFTER `task_id`;
+
+UPDATE `sys_menu`
+SET
+    `permission` = 'user:add,user:del,user:edit'
+WHERE
+        `menu_id` = 35;
+UPDATE `sys_menu`
+SET
+    `permission` = 'datasource:read'
+WHERE
+        `menu_id` = 39;
+UPDATE `sys_menu`
+SET
+    `permission` = 'user:editPwd'
+WHERE
+        `menu_id` = 51;
--- a/frontend/src/permission.js
+++ b/frontend/src/permission.js
@ -189,10 +189,20 @@ const filterRouter = routers => {
  })
 }
 const hasPermission = (router, user_permissions) => {
-  // 菜单要求权限 但是当前用户权限没有包含菜单权限
-  if (router.permission && !user_permissions.includes(router.permission)) {
+  // 判断是否有符合权限 eg. user:read,user:delete
+  if (router.permission && router.permission.indexOf(',') > -1) {
+    const permissions = router.permission.split(',')
+    const permissionsFilter = permissions.filter(permission => {
+      return user_permissions.includes(permission)
+    })
+    if (!permissionsFilter || permissionsFilter.length === 0) {
+      return false
+    }
+  } else if (router.permission && !user_permissions.includes(router.permission)) {
+    // 菜单要求权限 但是当前用户权限没有包含菜单权限
    return false
  }
+
  if (!filterLic(router)) {
    return false
  }