center/dataease-dm
center/dataease-dm
13
0
Fork 0
forked from github/dataease
Code Pull Requests Activity

Merge pull request #2688 from dataease/pr@dev@refactor_menu

Browse Source 
refactor: 菜单增加复合权限校验,防止用户访问无权限页面
This commit is contained in:
王嘉豪 2022-07-25 18:14:59 +08:00 committed by GitHub
commit e413bf5707
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 27 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
backend/src/main/resources/db/migration/V38__1.13.sql
View File

@ -82,3 +82,18 @@ ADD COLUMN `update_time` bigint(13) NULL COMMENT '更新时间' AFTER `update_by
ALTER TABLE `sys_task_email`
ADD COLUMN `view_ids` varchar(255) NULL COMMENT '视图ID集合' AFTER `task_id`;
UPDATE `sys_menu`
SET
`permission` = 'user:add,user:del,user:edit'
WHERE
`menu_id` = 35;
UPDATE `sys_menu`
SET
`permission` = 'datasource:read'
WHERE
`menu_id` = 39;
UPDATE `sys_menu`
SET
`permission` = 'user:editPwd'
WHERE
`menu_id` = 51;

14
frontend/src/permission.js
View File

@ -189,10 +189,20 @@ const filterRouter = routers => {
})
}
const hasPermission = (router, user_permissions) => {
// 菜单要求权限 但是当前用户权限没有包含菜单权限
if (router.permission && !user_permissions.includes(router.permission)) {
// 判断是否有符合权限 eg. user:read,user:delete
if (router.permission && router.permission.indexOf(',') > -1) {
const permissions = router.permission.split(',')
const permissionsFilter = permissions.filter(permission => {
return user_permissions.includes(permission)
})
if (!permissionsFilter || permissionsFilter.length === 0) {
return false
}
} else if (router.permission && !user_permissions.includes(router.permission)) {
// 菜单要求权限 但是当前用户权限没有包含菜单权限
return false
}
if (!filterLic(router)) {
return false
}