|
|
@@ -37,6 +37,8 @@ import org.springframework.web.multipart.MultipartFile;
|
|
|
import javax.annotation.Resource;
|
|
|
import javax.servlet.http.HttpServletRequest;
|
|
|
import javax.servlet.http.HttpServletResponse;
|
|
|
+import java.net.MalformedURLException;
|
|
|
+import java.net.URL;
|
|
|
import java.util.*;
|
|
|
import java.util.stream.Collectors;
|
|
|
|
|
|
@@ -276,11 +278,15 @@ public class SysUserController extends BaseController {
|
|
|
JSONArray allArray = JSONUtil.parseArray(allVisu);
|
|
|
JSONArray userHasArray = JSONUtil.parseArray(userHasVisu);
|
|
|
//如果访问的是可视化菜单内的 并且用户没有这个菜单 返回false
|
|
|
- logger.info("访问路径 ==>{}, 访问路径是否在系统菜单里 ==>{}, 用户是否具有该路径权限 ==>{}",referer,contains(allArray,referer),contains(userHasArray,referer));
|
|
|
- if(contains(allArray,referer) && !contains(userHasArray,referer)){
|
|
|
- result.put("flag",false);
|
|
|
- result.put("url",configService.selectConfigByKey("backToMainPage"));
|
|
|
- return result;
|
|
|
+ boolean isRefererInAll = contains(allArray,referer);
|
|
|
+ boolean isRefererInUserHas = contains(userHasArray,referer);
|
|
|
+ logger.info("访问路径 ==>{}, 访问路径是否在系统菜单里 ==>{}, 用户是否具有该路径权限 ==>{}",referer, isRefererInAll, isRefererInUserHas);
|
|
|
+ if(isRefererInAll){
|
|
|
+ if (!isRefererInUserHas) {
|
|
|
+ result.put("flag", false);
|
|
|
+ result.put("url", configService.selectConfigByKey("backToMainPage"));
|
|
|
+ return result;
|
|
|
+ }
|
|
|
}
|
|
|
result.put("flag",true);
|
|
|
return result;
|
|
|
@@ -288,25 +294,52 @@ public class SysUserController extends BaseController {
|
|
|
|
|
|
public boolean contains(JSONArray jsonArray, String referer){
|
|
|
boolean flag = false;
|
|
|
- for (int i = 0; i < jsonArray.size(); i++) {
|
|
|
- Object url = null;
|
|
|
- String type = JSONUtil.parseObj(jsonArray.get(i)).get("menuType").toString();
|
|
|
- switch (type){
|
|
|
- case "P" : url = JSONUtil.parseObj(jsonArray.get(i)).get("pageServerUrl");
|
|
|
- case "ZC" : url = JSONUtil.parseObj(jsonArray.get(i)).get("pageRouterUrl");
|
|
|
- case "FC" : url = JSONUtil.parseObj(jsonArray.get(i)).get("pageRouterUrl");
|
|
|
- case "ZM": url = JSONUtil.parseObj(jsonArray.get(i)).get("componentUrl");
|
|
|
- case "FM": url = JSONUtil.parseObj(jsonArray.get(i)).get("componentUrl");
|
|
|
+ String url = "";
|
|
|
+ for (Object o : jsonArray) {
|
|
|
+ String type = JSONUtil.parseObj(o).get("menuType").toString();
|
|
|
+ switch (type) {
|
|
|
+ case "P":
|
|
|
+ url = JSONUtil.parseObj(o).getStr("pageServerUrl"); break;
|
|
|
+ case "ZC":
|
|
|
+ case "FC":
|
|
|
+ url = JSONUtil.parseObj(o).getStr("pageRouterUrl"); break;
|
|
|
+ case "ZM":
|
|
|
+ case "FM":
|
|
|
+ url = JSONUtil.parseObj(o).getStr("componentUrl"); break;
|
|
|
}
|
|
|
-
|
|
|
- if(url != null && referer.contains(url.toString())){
|
|
|
- logger.info("Referer ==>{}, PageRouterUrl ==>{}",referer,url);
|
|
|
+ if (StringUtils.isNotEmpty(url) && compareUrlIpPort(referer, url)) {
|
|
|
+ logger.info("Referer ==>{}, PageRouterUrl ==>{}", referer, url);
|
|
|
flag = true;
|
|
|
}
|
|
|
}
|
|
|
return flag;
|
|
|
}
|
|
|
|
|
|
+ public boolean compareUrlIpPort(String url1, String url2){
|
|
|
+ try {
|
|
|
+ URL u1 = new URL(url1);
|
|
|
+ URL u2 = new URL(url2);
|
|
|
+
|
|
|
+ // 获取 host(IP 或域名)
|
|
|
+ String host1 = u1.getHost();
|
|
|
+ String host2 = u2.getHost();
|
|
|
+
|
|
|
+ // 获取端口(如果没有显式指定,返回 -1)
|
|
|
+ int port1 = u1.getPort();
|
|
|
+ int port2 = u2.getPort();
|
|
|
+
|
|
|
+ // 如果未指定端口,使用默认端口(HTTP=80, HTTPS=443)
|
|
|
+ if (port1 == -1) port1 = u1.getDefaultPort();
|
|
|
+ if (port2 == -1) port2 = u2.getDefaultPort();
|
|
|
+
|
|
|
+ // 比对 host 和 port
|
|
|
+ return host1.equals(host2) && (port1 == port2);
|
|
|
+ } catch (MalformedURLException e) {
|
|
|
+ logger.error("URL 格式错误: " + e.getMessage());
|
|
|
+ }
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+
|
|
|
/**
|
|
|
* 根据用户编号获取详细信息
|
|
|
*/
|
bihuisong