权限出错,功能的url被串改
这种url:cgAutoListController.do?list&id=jform_zp_b_grade&isIframe&jp_status=3在数据库端抓取执行的sql,会程序改变url的值
导致查询用户权限的时候,无法正确查询
数据库执行sql:
select count(*) from t_s_function where functiontype = 0 and functionurl = 'cgAutoListController.do?list&id=jform_zp_b_grade';
SELECT count(*) FROM t_s_function f,t_s_role_functionrf,t_s_role_user ruWHERE f.id=rf.functionid AND rf.roleid=ru.roleid AND ru.userid='4028b881624c9b6201624cbd3ef40010' AND f.functionurl = 'cgAutoListController.do?list&id=jform_zp_b_grade';
SELECT count(*) from t_s_function f, t_s_role_function rf, t_s_role_org roWHERE f.ID=rf.functionid AND rf.roleid=ro.role_id AND ro.org_id='402880e447e9a9570147e9b677320003' AND f.functionurl = 'cgAutoListController.do?list&id=jform_zp_b_grade';
select count(*) from t_s_function where functiontype = 0 and functionurl = 'loginController.do?noAuth';
select this_.ID as ID47_3_, this_.parentfunctionid as parentf15_47_3_, this_.iconid as iconid47_3_, this_.desk_iconid as desk17_47_3_, this_.create_by as create2_47_3_, this_.create_date as create3_47_3_, this_.create_name as create4_47_3_, this_.function_icon_style as function5_47_3_, this_.functioniframe as function6_47_3_, this_.functionlevel as function7_47_3_, this_.functionname as function8_47_3_, this_.functionorder as function9_47_3_, this_.functiontype as functio10_47_3_, this_.functionurl as functio11_47_3_, this_.update_by as update12_47_3_, this_.update_date as update13_47_3_, this_.update_name as update14_47_3_, tsfunction2_.ID as ID47_0_, tsfunction2_.parentfunctionid as parentf15_47_0_, tsfunction2_.iconid as iconid47_0_, tsfunction2_.desk_iconid as desk17_47_0_, tsfunction2_.create_by as create2_47_0_, tsfunction2_.create_date as create3_47_0_, tsfunction2_.create_name as create4_47_0_, tsfunction2_.function_icon_style as function5_47_0_, tsfunction2_.functioniframe as function6_47_0_, tsfunction2_.functionlevel as function7_47_0_, tsfunction2_.functionname as function8_47_0_, tsfunction2_.functionorder as function9_47_0_, tsfunction2_.functiontype as functio10_47_0_, tsfunction2_.functionurl as functio11_47_0_, tsfunction2_.update_by as update12_47_0_, tsfunction2_.update_date as update13_47_0_, tsfunction2_.update_name as update14_47_0_, tsicon3_.ID as ID48_1_, tsicon3_.extend as extend48_1_, tsicon3_.iconclas as iconclas48_1_, tsicon3_.content as content48_1_, tsicon3_.name as name48_1_, tsicon3_.path as path48_1_, tsicon3_.type as type48_1_, tsicon4_.ID as ID48_2_, tsicon4_.extend as extend48_2_, tsicon4_.iconclas as iconclas48_2_, tsicon4_.content as content48_2_, tsicon4_.name as name48_2_, tsicon4_.path as path48_2_, tsicon4_.type as type48_2_ from t_s_function this_ left outer join t_s_function tsfunction2_ on this_.parentfunctionid=tsfunction2_.ID left outer join t_s_icon tsicon3_ on tsfunction2_.iconid=tsicon3_.ID left outer join t_s_icon tsicon4_ on tsfunction2_.desk_iconid=tsicon4_.ID where this_.functionurl='loginController.do?noAuth';
select tssmsentit0_.ID as ID68_, tssmsentit0_.CREATE_BY as CREATE2_68_, tssmsentit0_.CREATE_DATE as CREATE3_68_, tssmsentit0_.CREATE_NAME as CREATE4_68_, tssmsentit0_.ES_CONTENT as ES5_68_, tssmsentit0_.ES_RECEIVER as ES6_68_, tssmsentit0_.ES_SENDER as ES7_68_, tssmsentit0_.ES_SENDTIME as ES8_68_, tssmsentit0_.ES_STATUS as ES9_68_, tssmsentit0_.ES_TITLE as ES10_68_, tssmsentit0_.ES_TYPE as ES11_68_, tssmsentit0_.remark as remark68_, tssmsentit0_.UPDATE_BY as UPDATE13_68_, tssmsentit0_.UPDATE_DATE as UPDATE14_68_, tssmsentit0_.UPDATE_NAME as UPDATE15_68_ from t_s_sms tssmsentit0_ where tssmsentit0_.ES_STATUS='1';
看下常见问题贴,jeecg的权限规则
http://www.jeecg.org/forum.php?mod=viewthread&tid=1830&extra=page%3D1
技术六:权限拦截支持请求URL(目前支持带一个参数,但格式有要求,不能带等号) 技术六:权限拦截支持请求URL(目前支持带一个参数,但格式有要求,不能带等号)
loginController.do?login
loginController.do
不支持模式:
loginController.do?name=2
如果有特殊的需要通过参数控制,可以换个请求方式,例如:
cgFormBuildController/ftlForm/{Online表单名}/goDetail.do?id={?}
哥们,像这种url要怎么改写
cgAutoListController.do?list&id=jform_zp_b_grade&isIframe&jp_status=3 常见问题贴里面有说明
页:
[1]