限制外链地址必须以http(s)://开头
This commit is contained in:
parent
30be2a08a1
commit
c1db17dd77
@ -19,6 +19,16 @@ public class Constants
|
|||||||
*/
|
*/
|
||||||
public static final String GBK = "GBK";
|
public static final String GBK = "GBK";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* http请求
|
||||||
|
*/
|
||||||
|
public static final String HTTP = "http://";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* https请求
|
||||||
|
*/
|
||||||
|
public static final String HTTPS = "https://";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 通用成功标识
|
* 通用成功标识
|
||||||
*/
|
*/
|
||||||
|
@ -26,7 +26,7 @@ public class UserConstants
|
|||||||
|
|
||||||
/** 部门正常状态 */
|
/** 部门正常状态 */
|
||||||
public static final String DEPT_NORMAL = "0";
|
public static final String DEPT_NORMAL = "0";
|
||||||
|
|
||||||
/** 部门停用状态 */
|
/** 部门停用状态 */
|
||||||
public static final String DEPT_DISABLE = "1";
|
public static final String DEPT_DISABLE = "1";
|
||||||
|
|
||||||
@ -36,6 +36,12 @@ public class UserConstants
|
|||||||
/** 是否为系统默认(是) */
|
/** 是否为系统默认(是) */
|
||||||
public static final String YES = "Y";
|
public static final String YES = "Y";
|
||||||
|
|
||||||
|
/** 是否菜单外链(是) */
|
||||||
|
public static final String YES_FRAME = "0";
|
||||||
|
|
||||||
|
/** 是否菜单外链(否) */
|
||||||
|
public static final String NO_FRAME = "1";
|
||||||
|
|
||||||
/** 校验返回结果码 */
|
/** 校验返回结果码 */
|
||||||
public final static String UNIQUE = "0";
|
public final static String UNIQUE = "0";
|
||||||
public final static String NOT_UNIQUE = "1";
|
public final static String NOT_UNIQUE = "1";
|
||||||
|
@ -12,9 +12,11 @@ import org.springframework.web.bind.annotation.PutMapping;
|
|||||||
import org.springframework.web.bind.annotation.RequestBody;
|
import org.springframework.web.bind.annotation.RequestBody;
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
import org.springframework.web.bind.annotation.RestController;
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
import com.ruoyi.common.constant.Constants;
|
||||||
import com.ruoyi.common.constant.UserConstants;
|
import com.ruoyi.common.constant.UserConstants;
|
||||||
import com.ruoyi.common.utils.SecurityUtils;
|
import com.ruoyi.common.utils.SecurityUtils;
|
||||||
import com.ruoyi.common.utils.ServletUtils;
|
import com.ruoyi.common.utils.ServletUtils;
|
||||||
|
import com.ruoyi.common.utils.StringUtils;
|
||||||
import com.ruoyi.framework.aspectj.lang.annotation.Log;
|
import com.ruoyi.framework.aspectj.lang.annotation.Log;
|
||||||
import com.ruoyi.framework.aspectj.lang.enums.BusinessType;
|
import com.ruoyi.framework.aspectj.lang.enums.BusinessType;
|
||||||
import com.ruoyi.framework.security.LoginUser;
|
import com.ruoyi.framework.security.LoginUser;
|
||||||
@ -100,6 +102,11 @@ public class SysMenuController extends BaseController
|
|||||||
{
|
{
|
||||||
return AjaxResult.error("新增菜单'" + menu.getMenuName() + "'失败,菜单名称已存在");
|
return AjaxResult.error("新增菜单'" + menu.getMenuName() + "'失败,菜单名称已存在");
|
||||||
}
|
}
|
||||||
|
else if (UserConstants.YES_FRAME.equals(menu.getIsFrame())
|
||||||
|
&& !StringUtils.startsWithAny(menu.getPath(), Constants.HTTP, Constants.HTTPS))
|
||||||
|
{
|
||||||
|
return AjaxResult.error("新增菜单'" + menu.getMenuName() + "'失败,地址必须以http(s)://开头");
|
||||||
|
}
|
||||||
menu.setCreateBy(SecurityUtils.getUsername());
|
menu.setCreateBy(SecurityUtils.getUsername());
|
||||||
return toAjax(menuService.insertMenu(menu));
|
return toAjax(menuService.insertMenu(menu));
|
||||||
}
|
}
|
||||||
@ -116,6 +123,11 @@ public class SysMenuController extends BaseController
|
|||||||
{
|
{
|
||||||
return AjaxResult.error("修改菜单'" + menu.getMenuName() + "'失败,菜单名称已存在");
|
return AjaxResult.error("修改菜单'" + menu.getMenuName() + "'失败,菜单名称已存在");
|
||||||
}
|
}
|
||||||
|
else if (UserConstants.YES_FRAME.equals(menu.getIsFrame())
|
||||||
|
&& !StringUtils.startsWithAny(menu.getPath(), Constants.HTTP, Constants.HTTPS))
|
||||||
|
{
|
||||||
|
return AjaxResult.error("新增菜单'" + menu.getMenuName() + "'失败,地址必须以http(s)://开头");
|
||||||
|
}
|
||||||
menu.setUpdateBy(SecurityUtils.getUsername());
|
menu.setUpdateBy(SecurityUtils.getUsername());
|
||||||
return toAjax(menuService.updateMenu(menu));
|
return toAjax(menuService.updateMenu(menu));
|
||||||
}
|
}
|
||||||
|
@ -298,7 +298,7 @@ public class SysMenuServiceImpl implements ISysMenuService
|
|||||||
{
|
{
|
||||||
String routerPath = menu.getPath();
|
String routerPath = menu.getPath();
|
||||||
// 非外链并且是一级目录
|
// 非外链并且是一级目录
|
||||||
if (0 == menu.getParentId() && "1".equals(menu.getIsFrame()))
|
if (0 == menu.getParentId() && UserConstants.NO_FRAME.equals(menu.getIsFrame()))
|
||||||
{
|
{
|
||||||
routerPath = "/" + menu.getPath();
|
routerPath = "/" + menu.getPath();
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user