限制外链地址必须以http(s)://开头

pull/2/head
RuoYi 2020-05-26 11:54:46 +08:00
parent 30be2a08a1
commit c1db17dd77
4 changed files with 30 additions and 2 deletions

View File

@ -19,6 +19,16 @@ public class Constants
*/ */
public static final String GBK = "GBK"; public static final String GBK = "GBK";
/**
* http
*/
public static final String HTTP = "http://";
/**
* https
*/
public static final String HTTPS = "https://";
/** /**
* *
*/ */

View File

@ -26,7 +26,7 @@ public class UserConstants
/** 部门正常状态 */ /** 部门正常状态 */
public static final String DEPT_NORMAL = "0"; public static final String DEPT_NORMAL = "0";
/** 部门停用状态 */ /** 部门停用状态 */
public static final String DEPT_DISABLE = "1"; public static final String DEPT_DISABLE = "1";
@ -36,6 +36,12 @@ public class UserConstants
/** 是否为系统默认(是) */ /** 是否为系统默认(是) */
public static final String YES = "Y"; public static final String YES = "Y";
/** 是否菜单外链(是) */
public static final String YES_FRAME = "0";
/** 是否菜单外链(否) */
public static final String NO_FRAME = "1";
/** 校验返回结果码 */ /** 校验返回结果码 */
public final static String UNIQUE = "0"; public final static String UNIQUE = "0";
public final static String NOT_UNIQUE = "1"; public final static String NOT_UNIQUE = "1";

View File

@ -12,9 +12,11 @@ import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.RestController;
import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.constant.UserConstants; import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.utils.SecurityUtils; import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.ServletUtils; import com.ruoyi.common.utils.ServletUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.framework.aspectj.lang.annotation.Log; import com.ruoyi.framework.aspectj.lang.annotation.Log;
import com.ruoyi.framework.aspectj.lang.enums.BusinessType; import com.ruoyi.framework.aspectj.lang.enums.BusinessType;
import com.ruoyi.framework.security.LoginUser; import com.ruoyi.framework.security.LoginUser;
@ -100,6 +102,11 @@ public class SysMenuController extends BaseController
{ {
return AjaxResult.error("新增菜单'" + menu.getMenuName() + "'失败,菜单名称已存在"); return AjaxResult.error("新增菜单'" + menu.getMenuName() + "'失败,菜单名称已存在");
} }
else if (UserConstants.YES_FRAME.equals(menu.getIsFrame())
&& !StringUtils.startsWithAny(menu.getPath(), Constants.HTTP, Constants.HTTPS))
{
return AjaxResult.error("新增菜单'" + menu.getMenuName() + "'失败地址必须以http(s)://开头");
}
menu.setCreateBy(SecurityUtils.getUsername()); menu.setCreateBy(SecurityUtils.getUsername());
return toAjax(menuService.insertMenu(menu)); return toAjax(menuService.insertMenu(menu));
} }
@ -116,6 +123,11 @@ public class SysMenuController extends BaseController
{ {
return AjaxResult.error("修改菜单'" + menu.getMenuName() + "'失败,菜单名称已存在"); return AjaxResult.error("修改菜单'" + menu.getMenuName() + "'失败,菜单名称已存在");
} }
else if (UserConstants.YES_FRAME.equals(menu.getIsFrame())
&& !StringUtils.startsWithAny(menu.getPath(), Constants.HTTP, Constants.HTTPS))
{
return AjaxResult.error("新增菜单'" + menu.getMenuName() + "'失败地址必须以http(s)://开头");
}
menu.setUpdateBy(SecurityUtils.getUsername()); menu.setUpdateBy(SecurityUtils.getUsername());
return toAjax(menuService.updateMenu(menu)); return toAjax(menuService.updateMenu(menu));
} }

View File

@ -298,7 +298,7 @@ public class SysMenuServiceImpl implements ISysMenuService
{ {
String routerPath = menu.getPath(); String routerPath = menu.getPath();
// 非外链并且是一级目录 // 非外链并且是一级目录
if (0 == menu.getParentId() && "1".equals(menu.getIsFrame())) if (0 == menu.getParentId() && UserConstants.NO_FRAME.equals(menu.getIsFrame()))
{ {
routerPath = "/" + menu.getPath(); routerPath = "/" + menu.getPath();
} }