From 4e8dd706d568d1276ad82a0bf8f4ba13c5dac5ef Mon Sep 17 00:00:00 2001
From: 0慕容雪0 <ytu.mxh@163.com>
Date: Fri, 10 Mar 2023 16:22:35 +0800
Subject: [PATCH] update ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java. DataScopeAspect,数据权限切面处理类中，用户多角色情况下，若所有角色都不包含传递过来的权限字符，这个时候sqlString也会为空，会导致用户拥有全部数据权限，所以要限制一下, 可以根据conditions集合是否为空，来判断循环时所有角色是否都是在判断权限字符时continue了。 复现方法: 在使用@DataScope注解时permission定义了值,这个值所有角色不包含。

---
 ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CaptchaController.java |   22 +++++++++++++++-------
 1 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CaptchaController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CaptchaController.java
index 035cfd2..e1a397e 100644
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CaptchaController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CaptchaController.java
@@ -7,16 +7,18 @@
 import javax.imageio.ImageIO;
 import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.util.FastByteArrayOutputStream;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 import com.google.code.kaptcha.Producer;
+import com.ruoyi.common.config.RuoYiConfig;
+import com.ruoyi.common.constant.CacheConstants;
 import com.ruoyi.common.constant.Constants;
 import com.ruoyi.common.core.domain.AjaxResult;
 import com.ruoyi.common.core.redis.RedisCache;
 import com.ruoyi.common.utils.sign.Base64;
 import com.ruoyi.common.utils.uuid.IdUtils;
+import com.ruoyi.system.service.ISysConfigService;
 
 /**
  * 验证码操作处理
@@ -35,24 +37,31 @@
     @Autowired
     private RedisCache redisCache;
     
-    // 验证码类型
-    @Value("${ruoyi.captchaType}")
-    private String captchaType;
-
+    @Autowired
+    private ISysConfigService configService;
     /**
      * 生成验证码
      */
     @GetMapping("/captchaImage")
     public AjaxResult getCode(HttpServletResponse response) throws IOException
     {
+        AjaxResult ajax = AjaxResult.success();
+        boolean captchaEnabled = configService.selectCaptchaEnabled();
+        ajax.put("captchaEnabled", captchaEnabled);
+        if (!captchaEnabled)
+        {
+            return ajax;
+        }
+
         // 保存验证码信息
         String uuid = IdUtils.simpleUUID();
-        String verifyKey = Constants.CAPTCHA_CODE_KEY + uuid;
+        String verifyKey = CacheConstants.CAPTCHA_CODE_KEY + uuid;
 
         String capStr = null, code = null;
         BufferedImage image = null;
 
         // 生成验证码
+        String captchaType = RuoYiConfig.getCaptchaType();
         if ("math".equals(captchaType))
         {
             String capText = captchaProducerMath.createText();
@@ -78,7 +87,6 @@
             return AjaxResult.error(e.getMessage());
         }
 
-        AjaxResult ajax = AjaxResult.success();
         ajax.put("uuid", uuid);
         ajax.put("img", Base64.encode(os.toByteArray()));
         return ajax;

--
Gitblit v1.9.2