public/dataease
1
0
Fork 0
mirror of https://github.com/dataease/dataease.git synced 2026-05-15 05:22:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(X-Pack): 用户管理列表-查询条件存在 SQL 注入风险

Browse Source
This commit is contained in:
fit2cloud-chenyw
2025-02-06 16:56:38 +08:00
committed by dataeaseShu
parent bfd4b6b988
commit 3ec0398d30
2 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/user/api/UserApi.java
View File

@@ -11,7 +11,6 @@ import io.dataease.auth.DeApiPath;
import io.dataease.auth.DePermit;
import io.dataease.auth.vo.TokenVO;
import io.dataease.model.KeywordRequest;
import io.dataease.request.BaseGridRequest;
import io.swagger.v3.oas.annotations.Hidden;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
@@ -40,7 +39,7 @@ public interface UserApi {
})
@DePermit("m:read")
@PostMapping("/pager/{goPage}/{pageSize}")
IPage<UserGridVO> pager(@PathVariable("goPage") int goPage, @PathVariable("pageSize") int pageSize, @RequestBody BaseGridRequest request);
IPage<UserGridVO> pager(@PathVariable("goPage") int goPage, @PathVariable("pageSize") int pageSize, @RequestBody UserGridRequest request);
@Operation(summary = "查询用户详情")
@Parameter(name = "id", description = "ID", required = true, in = ParameterIn.PATH)

20
sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/user/dto/UserGridRequest.java Normal file
View File

@@ -0,0 +1,20 @@
package io.dataease.api.permissions.user.dto;
import io.dataease.model.KeywordRequest;
import lombok.Data;
import lombok.EqualsAndHashCode;
import java.io.Serializable;
import java.util.List;
@EqualsAndHashCode(callSuper = true)
@Data
public class UserGridRequest extends KeywordRequest implements Serializable {
private List<Boolean> statusList;
private List<Integer> originList;
private List<Long> roleIdList;
private Boolean timeDesc;
}