|
|
这种url:cgAutoListController.do?list&id=jform_zp_b_grade&isIframe&jp_status=3
在数据库端抓取执行的sql,会程序改变url的值
导致查询用户权限的时候,无法正确查询
数据库执行sql:
select count(*) from t_s_function where functiontype = 0 and functionurl = 'cgAutoListController.do?list&id=jform_zp_b_grade';
SELECT count(*) FROM t_s_function f,t_s_role_function rf,t_s_role_user ru WHERE f.id=rf.functionid AND rf.roleid=ru.roleid AND ru.userid='4028b881624c9b6201624cbd3ef40010' AND f.functionurl = 'cgAutoListController.do?list&id=jform_zp_b_grade';
SELECT count(*) from t_s_function f, t_s_role_function rf, t_s_role_org ro WHERE f.ID=rf.functionid AND rf.roleid=ro.role_id AND ro.org_id='402880e447e9a9570147e9b677320003' AND f.functionurl = 'cgAutoListController.do?list&id=jform_zp_b_grade';
select count(*) from t_s_function where functiontype = 0 and functionurl = 'loginController.do?noAuth';
select this_.ID as ID47_3_, this_.parentfunctionid as parentf15_47_3_, this_.iconid as iconid47_3_, this_.desk_iconid as desk17_47_3_, this_.create_by as create2_47_3_, this_.create_date as create3_47_3_, this_.create_name as create4_47_3_, this_.function_icon_style as function5_47_3_, this_.functioniframe as function6_47_3_, this_.functionlevel as function7_47_3_, this_.functionname as function8_47_3_, this_.functionorder as function9_47_3_, this_.functiontype as functio10_47_3_, this_.functionurl as functio11_47_3_, this_.update_by as update12_47_3_, this_.update_date as update13_47_3_, this_.update_name as update14_47_3_, tsfunction2_.ID as ID47_0_, tsfunction2_.parentfunctionid as parentf15_47_0_, tsfunction2_.iconid as iconid47_0_, tsfunction2_.desk_iconid as desk17_47_0_, tsfunction2_.create_by as create2_47_0_, tsfunction2_.create_date as create3_47_0_, tsfunction2_.create_name as create4_47_0_, tsfunction2_.function_icon_style as function5_47_0_, tsfunction2_.functioniframe as function6_47_0_, tsfunction2_.functionlevel as function7_47_0_, tsfunction2_.functionname as function8_47_0_, tsfunction2_.functionorder as function9_47_0_, tsfunction2_.functiontype as functio10_47_0_, tsfunction2_.functionurl as functio11_47_0_, tsfunction2_.update_by as update12_47_0_, tsfunction2_.update_date as update13_47_0_, tsfunction2_.update_name as update14_47_0_, tsicon3_.ID as ID48_1_, tsicon3_.extend as extend48_1_, tsicon3_.iconclas as iconclas48_1_, tsicon3_.content as content48_1_, tsicon3_.name as name48_1_, tsicon3_.path as path48_1_, tsicon3_.type as type48_1_, tsicon4_.ID as ID48_2_, tsicon4_.extend as extend48_2_, tsicon4_.iconclas as iconclas48_2_, tsicon4_.content as content48_2_, tsicon4_.name as name48_2_, tsicon4_.path as path48_2_, tsicon4_.type as type48_2_ from t_s_function this_ left outer join t_s_function tsfunction2_ on this_.parentfunctionid=tsfunction2_.ID left outer join t_s_icon tsicon3_ on tsfunction2_.iconid=tsicon3_.ID left outer join t_s_icon tsicon4_ on tsfunction2_.desk_iconid=tsicon4_.ID where this_.functionurl='loginController.do?noAuth';
select tssmsentit0_.ID as ID68_, tssmsentit0_.CREATE_BY as CREATE2_68_, tssmsentit0_.CREATE_DATE as CREATE3_68_, tssmsentit0_.CREATE_NAME as CREATE4_68_, tssmsentit0_.ES_CONTENT as ES5_68_, tssmsentit0_.ES_RECEIVER as ES6_68_, tssmsentit0_.ES_SENDER as ES7_68_, tssmsentit0_.ES_SENDTIME as ES8_68_, tssmsentit0_.ES_STATUS as ES9_68_, tssmsentit0_.ES_TITLE as ES10_68_, tssmsentit0_.ES_TYPE as ES11_68_, tssmsentit0_.remark as remark68_, tssmsentit0_.UPDATE_BY as UPDATE13_68_, tssmsentit0_.UPDATE_DATE as UPDATE14_68_, tssmsentit0_.UPDATE_NAME as UPDATE15_68_ from t_s_sms tssmsentit0_ where tssmsentit0_.ES_STATUS='1';
|
-
|
窥视卡
雷达卡
发表于 2018-3-22 16:42:37
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡
发表于 2018-3-22 18:53:07
楼主