getrebuild/rebuild
1
1
Fork 0
mirror of https://github.com/getrebuild/rebuild.git synced 2024-09-20 07:25:54 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix 3.7.6 (#795)

Browse source 
* cve

* be: RobotApprovalStep cascade

* 3.7.6

* Update PrivilegesGuardInterceptor.java
This commit is contained in:
REBUILD 企业管理系统 2024-08-02 16:12:15 +08:00 committed by GitHub
parent 478d5a6bfb
commit dab75bbd9c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
11 changed files with 24 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
@rbv

@ -1 +1 @@
Subproject commit e0ddad6f662dfa5c35adf7001d2c1cee936d92e6
Subproject commit 0f64bea1ce3d94152e7ad6716cdb1bdc3565336a

2
pom.xml
View file

@ -10,7 +10,7 @@
</parent>
<groupId>com.rebuild</groupId>
<artifactId>rebuild</artifactId>
<version>3.7.5</version>
<version>3.7.6</version>
<name>rebuild</name>
<description>Building your business-systems freely!</description>
<url>https://getrebuild.com/</url>

4
src/main/java/com/rebuild/core/Application.java
View file

@ -74,11 +74,11 @@ public class Application implements ApplicationListener<ApplicationStartedEvent>
/**
* Rebuild Version
*/
public static final String VER = "3.7.5";
public static final String VER = "3.7.6";
/**
* Rebuild Build [MAJOR]{1}[MINOR]{2}[PATCH]{2}[BUILD]{2}
*/
public static final int BUILD = 3070511;
public static final int BUILD = 3070612;
static {
// Driver for DB

4
src/main/java/com/rebuild/core/privileges/PrivilegesGuardInterceptor.java
View file

@ -143,8 +143,8 @@ public class PrivilegesGuardInterceptor implements MethodInterceptor, Guard {
}
if (!allowed) {
log.warn("User [ {} ] not allowed execute action [ {} ]. "
+ (recordId == null ? "Entity : " + entity : "Record : " + recordId), caller, action);
log.warn("User [ {} ] not allowed execute action [ {} ]. {}",
caller, action, recordId == null ? "Entity : " + entity : "Record : " + recordId);
if (errorMsg == null) errorMsg = formatHumanMessage(action, entity, recordId);
throw new AccessDeniedException(errorMsg);

2
src/main/java/com/rebuild/core/service/PerHourJob.java
View file

@ -13,6 +13,7 @@ import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.rebuild.core.Application;
import com.rebuild.core.ServerStatus;
import com.rebuild.core.service.general.recyclebin.RecycleBinCleanerJob;
import com.rebuild.core.support.ConfigurationItem;
import com.rebuild.core.support.License;
import com.rebuild.core.support.RebuildConfiguration;
@ -128,6 +129,7 @@ public class PerHourJob extends DistributedJobLock {
/**
* TODO 清理系统级引用
* @see RecycleBinCleanerJob
*/
protected void doCleanSystemRefs() {
}

3
src/main/java/com/rebuild/core/support/general/BarCodeSupport.java
View file

@ -149,6 +149,9 @@ public class BarCodeSupport {
hints.put(EncodeHintType.ERROR_CORRECTION, ErrorCorrectionLevel.M);
hints.put(EncodeHintType.MARGIN, 1);
if (width > 1200) width = 1200;
if (height > 1200) height = 1200;
try {
if (format == BarcodeFormat.QR_CODE) {
width = height = Math.max(width, height);

5
src/main/java/com/rebuild/web/RebuildWebInterceptor.java
View file

@ -245,9 +245,8 @@ public class RebuildWebInterceptor implements AsyncHandlerInterceptor, InstallSt
}
private boolean isIgnoreAuth(String requestUri) {
if (requestUri.contains("/user/") && !requestUri.contains("/user/admin")) {
return true;
}
if (requestUri.contains("..")) return false;
if (requestUri.contains("/user/") && !requestUri.contains("/user/admin")) return true;
requestUri = requestUri.replaceFirst(AppUtils.getContextPath(), "");

14
src/main/resources/metadata-conf.xml
View file

@ -286,7 +286,7 @@
<entity name="RobotApprovalStep" type-code="029" description="审批流程步骤" queryable="false">
<field name="stepId" type="primary"/>
<field name="recordId" type="any-reference" nullable="false" updatable="false" description="审批记录"/>
<field name="recordId" type="any-reference" nullable="false" updatable="false" cascade="ignore" description="审批记录"/>
<field name="approvalId" type="reference" ref-entity="RobotApprovalConfig" nullable="false" updatable="false" description="审批流程"/>
<field name="node" type="string" max-length="100" nullable="false" updatable="false" description="审批节点"/>
<field name="approver" type="reference" ref-entity="User" nullable="false" updatable="false" description="审批人"/>
@ -314,7 +314,7 @@
<entity name="RobotSopStep" type-code="071" description="业务进度记录" queryable="false">
<field name="stepId" type="primary"/>
<field name="recordId" type="any-reference" nullable="false" updatable="false" description="业务记录"/>
<field name="recordId" type="any-reference" nullable="false" updatable="false" cascade="ignore" description="业务记录"/>
<field name="sopId" type="reference" ref-entity="RobotSopConfig" nullable="false" updatable="false" description="业务进度"/>
<field name="node" type="string" max-length="100" nullable="false" updatable="false" description="进度节点"/>
<field name="operator" type="reference" ref-entity="User" nullable="false" updatable="false" description="操作人"/>
@ -361,12 +361,12 @@
<entity name="RecycleBin" type-code="033" name-field="recordName" description="回收站" queryable="false" parent="false">
<field name="recycleId" type="primary"/>
<field name="belongEntity" type="string" max-length="100" nullable="false" updatable="false" description="所属实体"/>
<field name="recordId" type="any-reference" nullable="false" updatable="false" description="ID 字段值" cascade="ignore"/>
<field name="recordId" type="any-reference" nullable="false" updatable="false" cascade="ignore" description="ID 字段值"/>
<field name="recordName" type="string" max-length="191" nullable="false" updatable="false" description="名称字段值"/>
<field name="recordContent" type="ntext" nullable="false" updatable="false" description="数据"/>
<field name="deletedBy" type="reference" ref-entity="User" nullable="false" updatable="false" description="删除人"/>
<field name="deletedOn" type="timestamp" nullable="false" updatable="false" description="删除时间"/>
<field name="channelWith" type="any-reference" updatable="false" description="删除渠道 (空为直接删除, 否则为关联删除)" cascade="ignore"/>
<field name="channelWith" type="any-reference" updatable="false" cascade="ignore" description="删除渠道 (空为直接删除, 否则为关联删除)"/>
<index field-list="belongEntity,recordName,deletedBy,deletedOn"/>
<index field-list="recordId,channelWith"/>
</entity>
@ -451,7 +451,7 @@
<field name="contentMore" type="text" description="附加内容" queryable="false"/>
<field name="images" type="string" max-length="700" description="图片" extra-attrs="{displayType:'IMAGE'}"/>
<field name="attachments" type="string" max-length="700" description="附件" extra-attrs="{displayType:'FILE'}"/>
<field name="relatedRecord" type="any-reference" description="相关记录" cascade="ignore"/>
<field name="relatedRecord" type="any-reference" cascade="ignore" description="相关记录"/>
<field name="scheduleTime" type="timestamp" description="日程时间"/>
<field name="scope" type="string" max-length="20" default-value="ALL" description="可见范围 (ALL/SELF/$TeamID)" queryable="false"/>
<field name="autoLocation" type="string" max-length="100" description="发布位置" extra-attrs="{displayType:'LOCATION'}"/>
@ -472,7 +472,7 @@
<entity name="FeedsLike" type-code="042" description="动态点赞" parent="false" queryable="false">
<field name="likeId" type="primary"/>
<field name="source" type="any-reference" ref-entity="Feeds,FeedsComment" nullable="false" updatable="false" description="哪个动态/评论" cascade="delete"/>
<field name="source" type="any-reference" ref-entity="Feeds,FeedsComment" nullable="false" updatable="false" cascade="delete" description="哪个动态/评论"/>
<field name="createdBy" type="reference" ref-entity="User" nullable="false" creatable="false" updatable="false" description="创建人"/>
<field name="createdOn" type="timestamp" nullable="false" creatable="false" updatable="false" description="创建时间"/>
<index field-list="source,createdBy"/>
@ -536,7 +536,7 @@
<field name="description" type="text" description="备注" queryable="false"/>
<field name="attachments" type="string" max-length="700" description="附件" extra-attrs="{displayType:'FILE'}"/>
<field name="parentTaskId" type="reference" ref-entity="ProjectTask" description="父级任务" queryable="false"/>
<field name="relatedRecord" type="any-reference" description="相关记录" cascade="ignore"/>
<field name="relatedRecord" type="any-reference" cascade="ignore" description="相关记录"/>
<field name="seq" type="int" default-value="0" description="排序 (小到大)" queryable="false"/>
<index field-list="projectId,projectPlanId,seq"/>
<index field-list="projectId,taskNumber,taskName,status"/>

2
src/main/resources/web/assets/js/general/rb-assignshare.js
View file

@ -91,7 +91,7 @@ class DlgAssign extends RbModalHandler {
$(this._$cascades)
.select2({
multiple: true,
placeholder: $L('选择相关实体 (可选)'),
placeholder: $L('选择'),
})
.val(defaultSelected)
.trigger('change')

3
src/main/resources/web/assets/js/general/rb-datalist.common.js
View file

@ -482,7 +482,7 @@ class BatchUpdate extends BatchOperator {
if (rb.env === 'dev') console.log(JSON.stringify(_data))
const that = this
RbAlert.create(<b>{$L('请再次确认修改数据范围和修改内容开始修改吗')}</b>, {
RbAlert.create($L('请再次确认修改数据范围和修改内容开始修改吗'), {
onConfirm: function () {
this.hide()
that.disabled(true, true)
@ -501,6 +501,7 @@ class BatchUpdate extends BatchOperator {
}
})
},
countdown: 5,
})
}

2
src/main/resources/web/assets/js/general/rb-forms.append.js
View file

@ -250,7 +250,7 @@ class DeleteConfirm extends RbAlert {
this.setState({ cascadesEntity: res.data }, () => {
this.__select2 = $(this._cascades)
.select2({
placeholder: $L('选择相关实体 (可选)'),
placeholder: $L('选择'),
width: '88%',
})
.val(null)