mirror of
https://github.com/getrebuild/rebuild.git
synced 2024-09-20 07:25:54 +08:00
Fix 3.7.6 (#795)
* cve * be: RobotApprovalStep cascade * 3.7.6 * Update PrivilegesGuardInterceptor.java
This commit is contained in:
parent
478d5a6bfb
commit
dab75bbd9c
2
@rbv
2
@rbv
|
@ -1 +1 @@
|
|||
Subproject commit e0ddad6f662dfa5c35adf7001d2c1cee936d92e6
|
||||
Subproject commit 0f64bea1ce3d94152e7ad6716cdb1bdc3565336a
|
2
pom.xml
2
pom.xml
|
@ -10,7 +10,7 @@
|
|||
</parent>
|
||||
<groupId>com.rebuild</groupId>
|
||||
<artifactId>rebuild</artifactId>
|
||||
<version>3.7.5</version>
|
||||
<version>3.7.6</version>
|
||||
<name>rebuild</name>
|
||||
<description>Building your business-systems freely!</description>
|
||||
<url>https://getrebuild.com/</url>
|
||||
|
|
|
@ -74,11 +74,11 @@ public class Application implements ApplicationListener<ApplicationStartedEvent>
|
|||
/**
|
||||
* Rebuild Version
|
||||
*/
|
||||
public static final String VER = "3.7.5";
|
||||
public static final String VER = "3.7.6";
|
||||
/**
|
||||
* Rebuild Build [MAJOR]{1}[MINOR]{2}[PATCH]{2}[BUILD]{2}
|
||||
*/
|
||||
public static final int BUILD = 3070511;
|
||||
public static final int BUILD = 3070612;
|
||||
|
||||
static {
|
||||
// Driver for DB
|
||||
|
|
|
@ -143,8 +143,8 @@ public class PrivilegesGuardInterceptor implements MethodInterceptor, Guard {
|
|||
}
|
||||
|
||||
if (!allowed) {
|
||||
log.warn("User [ {} ] not allowed execute action [ {} ]. "
|
||||
+ (recordId == null ? "Entity : " + entity : "Record : " + recordId), caller, action);
|
||||
log.warn("User [ {} ] not allowed execute action [ {} ]. {}",
|
||||
caller, action, recordId == null ? "Entity : " + entity : "Record : " + recordId);
|
||||
|
||||
if (errorMsg == null) errorMsg = formatHumanMessage(action, entity, recordId);
|
||||
throw new AccessDeniedException(errorMsg);
|
||||
|
|
|
@ -13,6 +13,7 @@ import com.alibaba.fastjson.JSON;
|
|||
import com.alibaba.fastjson.JSONObject;
|
||||
import com.rebuild.core.Application;
|
||||
import com.rebuild.core.ServerStatus;
|
||||
import com.rebuild.core.service.general.recyclebin.RecycleBinCleanerJob;
|
||||
import com.rebuild.core.support.ConfigurationItem;
|
||||
import com.rebuild.core.support.License;
|
||||
import com.rebuild.core.support.RebuildConfiguration;
|
||||
|
@ -128,6 +129,7 @@ public class PerHourJob extends DistributedJobLock {
|
|||
|
||||
/**
|
||||
* TODO 清理系统级引用
|
||||
* @see RecycleBinCleanerJob
|
||||
*/
|
||||
protected void doCleanSystemRefs() {
|
||||
}
|
||||
|
|
|
@ -149,6 +149,9 @@ public class BarCodeSupport {
|
|||
hints.put(EncodeHintType.ERROR_CORRECTION, ErrorCorrectionLevel.M);
|
||||
hints.put(EncodeHintType.MARGIN, 1);
|
||||
|
||||
if (width > 1200) width = 1200;
|
||||
if (height > 1200) height = 1200;
|
||||
|
||||
try {
|
||||
if (format == BarcodeFormat.QR_CODE) {
|
||||
width = height = Math.max(width, height);
|
||||
|
|
|
@ -245,9 +245,8 @@ public class RebuildWebInterceptor implements AsyncHandlerInterceptor, InstallSt
|
|||
}
|
||||
|
||||
private boolean isIgnoreAuth(String requestUri) {
|
||||
if (requestUri.contains("/user/") && !requestUri.contains("/user/admin")) {
|
||||
return true;
|
||||
}
|
||||
if (requestUri.contains("..")) return false;
|
||||
if (requestUri.contains("/user/") && !requestUri.contains("/user/admin")) return true;
|
||||
|
||||
requestUri = requestUri.replaceFirst(AppUtils.getContextPath(), "");
|
||||
|
||||
|
|
|
@ -286,7 +286,7 @@
|
|||
|
||||
<entity name="RobotApprovalStep" type-code="029" description="审批流程步骤" queryable="false">
|
||||
<field name="stepId" type="primary"/>
|
||||
<field name="recordId" type="any-reference" nullable="false" updatable="false" description="审批记录"/>
|
||||
<field name="recordId" type="any-reference" nullable="false" updatable="false" cascade="ignore" description="审批记录"/>
|
||||
<field name="approvalId" type="reference" ref-entity="RobotApprovalConfig" nullable="false" updatable="false" description="审批流程"/>
|
||||
<field name="node" type="string" max-length="100" nullable="false" updatable="false" description="审批节点"/>
|
||||
<field name="approver" type="reference" ref-entity="User" nullable="false" updatable="false" description="审批人"/>
|
||||
|
@ -314,7 +314,7 @@
|
|||
|
||||
<entity name="RobotSopStep" type-code="071" description="业务进度记录" queryable="false">
|
||||
<field name="stepId" type="primary"/>
|
||||
<field name="recordId" type="any-reference" nullable="false" updatable="false" description="业务记录"/>
|
||||
<field name="recordId" type="any-reference" nullable="false" updatable="false" cascade="ignore" description="业务记录"/>
|
||||
<field name="sopId" type="reference" ref-entity="RobotSopConfig" nullable="false" updatable="false" description="业务进度"/>
|
||||
<field name="node" type="string" max-length="100" nullable="false" updatable="false" description="进度节点"/>
|
||||
<field name="operator" type="reference" ref-entity="User" nullable="false" updatable="false" description="操作人"/>
|
||||
|
@ -361,12 +361,12 @@
|
|||
<entity name="RecycleBin" type-code="033" name-field="recordName" description="回收站" queryable="false" parent="false">
|
||||
<field name="recycleId" type="primary"/>
|
||||
<field name="belongEntity" type="string" max-length="100" nullable="false" updatable="false" description="所属实体"/>
|
||||
<field name="recordId" type="any-reference" nullable="false" updatable="false" description="ID 字段值" cascade="ignore"/>
|
||||
<field name="recordId" type="any-reference" nullable="false" updatable="false" cascade="ignore" description="ID 字段值"/>
|
||||
<field name="recordName" type="string" max-length="191" nullable="false" updatable="false" description="名称字段值"/>
|
||||
<field name="recordContent" type="ntext" nullable="false" updatable="false" description="数据"/>
|
||||
<field name="deletedBy" type="reference" ref-entity="User" nullable="false" updatable="false" description="删除人"/>
|
||||
<field name="deletedOn" type="timestamp" nullable="false" updatable="false" description="删除时间"/>
|
||||
<field name="channelWith" type="any-reference" updatable="false" description="删除渠道 (空为直接删除, 否则为关联删除)" cascade="ignore"/>
|
||||
<field name="channelWith" type="any-reference" updatable="false" cascade="ignore" description="删除渠道 (空为直接删除, 否则为关联删除)"/>
|
||||
<index field-list="belongEntity,recordName,deletedBy,deletedOn"/>
|
||||
<index field-list="recordId,channelWith"/>
|
||||
</entity>
|
||||
|
@ -451,7 +451,7 @@
|
|||
<field name="contentMore" type="text" description="附加内容" queryable="false"/>
|
||||
<field name="images" type="string" max-length="700" description="图片" extra-attrs="{displayType:'IMAGE'}"/>
|
||||
<field name="attachments" type="string" max-length="700" description="附件" extra-attrs="{displayType:'FILE'}"/>
|
||||
<field name="relatedRecord" type="any-reference" description="相关记录" cascade="ignore"/>
|
||||
<field name="relatedRecord" type="any-reference" cascade="ignore" description="相关记录"/>
|
||||
<field name="scheduleTime" type="timestamp" description="日程时间"/>
|
||||
<field name="scope" type="string" max-length="20" default-value="ALL" description="可见范围 (ALL/SELF/$TeamID)" queryable="false"/>
|
||||
<field name="autoLocation" type="string" max-length="100" description="发布位置" extra-attrs="{displayType:'LOCATION'}"/>
|
||||
|
@ -472,7 +472,7 @@
|
|||
|
||||
<entity name="FeedsLike" type-code="042" description="动态点赞" parent="false" queryable="false">
|
||||
<field name="likeId" type="primary"/>
|
||||
<field name="source" type="any-reference" ref-entity="Feeds,FeedsComment" nullable="false" updatable="false" description="哪个动态/评论" cascade="delete"/>
|
||||
<field name="source" type="any-reference" ref-entity="Feeds,FeedsComment" nullable="false" updatable="false" cascade="delete" description="哪个动态/评论"/>
|
||||
<field name="createdBy" type="reference" ref-entity="User" nullable="false" creatable="false" updatable="false" description="创建人"/>
|
||||
<field name="createdOn" type="timestamp" nullable="false" creatable="false" updatable="false" description="创建时间"/>
|
||||
<index field-list="source,createdBy"/>
|
||||
|
@ -536,7 +536,7 @@
|
|||
<field name="description" type="text" description="备注" queryable="false"/>
|
||||
<field name="attachments" type="string" max-length="700" description="附件" extra-attrs="{displayType:'FILE'}"/>
|
||||
<field name="parentTaskId" type="reference" ref-entity="ProjectTask" description="父级任务" queryable="false"/>
|
||||
<field name="relatedRecord" type="any-reference" description="相关记录" cascade="ignore"/>
|
||||
<field name="relatedRecord" type="any-reference" cascade="ignore" description="相关记录"/>
|
||||
<field name="seq" type="int" default-value="0" description="排序 (小到大)" queryable="false"/>
|
||||
<index field-list="projectId,projectPlanId,seq"/>
|
||||
<index field-list="projectId,taskNumber,taskName,status"/>
|
||||
|
|
|
@ -91,7 +91,7 @@ class DlgAssign extends RbModalHandler {
|
|||
$(this._$cascades)
|
||||
.select2({
|
||||
multiple: true,
|
||||
placeholder: $L('选择相关实体 (可选)'),
|
||||
placeholder: $L('选择'),
|
||||
})
|
||||
.val(defaultSelected)
|
||||
.trigger('change')
|
||||
|
|
|
@ -482,7 +482,7 @@ class BatchUpdate extends BatchOperator {
|
|||
if (rb.env === 'dev') console.log(JSON.stringify(_data))
|
||||
|
||||
const that = this
|
||||
RbAlert.create(<b>{$L('请再次确认修改数据范围和修改内容。开始修改吗?')}</b>, {
|
||||
RbAlert.create($L('请再次确认修改数据范围和修改内容。开始修改吗?'), {
|
||||
onConfirm: function () {
|
||||
this.hide()
|
||||
that.disabled(true, true)
|
||||
|
@ -501,6 +501,7 @@ class BatchUpdate extends BatchOperator {
|
|||
}
|
||||
})
|
||||
},
|
||||
countdown: 5,
|
||||
})
|
||||
}
|
||||
|
||||
|
|
|
@ -250,7 +250,7 @@ class DeleteConfirm extends RbAlert {
|
|||
this.setState({ cascadesEntity: res.data }, () => {
|
||||
this.__select2 = $(this._cascades)
|
||||
.select2({
|
||||
placeholder: $L('选择相关实体 (可选)'),
|
||||
placeholder: $L('选择'),
|
||||
width: '88%',
|
||||
})
|
||||
.val(null)
|
||||
|
|
Loading…
Reference in a new issue