innov
/
BootstrapAdmin
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

修改BUG:系统敏感数据增加数据保护功能 closed #ITEI0 

#Issue
https://gitee.com/LongbowEnterprise/dashboard/issues?id=ITEI0
This commit is contained in:
Argo Zhang 2019-03-26 17:12:18 +08:00
parent aeda4825df
commit ecfd6d6481
15 changed files with 103 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Bootstrap.Admin/BootstrapAdmin.db
View File

Binary file not shown.

5
Bootstrap.Admin/Controllers/AccountController.cs
View File

@ -28,6 +28,11 @@ namespace Bootstrap.Admin.Controllers
[HttpGet]
public ActionResult Login()
{
if (DictHelper.RetrieveSystemModel())
{
ViewBag.UserName = "Admin";
ViewBag.Password = "123789";
}
return User.Identity.IsAuthenticated ? (ActionResult)Redirect("~/Home/Index") : View("Login", new ModelBase());
}

6
Bootstrap.Admin/Views/Account/Login.cshtml
View File

@ -1,4 +1,4 @@
@model ModelBase
@model ModelBase
@{
ViewBag.Title = Model.Title;
Layout = "_Layout";
@ -52,7 +52,7 @@
<span class="fa fa-user"></span>
</div>
</div>
<input type="text" name="userName" class="form-control" placeholder="用户名" maxlength="16" data-required-msg="请输入用户名" value="" autofocus data-valid="true" />
<input type="text" name="userName" class="form-control" placeholder="用户名" maxlength="16" data-required-msg="请输入用户名" value="@ViewBag.UserName" autofocus data-valid="true" />
</div>
</div>
<div class="form-group">
@ -62,7 +62,7 @@
<span class="fa fa-lock"></span>
</div>
</div>
<input type="password" name="password" class="form-control" value="" placeholder="密码" maxlength="16" data-required-msg="请输入密码" data-valid="true" />
<input type="password" name="password" class="form-control" value="@ViewBag.Password" placeholder="密码" maxlength="16" data-required-msg="请输入密码" data-valid="true" />
</div>
</div>
<div class="form-group rememberPwd" onselectstart="return false">

6
Bootstrap.DataAccess/Dict.cs
View File

@ -163,5 +163,11 @@ namespace Bootstrap.DataAccess
/// </summary>
/// <returns></returns>
public int RetrieveAccessLogPeriod() => LgbConvert.ReadValue(DictHelper.RetrieveDicts().FirstOrDefault(d => d.Category == "系统设置" && d.Name == "访问日志保留时长" && d.Define == 0)?.Code, 1);
/// <summary>
/// 获得 是否为演示系统 默认为 false 不是演示系统
/// </summary>
/// <returns></returns>
public bool RetrieveSystemModel() => LgbConvert.ReadValue(DictHelper.RetrieveDicts().FirstOrDefault(d => d.Category == "系统设置" && d.Name == "访问日志保留时长" && d.Define == 0)?.Code, "0") == "1";
}
}

28
Bootstrap.DataAccess/Helper/DictHelper.cs
View File

@ -2,6 +2,7 @@ using Bootstrap.Security;
using Longbow.Cache;
using Longbow.Data;
using System.Collections.Generic;
using System.Linq;
namespace Bootstrap.DataAccess
{
@ -36,6 +37,13 @@ namespace Bootstrap.DataAccess
/// <returns></returns>
public static bool Delete(IEnumerable<string> value)
{
if (RetrieveSystemModel())
{
// 允许删除自定义数据字典
var systemDicts = RetrieveDicts().Where(d => d.Category == "0");
value = value.Where(v => !systemDicts.Any(d => d.Id == v));
if (!value.Any()) return true;
}
var ret = DbContextManager.Create<Dict>().Delete(value);
CacheCleanUtility.ClearCache(dictIds: value);
return ret;
@ -48,6 +56,20 @@ namespace Bootstrap.DataAccess
/// <returns></returns>
public static bool Save(BootstrapDict p)
{
if (RetrieveSystemModel())
{
if (string.IsNullOrEmpty(p.Id))
{
if (p.Category == "0") p.Category = "1";
}
else
{
if (RetrieveDicts().Where(m => m.Category == "0").Any(m => m.Id == p.Id))
{
return true;
}
}
}
var ret = DbContextManager.Create<Dict>().Save(p);
if (ret) CacheCleanUtility.ClearCache(dictIds: new List<string>());
return ret;
@ -149,5 +171,11 @@ namespace Bootstrap.DataAccess
/// </summary>
/// <returns></returns>
public static int RetrieveAccessLogPeriod() => DbContextManager.Create<Dict>().RetrieveAccessLogPeriod();
/// <summary>
/// 获得 是否为演示系统 默认为 false 不是演示系统
/// </summary>
/// <returns></returns>
public static bool RetrieveSystemModel() => DbContextManager.Create<Dict>().RetrieveSystemModel();
}
}

3
Bootstrap.DataAccess/Helper/GroupHelper.cs
View File

@ -1,4 +1,4 @@
using Longbow.Cache;
using Longbow.Cache;
using Longbow.Data;
using System.Collections.Generic;
@ -17,7 +17,6 @@ namespace Bootstrap.DataAccess
/// <summary>
/// 查询所有群组信息
/// </summary>
/// <param name="id"></param>
/// <returns></returns>
public static IEnumerable<Group> Retrieves() => CacheManager.GetOrAdd(RetrieveGroupsDataKey, key => DbContextManager.Create<Group>().Retrieves());

21
Bootstrap.DataAccess/Helper/MenuHelper.cs
View File

@ -31,6 +31,20 @@ namespace Bootstrap.DataAccess
/// <returns></returns>
public static bool Save(BootstrapMenu p)
{
if (DictHelper.RetrieveSystemModel())
{
if (p.Id.IsNullOrEmpty())
{
if (p.Category == "0") p.Category = "1";
}
else
{
if (RetrieveAllMenus("Admin").Where(m => m.Category == "0").Any(m => m.Id == p.Id))
{
return true;
}
}
}
var ret = DbContextManager.Create<Menu>().Save(p);
if (ret) CacheCleanUtility.ClearCache(menuIds: string.IsNullOrEmpty(p.Id) ? new List<string>() : new List<string>() { p.Id });
return ret;
@ -43,6 +57,13 @@ namespace Bootstrap.DataAccess
/// <returns></returns>
public static bool Delete(IEnumerable<string> value)
{
if (DictHelper.RetrieveSystemModel())
{
// 允许删除自定义菜单
var systemMenus = RetrieveAllMenus("Admin").Where(m => m.Category == "0");
value = value.Where(v => !systemMenus.Any(m => m.Id == v));
if (!value.Any()) return true;
}
var ret = DbContextManager.Create<Menu>().Delete(value);
if (ret) CacheCleanUtility.ClearCache(menuIds: value);
return ret;

12
Bootstrap.DataAccess/Helper/RoleHelper.cs
View File

@ -1,6 +1,8 @@
using Longbow.Cache;
using Longbow.Cache;
using Longbow.Data;
using System;
using System.Collections.Generic;
using System.Linq;
namespace Bootstrap.DataAccess
{
@ -19,7 +21,6 @@ namespace Bootstrap.DataAccess
/// <summary>
/// 查询所有角色
/// </summary>
/// <param name="id"></param>
/// <returns></returns>
public static IEnumerable<Role> Retrieves() => CacheManager.GetOrAdd(RetrieveRolesDataKey, key => DbContextManager.Create<Role>().Retrieves());
@ -48,6 +49,10 @@ namespace Bootstrap.DataAccess
/// <param name="value"></param>
public static bool Delete(IEnumerable<string> value)
{
var roles = new string[] { "Administrators", "Default" };
var rs = Retrieves().Where(r => roles.Any(rl => rl.Equals(r.RoleName, StringComparison.OrdinalIgnoreCase)));
value = value.Where(v => !rs.Any(r => r.Id == v));
if (!value.Any()) return true;
var ret = DbContextManager.Create<Role>().Delete(value);
if (ret) CacheCleanUtility.ClearCache(roleIds: value);
return ret;
@ -60,6 +65,9 @@ namespace Bootstrap.DataAccess
/// <returns></returns>
public static bool Save(Role p)
{
var roles = new string[] { "Administrators", "Default" };
var rs = Retrieves().Where(r => roles.Any(rl => rl.Equals(r.RoleName, StringComparison.OrdinalIgnoreCase)));
if (rs.Any(r => r.Id == p.Id)) return true;
var ret = DbContextManager.Create<Role>().Save(p);
if (ret) CacheCleanUtility.ClearCache(roleIds: string.IsNullOrEmpty(p.Id) ? new List<string>() : new List<string> { p.Id });
return ret;

19
Bootstrap.DataAccess/Helper/UserHelper.cs
View File

@ -1,8 +1,9 @@
using Bootstrap.Security;
using Bootstrap.Security;
using Longbow.Cache;
using Longbow.Data;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text.RegularExpressions;
namespace Bootstrap.DataAccess
@ -69,6 +70,9 @@ namespace Bootstrap.DataAccess
/// <param name="value"></param>
public static bool Delete(IEnumerable<string> value)
{
var admins = Retrieves().Where(u => u.UserName.Equals("Admin", StringComparison.OrdinalIgnoreCase));
value = value.Where(v => !admins.Any(u => u.Id == v));
if (!value.Any()) return true;
var ret = DbContextManager.Create<User>().Delete(value);
if (ret) CacheCleanUtility.ClearCache(userIds: value);
return ret;
@ -95,6 +99,12 @@ namespace Bootstrap.DataAccess
public static bool Save(User user)
{
if (!UserChecker(user)) return false;
if (DictHelper.RetrieveSystemModel() && !user.Id.IsNullOrEmpty())
{
var admins = Retrieves().Where(u => u.UserName.Equals("Admin", StringComparison.OrdinalIgnoreCase));
if (admins.Any(v => v.Id == user.Id)) return true;
}
var ret = DbContextManager.Create<User>().Save(user);
if (ret) CacheCleanUtility.ClearCache(userIds: string.IsNullOrEmpty(user.Id) ? new List<string>() : new List<string>() { user.Id });
return ret;
@ -110,6 +120,11 @@ namespace Bootstrap.DataAccess
public static bool Update(string id, string password, string displayName)
{
if (!UserChecker(new User { Password = password, DisplayName = displayName })) return false;
if (DictHelper.RetrieveSystemModel())
{
var admins = Retrieves().Where(u => u.UserName.Equals("Admin", StringComparison.OrdinalIgnoreCase));
if (admins.Any(v => v.Id == id)) return true;
}
var ret = DbContextManager.Create<User>().Update(id, password, displayName);
if (ret) CacheCleanUtility.ClearCache(userIds: string.IsNullOrEmpty(id) ? new List<string>() : new List<string>() { id });
return ret;
@ -138,6 +153,7 @@ namespace Bootstrap.DataAccess
public static bool ChangePassword(string userName, string password, string newPass)
{
if (!UserChecker(new User { UserName = userName, Password = password })) return false;
if (DictHelper.RetrieveSystemModel() && userName.Equals("Admin", StringComparison.OrdinalIgnoreCase)) return true;
return DbContextManager.Create<User>().ChangePassword(userName, password, newPass);
}
@ -150,6 +166,7 @@ namespace Bootstrap.DataAccess
public static bool ResetPassword(string userName, string password)
{
if (!UserChecker(new User { UserName = userName, Password = password })) return false;
if (DictHelper.RetrieveSystemModel() && userName.Equals("Admin", StringComparison.OrdinalIgnoreCase)) return true;
return DbContextManager.Create<User>().ResetPassword(userName, password);
}

1
DatabaseScripts/InitData.sql
View File

@ -41,6 +41,7 @@ INSERT [dbo].[Dicts] ([Category], [Name], [Code], [Define]) VALUES (N'系统设
INSERT [dbo].[Dicts] ([Category], [Name], [Code], [Define]) VALUES (N'系统设置', N'Cookie保留时长', '7', 0)
INSERT [dbo].[Dicts] ([Category], [Name], [Code], [Define]) VALUES (N'系统设置', N'获取IP地点', '0', 0)
INSERT [dbo].[Dicts] ([Category], [Name], [Code], [Define]) VALUES (N'系统设置', N'演示系统', '0', 0)
DELETE FROM Navigations
DBCC CHECKIDENT(Navigations, RESEED, 0)

7
DatabaseScripts/MongoDB/BootstrapAdmin.Dicts.json
View File

@ -320,5 +320,12 @@
"Name": "访问日志保留时长",
"Code": "1",
"Define": NumberInt(0)
},
{
"_id": ObjectId("5bd6c73d5fa31256f77e4a46"),
"Category": "系统设置",
"Name": "演示系统",
"Code": "0",
"Define": NumberInt(0)
}
]

1
DatabaseScripts/MySQL/initData.sql
View File

@ -38,6 +38,7 @@ INSERT INTO Dicts (Category, Name, Code, Define) VALUES ('系统设置', '访问
INSERT INTO Dicts (Category, Name, Code, Define) VALUES ('系统设置', 'Cookie保留时长', '7', 0);
INSERT INTO Dicts (Category, Name, Code, Define) VALUES ('系统设置', '获取IP地点', '0', 0);
INSERT INTO Dicts (Category, Name, Code, Define) VALUES ('系统设置', '演示系统', '0', 0);
DELETE FROM Navigations;
Truncate Navigations;

1
DatabaseScripts/Postgresql/initData.sql
View File

@ -38,6 +38,7 @@ INSERT INTO Dicts (Category, Name, Code, Define) VALUES ('系统设置', '访问
INSERT INTO Dicts (Category, Name, Code, Define) VALUES ('系统设置', 'Cookie保留时长', '7', 0);
INSERT INTO Dicts (Category, Name, Code, Define) VALUES ('系统设置', '获取IP地点', '0', 0);
INSERT INTO Dicts (Category, Name, Code, Define) VALUES ('系统设置', '演示系统', '0', 0);
DELETE FROM Navigations;
ALTER SEQUENCE navigations_id_seq RESTART WITH 1;

1
DatabaseScripts/SQLite/InitData.sql
View File

@ -36,6 +36,7 @@ INSERT INTO [Dicts] ([Category], [Name], [Code], [Define]) VALUES ('系统设置
INSERT INTO [Dicts] ([Category], [Name], [Code], [Define]) VALUES ('系统设置', 'Cookie保留时长', '7', 0);
INSERT INTO [Dicts] ([Category], [Name], [Code], [Define]) VALUES ('系统设置', '获取IP地点', '0', 0);
INSERT INTO [Dicts] ([Category], [Name], [Code], [Define]) VALUES ('系统设置', '演示系统', '0', 0);
DELETE FROM Navigations;
INSERT INTO [Navigations] ([ParentId], [Name], [Order], [Icon], [Url], [Category]) VALUES (0, '后台管理', 10, 'fa fa-gear', '~/Admin/Index', '0');

BIN
UnitTest/DB/UnitTest.db
View File

Binary file not shown.