由于给通达OA开发了个新模块,想让该模块某些权限开发给大部分人员。几百个角色,一个个改权限,还是挺麻烦的。于是看看能不能批量处理,让甲方爸爸加快结尾款$的速度。查看通达OA后台有导入导出功能,但导出时权限模块是中文的==显然不太符合常规逻辑==,应该要对应的模块ID才对。
那就改数据库吧,经查其数据库有两个关键表对应这里的功能实现。一个是sys_function,用于存放模块信息;另一个是user_priv,用于保存角色允许访问的模块列表。知道这两个表后,还有啥难度呢,备份当前表,一顿操作猛如虎,一会就搞定了!
--以下是测试示例 update user_priv set FUNC_ID_STR=replace(FUNC_ID_STR,',183','') ;-- where priv_name like '%xxx%'; update user_priv set FUNC_ID_STR=CONCAT(FUNC_ID_STR,'301,302,313,315,') where FUNC_ID_STR not like '%313%'; -- where priv_name like '%xxx%'; select * from user_priv where priv_name like '%xxx%'; select * from user_priv WHERE FUNC_ID_STR LIKE '%313%'; select * from sys_function where func_id>=300 and func_id<=399;
注意: 这样改完后还需要到后台【设置权限】重新点一下,怀疑只改数据库没更新到缓存或相关模块!最终我是用python脚本来实现的,通过抓包,重放,只改里面的角色id(根据需要修改其他参数)。
--301,302,313,315
import requestsimport reimport timedef doTest(privId):# 定义通用的请求头和 cookieheaders = {'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7','Accept-Language': 'zh-CN,zh;q=0.9','Cache-Control': 'no-cache','Connection': 'keep-alive','Pragma': 'no-cache','Upgrade-Insecure-Requests': '1','User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36','Cookie': '1_createnewwork=true; PHPSESSID=s2k2tjvj2222mtnif4vvag1; USER_NAME_COOKIE=123; OA_USER_ID=admin; SID_1=1a79b220d5; creat_work=old'}# --- 请求 1: GET 获取 csrf_token ---print("--- 步骤 1: 发送 GET 请求并提取 csrf_token ---")get_url = f"http://xxx.com/general/system/user_priv/edit_priv.php?USER_PRIV={privId}&DEPT_ID="get_headers = {**headers, 'Referer': 'http://xxx.com/general/system/user_priv/manage.php?DEPT_ID='}try:response_get = requests.get(get_url, headers=get_headers)response_get.raise_for_status() # 检查请求是否成功# 使用正则表达式提取 csrf_token# 查找 <input type="hidden" name="csrf_token" value="..."> 这一行csrf_token_match = re.search(r'<input\s+type="hidden"\s+name="csrf_token"\s+value="([^"]+)">', response_get.text)if csrf_token_match:csrf_token = csrf_token_match.group(1)print(f"成功提取 csrf_token: {csrf_token}")else:print("未能在响应中找到 csrf_token。请检查页面内容或正则表达式。")csrf_token = Noneexcept requests.exceptions.RequestException as e:print(f"请求 1 发生错误: {e}")csrf_token = None# --- 请求 2: POST 提交数据 ---if csrf_token:print("\n--- 步骤 2: 发送 POST 请求并提交数据 ---")post_url = "http://192.168.1.111:7088/general/system/user_priv/update_priv.php"post_headers = {**headers,'Content-Type': 'application/x-www-form-urlencoded','Origin': 'http://192.168.1.111:7088','Referer': 'http://192.168.1.111:7088/general/system/user_priv/edit_priv.php?USER_PRIV=64&DEPT_ID='}post_data = {'FUNC_ID_STR': '1,3,4,147,148,7,8,9,10,140,16,11,313,301,302,315,96,97,126,179,85,86,43,17,18,19,15,76,506,507,508,39,515,73,62,63,48,47,49,50,46,21,22,20,79,23,45,227','USER_PRIV': f'{privId}','DEPT_ID': '','SUPER_PASS_HIDDEN': '','csrf_token': csrf_token # 将获取到的 token 动态添加到 POST 数据中}try:response_post = requests.post(post_url, headers=post_headers, data=post_data)response_post.raise_for_status() # 检查请求是否成功print(f"POST 请求成功,状态码: {response_post.status_code}")print("POST 响应内容:")print(response_post.text)except requests.exceptions.RequestException as e:print(f"请求 2 发生错误: {e}")ids = [32,34,39,42,43,44,53,55,56,62,63,65,67,68,76,88]for id in ids:print(f'正在处理id>>{id}...\r\n')doTest(id)print(f'{id}处理完成!\r\n')time.sleep(2) # 等待2秒
微信 root6819
聚合玖玖 © 2010
