1

ruoyi-admin/src/main/resources/application.yml

@@ -70,6 +70,6 @@ xss:
   # 过滤开关
   enabled: true
   # 排除链接（多个用逗号分隔）
-  excludes: /system/notice
+  excludes: /system/notice,/system/app/new
   # 匹配链接
-  urlPatterns: /system/*,/monitor/*,/tool/*
+  urlPatterns: /system/*,/monitor/*,/tool/*,/system/app/new

ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java

@@ -111,7 +111,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
                 // 过滤请求
                 .authorizeRequests()
                 // 对于登录login 注册register 验证码captchaImage 允许匿名访问
-                .antMatchers("/login","/loginApp", "/register", "/captchaImage","/index/**","/sms/sendSmsOnly","/sms/getCode").permitAll()
+                .antMatchers("/login","/loginApp", "/register", "/captchaImage","/index/**","/sms/sendSmsOnly","/sms/getCode","/system/app/new").permitAll()
                 // 静态资源，可匿名访问
                 .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
                 .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()

ruoyi-system/src/main/resources/mapper/system/SysUserMapper.xml

@@ -286,6 +286,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
 
 	<select id="selectUserListNoZj" parameterType="SysUser" resultMap="SysUserResult">
 		<include refid="selectUserVo"/>
+		where u.del_flag = '0'
 		<if test="userId != null and userId != 0">
 			AND u.user_id not in (#{userId})
 		</if>