fix: 修复文件下载越权漏洞

app_Web/src/components/editor/upload/use/use-iview-upload.ts

 /* eslint-disable no-param-reassign */
-import { UploadEditorController } from '@ibiz-template/controller';
+import { FormItemController, GridEditItemController, UploadEditorController } from '@ibiz-template/controller';
 import { HttpError } from '@ibiz-template/core';
 import { getCookie } from 'qx-util';
 import { Ref, ref, watch } from 'vue';
@@ -163,7 +163,15 @@ export function useIViewUpload(
 
   // 下载文件
   const onDownload = (file: IData) => {
-    const url = file.url || downloadUrl.value.replace('%fileId%', file.id);
+    // const url = file.url || downloadUrl.value.replace('%fileId%', file.id);
+    const ctrl =
+      (c.parent as FormItemController).form ||
+      (c.parent as GridEditItemController).grid;
+    const entityName = ctrl.model.appEntity.deName;
+    const base64 = `${file.id}|${entityName}|${props.data.srfkey}|${
+      c.context.srfpersonid || c.context.srfuserid
+    }`;
+    const url = `http://downloadpath?key=${window.btoa(base64)}`;
     c.fileDownload({ url, name: file.name });
   };