xinyin025/RuoYi-Vue-Plus
1
0
Fork 0
mirror of https://github.com/dromara/RuoYi-Vue-Plus.git synced 2025-09-20 10:16:40 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix 修复 普通角色编辑使用内置管理员code越权问题

Browse Source
This commit is contained in:
疯狂的狮子Li 2023-11-01 16:41:21 +08:00
parent 0005710f45
commit 8de02e285e
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java
View File

@ -195,9 +195,12 @@ public class SysRoleServiceImpl implements ISysRoleService {
if (ObjectUtil.isNotNull(role.getRoleId())) { if (ObjectUtil.isNotNull(role.getRoleId())) {
SysRole sysRole = baseMapper.selectById(role.getRoleId()); SysRole sysRole = baseMapper.selectById(role.getRoleId());
// 如果标识符不相等 判断为修改了管理员标识符 // 如果标识符不相等 判断为修改了管理员标识符
if (!StringUtils.equals(sysRole.getRoleKey(), role.getRoleKey()) if (!StringUtils.equals(sysRole.getRoleKey(), role.getRoleKey())) {
&& StringUtils.equals(sysRole.getRoleKey(), UserConstants.ADMIN_ROLE_KEY)) { if (StringUtils.equals(sysRole.getRoleKey(), UserConstants.ADMIN_ROLE_KEY)) {
throw new ServiceException("不允许修改系统内置管理员角色标识符!"); throw new ServiceException("不允许修改系统内置管理员角色标识符!");
} else if (StringUtils.equals(role.getRoleKey(), UserConstants.ADMIN_ROLE_KEY)) {
throw new ServiceException("不允许使用系统内置管理员角色标识符!");
}
} }
} }
} }