rakor
/
wms
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(user): 修复用户查询权限判断逻辑 

- 将权限判断条件从 OR 改为 AND 操作符
- 确保非超级管理员用户无法显示所有数据
- 修复了权限控制的安全漏洞
This commit is contained in:
曹鹏飞 2026-06-14 10:49:52 +08:00
parent 36ad7c0bfa
commit dbbe383313
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nflg-wms-admin/src/main/java/com/nflg/wms/admin/service/UserControllerService.java
View File

@ -186,7 +186,7 @@ public class UserControllerService {
if (Objects.nonNull(request.getDeptId())) { if (Objects.nonNull(request.getDeptId())) {
request.setDeptIds(deptService.getWithChildren(request.getDeptId())); request.setDeptIds(deptService.getWithChildren(request.getDeptId()));
} }
if (!request.getShowAll() || !UserUtil.getRoles().contains(Constant.SUPER_ADMIN)) { if (!request.getShowAll() && !UserUtil.getRoles().contains(Constant.SUPER_ADMIN)) {
request.setCreateById(UserUtil.getUserId()); request.setCreateById(UserUtil.getUserId());
} }
IPage<UserVO> pu = uService.search(request); IPage<UserVO> pu = uService.search(request);