From 3347ca4d7484d9141b189462e169b2be4d324632 Mon Sep 17 00:00:00 2001 From: 江强 <jiangq@powerlbs.com> Date: 星期二, 27 七月 2021 09:33:12 +0800 Subject: [PATCH] fix:Issue #I42GRW 修复任意账户越权漏洞 --- ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java index d479805..953f336 100644 --- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java +++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java @@ -220,6 +220,7 @@ /** * 批量取消授权用户 */ + @PreAuthorize("@ss.hasPermi('system:role:edit')") @Log(title = "角色管理", businessType = BusinessType.GRANT) @PutMapping("/authUser/cancelAll") public AjaxResult cancelAuthUserAll(Long roleId, Long[] userIds) @@ -230,6 +231,7 @@ /** * 批量选择用户授权 */ + @PreAuthorize("@ss.hasPermi('system:role:edit')") @Log(title = "角色管理", businessType = BusinessType.GRANT) @PutMapping("/authUser/selectAll") public AjaxResult selectAuthUserAll(Long roleId, Long[] userIds) -- Gitblit v1.9.2