From 4cbd56cbd723d9ab1d3191e656c3d470e492affe Mon Sep 17 00:00:00 2001
From: 若依 <yzz_ivy@163.com>
Date: 星期五, 17 三月 2023 13:50:26 +0800
Subject: [PATCH] !669 用户多角色，数据权限切面处理时可能出现权限抬升的情况。 Merge pull request !669 from 0慕容雪0/master

---
 ruoyi-framework/src/main/java/com/ruoyi/framework/security/context/PermissionContextHolder.java |   12 +++++++++---
 1 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/security/context/PermissionContextHolder.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/security/context/PermissionContextHolder.java
index fcd93b6..2fcd65b 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/security/context/PermissionContextHolder.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/security/context/PermissionContextHolder.java
@@ -1,5 +1,9 @@
 package com.ruoyi.framework.security.context;
 
+import org.springframework.web.context.request.RequestAttributes;
+import org.springframework.web.context.request.RequestContextHolder;
+import com.ruoyi.common.core.text.Convert;
+
 /**
  * 权限信息
  * 
@@ -7,15 +11,17 @@
  */
 public class PermissionContextHolder
 {
-    private static final ThreadLocal<String> contextHolder = new ThreadLocal<>();
+    private static final String PERMISSION_CONTEXT_ATTRIBUTES = "PERMISSION_CONTEXT";
 
     public static void setContext(String permission)
     {
-        contextHolder.set(permission);
+        RequestContextHolder.currentRequestAttributes().setAttribute(PERMISSION_CONTEXT_ATTRIBUTES, permission,
+                RequestAttributes.SCOPE_REQUEST);
     }
 
     public static String getContext()
     {
-        return contextHolder.get();
+        return Convert.toStr(RequestContextHolder.currentRequestAttributes().getAttribute(PERMISSION_CONTEXT_ATTRIBUTES,
+                RequestAttributes.SCOPE_REQUEST));
     }
 }

--
Gitblit v1.9.2