From 4cbd56cbd723d9ab1d3191e656c3d470e492affe Mon Sep 17 00:00:00 2001 From: 若依 <yzz_ivy@163.com> Date: 星期五, 17 三月 2023 13:50:26 +0800 Subject: [PATCH] !669 用户多角色,数据权限切面处理时可能出现权限抬升的情况。 Merge pull request !669 from 0慕容雪0/master --- ruoyi-framework/src/main/java/com/ruoyi/framework/security/context/PermissionContextHolder.java | 12 +++++++++--- 1 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/security/context/PermissionContextHolder.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/security/context/PermissionContextHolder.java index fcd93b6..2fcd65b 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/security/context/PermissionContextHolder.java +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/security/context/PermissionContextHolder.java @@ -1,5 +1,9 @@ package com.ruoyi.framework.security.context; +import org.springframework.web.context.request.RequestAttributes; +import org.springframework.web.context.request.RequestContextHolder; +import com.ruoyi.common.core.text.Convert; + /** * 权限信息 * @@ -7,15 +11,17 @@ */ public class PermissionContextHolder { - private static final ThreadLocal<String> contextHolder = new ThreadLocal<>(); + private static final String PERMISSION_CONTEXT_ATTRIBUTES = "PERMISSION_CONTEXT"; public static void setContext(String permission) { - contextHolder.set(permission); + RequestContextHolder.currentRequestAttributes().setAttribute(PERMISSION_CONTEXT_ATTRIBUTES, permission, + RequestAttributes.SCOPE_REQUEST); } public static String getContext() { - return contextHolder.get(); + return Convert.toStr(RequestContextHolder.currentRequestAttributes().getAttribute(PERMISSION_CONTEXT_ATTRIBUTES, + RequestAttributes.SCOPE_REQUEST)); } } -- Gitblit v1.9.2