From 9502203bbee72439c8f54aa692958f443a2ceeeb Mon Sep 17 00:00:00 2001
From: 若依 <yzz_ivy@163.com>
Date: 星期日, 14 三月 2021 16:32:07 +0800
Subject: [PATCH] !187 【漏洞修复】升级commons-collections版本，解决3.2.1版本的反序列化漏洞问题 Merge pull request !187 from Delusive/master

---
 ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/PermissionService.java |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/PermissionService.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/PermissionService.java
index 2b7ad7e..003c794 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/PermissionService.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/PermissionService.java
@@ -109,7 +109,7 @@
         for (SysRole sysRole : loginUser.getUser().getRoles())
         {
             String roleKey = sysRole.getRoleKey();
-            if (SUPER_ADMIN.contains(roleKey) || roleKey.contains(StringUtils.trim(role)))
+            if (SUPER_ADMIN.equals(roleKey) || roleKey.equals(StringUtils.trim(role)))
             {
                 return true;
             }

--
Gitblit v1.9.2