From 9bfd1375e196842313c5b1072975a4680f582d76 Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期五, 17 三月 2023 14:16:21 +0800
Subject: [PATCH] 修复用户多角色数据权限可能出现权限抬升的情况
---
src/main/java/com/ruoyi/project/system/service/impl/SysUserServiceImpl.java | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/main/java/com/ruoyi/project/system/service/impl/SysUserServiceImpl.java b/src/main/java/com/ruoyi/project/system/service/impl/SysUserServiceImpl.java
index 1c0ce9c..622f7f1 100644
--- a/src/main/java/com/ruoyi/project/system/service/impl/SysUserServiceImpl.java
+++ b/src/main/java/com/ruoyi/project/system/service/impl/SysUserServiceImpl.java
@@ -165,7 +165,7 @@
* @return 缁撴灉
*/
@Override
- public String checkUserNameUnique(SysUser user)
+ public boolean checkUserNameUnique(SysUser user)
{
Long userId = StringUtils.isNull(user.getUserId()) ? -1L : user.getUserId();
SysUser info = userMapper.checkUserNameUnique(user.getUserName());
@@ -183,7 +183,7 @@
* @return
*/
@Override
- public String checkPhoneUnique(SysUser user)
+ public boolean checkPhoneUnique(SysUser user)
{
Long userId = StringUtils.isNull(user.getUserId()) ? -1L : user.getUserId();
SysUser info = userMapper.checkPhoneUnique(user.getPhonenumber());
@@ -201,7 +201,7 @@
* @return
*/
@Override
- public String checkEmailUnique(SysUser user)
+ public boolean checkEmailUnique(SysUser user)
{
Long userId = StringUtils.isNull(user.getUserId()) ? -1L : user.getUserId();
SysUser info = userMapper.checkEmailUnique(user.getEmail());
@@ -499,6 +499,8 @@
if (StringUtils.isNull(u))
{
BeanValidators.validateWithException(validator, user);
+ checkUserAllowed(user);
+ checkUserDataScope(user.getUserId());
user.setPassword(SecurityUtils.encryptPassword(password));
user.setCreateBy(operName);
this.insertUser(user);
--
Gitblit v1.9.3