From b49cdbbc9516352d1f4511e4223fa9d089b057b9 Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期四, 27 一月 2022 12:12:30 +0800
Subject: [PATCH] 用户访问控制时校验数据权限，防止越权

---
 src/main/java/com/ruoyi/project/system/controller/SysPostController.java |   12 ++++++------
 1 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/main/java/com/ruoyi/project/system/controller/SysPostController.java b/src/main/java/com/ruoyi/project/system/controller/SysPostController.java
index 0c30ef7..5e03f73 100644
--- a/src/main/java/com/ruoyi/project/system/controller/SysPostController.java
+++ b/src/main/java/com/ruoyi/project/system/controller/SysPostController.java
@@ -1,6 +1,7 @@
 package com.ruoyi.project.system.controller;
 
 import java.util.List;
+import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
@@ -13,7 +14,6 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import com.ruoyi.common.constant.UserConstants;
-import com.ruoyi.common.utils.SecurityUtils;
 import com.ruoyi.common.utils.poi.ExcelUtil;
 import com.ruoyi.framework.aspectj.lang.annotation.Log;
 import com.ruoyi.framework.aspectj.lang.enums.BusinessType;
@@ -49,12 +49,12 @@
     
     @Log(title = "宀椾綅绠＄悊", businessType = BusinessType.EXPORT)
     @PreAuthorize("@ss.hasPermi('system:post:export')")
-    @GetMapping("/export")
-    public AjaxResult export(SysPost post)
+    @PostMapping("/export")
+    public void export(HttpServletResponse response, SysPost post)
     {
         List<SysPost> list = postService.selectPostList(post);
         ExcelUtil<SysPost> util = new ExcelUtil<SysPost>(SysPost.class);
-        return util.exportExcel(list, "宀椾綅鏁版嵁");
+        util.exportExcel(response, list, "宀椾綅鏁版嵁");
     }
 
     /**
@@ -83,7 +83,7 @@
         {
             return AjaxResult.error("鏂板宀椾綅'" + post.getPostName() + "'澶辫触锛屽矖浣嶇紪鐮佸凡瀛樺湪");
         }
-        post.setCreateBy(SecurityUtils.getUsername());
+        post.setCreateBy(getUsername());
         return toAjax(postService.insertPost(post));
     }
 
@@ -103,7 +103,7 @@
         {
             return AjaxResult.error("淇敼宀椾綅'" + post.getPostName() + "'澶辫触锛屽矖浣嶇紪鐮佸凡瀛樺湪");
         }
-        post.setUpdateBy(SecurityUtils.getUsername());
+        post.setUpdateBy(getUsername());
         return toAjax(postService.updatePost(post));
     }
 

--
Gitblit v1.9.3