gitee
/
snowy
mirror of https://gitee.com/xiaonuobase/snowy
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

【修复】修复修改个人信息接口水平越权漏洞

pull/186/head
vchao 2023-12-12 10:05:14 +08:00
parent 5b9d2866ee
commit 56d9c3ff36
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
snowy-plugin/snowy-plugin-sys/src/main/java/vip/xiaonuo/sys/modular/user/service/impl/SysUserServiceImpl.java
View File

@ -61,6 +61,7 @@ import org.apache.poi.xwpf.usermodel.XWPFDocument;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.multipart.MultipartFile;
import vip.xiaonuo.auth.core.util.StpLoginUserUtil;
import vip.xiaonuo.common.cache.CommonCacheOperator;
import vip.xiaonuo.common.enums.CommonSortOrderEnum;
import vip.xiaonuo.common.excel.CommonExcelCustomMergeStrategy;
@ -837,6 +838,11 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
@Override
public void updateUserInfo(SysUserUpdateInfoParam sysUserUpdateInfoParam) {
String id = StpLoginUserUtil.getLoginUser().getId();
if (!StrUtil.equals(id,sysUserUpdateInfoParam.getId())){
throw new CommonException("禁止修改他人信息");
}
SysUser sysUser = this.queryEntity(sysUserUpdateInfoParam.getId());
if (ObjectUtil.isNotEmpty(sysUserUpdateInfoParam.getPhone())) {