ldeyun/RUOYI-geek
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

!!重要补丁

Browse Source 
1. 因为缺少一个更新导致loginUser.user.roles.get(?).getPermissions 为null
2. RuoYi的dataScopeFilter方法缺少处理permission为空的情况,导致即便第1条修复,仍然会在没有鉴权的情况数据权限不正确。
This commit is contained in:
dftre 2024-10-26 19:53:12 +08:00
parent ab726c802f
commit 78276faf27
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysPermissionService.java
View File

@ -6,6 +6,7 @@ import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.util.CollectionUtils;
import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.core.domain.entity.SysRole;
@ -57,7 +58,7 @@ public class SysPermissionService {
perms.add("*:*:*");
} else {
List<SysRole> roles = user.getRoles();
if (!roles.isEmpty() && roles.size() > 1) {
if (!CollectionUtils.isEmpty(roles)) {
// 多角色设置permissions属性以便数据权限匹配权限
for (SysRole role : roles) {
if (StringUtils.equals(role.getStatus(), UserConstants.ROLE_NORMAL)) {