gtl
/
gtl-ruoyi-server
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

修复系统菜单精确查询权限漏洞

main
gtl 2024-04-12 18:14:27 +08:00
parent 7a2f38b75e
commit 2deb45a61b
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysMenuServiceImpl.java
View File

@ -60,9 +60,11 @@ public class SysMenuServiceImpl extends ServiceImpl<SysMenuMapper, SysMenu> impl
*/
@Override
public List<SysMenu> selectMenuList (SysMenu menu, Long userId) {
List<SysMenu> allMenuList = null;
List<SysMenu> menuList = null;
boolean isAdmin = SysUser.isAdmin(userId);
// 管理员显示所有菜单信息
if (SysUser.isAdmin(userId)) {
if (isAdmin) {
menuList = menuMapper.selectMenuList(menu);
} else {
menu.getParams().put("userId", userId);
@ -71,8 +73,11 @@ public class SysMenuServiceImpl extends ServiceImpl<SysMenuMapper, SysMenu> impl
if(menuList.size()==1){
SysMenu sysMenu = menuList.get(0);
this.getMenuList(menuList,sysMenu);
List<SysMenu> childList = this.getChildList(menuMapper.selectMenuList(null), sysMenu);
SysMenu newMenu = new SysMenu();
newMenu.setParams(menu.getParams());
allMenuList=isAdmin?menuMapper.selectMenuList(null):menuMapper.selectMenuListByUserId(newMenu);
//找子节点
List<SysMenu> childList = this.getChildList(allMenuList, sysMenu);
menuList.addAll(childList);
}
return menuList;