Skip to content

G
gin-vue-admin

FLIPPED-AURORA / gin-vue-admin
大约 1 年 前同步成功

通知 332
Star 18154
Fork 5505
G
gin-vue-admin

体验新版 GitCode,发现更多精彩内容 >>

提交 64ca2a48 编写于 作者: Mr.奇淼('s avatar Mr.奇淼(
浏览文件
操作

禁止通过setUserInfo接口修改用户角色防止越权

上级 0b96ba30
隐藏空白更改
内联 并排
Showing with 2 addition and 0 deletion
server/api/v1/system/sys_user.go
浏览文件 @ 64ca2a48
......@@ -276,6 +276,7 @@ func (b *BaseApi) SetUserInfo(c *gin.Context) {
_ = c.ShouldBindJSON(&user)
user.Username = ""
user.Password = ""
user.AuthorityId = ""
if err := utils.Verify(user, utils.IdVerify); err != nil {
response.FailWithMessage(err.Error(), c)
return
......@@ -301,6 +302,7 @@ func (b *BaseApi) SetSelfInfo(c *gin.Context) {
_ = c.ShouldBindJSON(&user)
user.Username = ""
user.Password = ""
user.AuthorityId = ""
user.ID = utils.GetUserID(c)
if err, ReqUser := userService.SetUserInfo(user); err != nil {
global.GVA_LOG.Error("设置失败!", zap.Error(err))
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册