Skip to content

Commit 64ca2a4

Browse files
author
piexlmax
committed
禁止通过setUserInfo接口修改用户角色防止越权
1 parent 0b96ba3 commit 64ca2a4

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

server/api/v1/system/sys_user.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -276,6 +276,7 @@ func (b *BaseApi) SetUserInfo(c *gin.Context) {
276276
_ = c.ShouldBindJSON(&user)
277277
user.Username = ""
278278
user.Password = ""
279+
user.AuthorityId = ""
279280
if err := utils.Verify(user, utils.IdVerify); err != nil {
280281
response.FailWithMessage(err.Error(), c)
281282
return
@@ -301,6 +302,7 @@ func (b *BaseApi) SetSelfInfo(c *gin.Context) {
301302
_ = c.ShouldBindJSON(&user)
302303
user.Username = ""
303304
user.Password = ""
305+
user.AuthorityId = ""
304306
user.ID = utils.GetUserID(c)
305307
if err, ReqUser := userService.SetUserInfo(user); err != nil {
306308
global.GVA_LOG.Error("设置失败!", zap.Error(err))

0 commit comments

Comments
 (0)