权限校验

5e8c4b3d · suntao · 23c20c85 · 5e8c4b3d · 5e8c4b3d
Commit 5e8c4b3d authored Dec 07, 2020 by suntao
Showing with 2 additions and 3 deletions

UserServiceImpl.java ...up/cashloanflowboss/api/user/service/UserServiceImpl.java +1 -1

ApplicationSecurityHandler.java ...owboss/core/configuration/ApplicationSecurityHandler.java +1 -2

No files found.
--- a/src/main/java/cn/quantgroup/cashloanflowboss/api/user/service/UserServiceImpl.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/api/user/service/UserServiceImpl.java
@@ -291,7 +291,7 @@ public class UserServiceImpl implements UserService {
                return Result.buildFail("不存在对应的角色");
            }
            Role role = roleRepository.getOne(roleId);
-            if (!exist.getRole().getId().equals(roleId)) {
+            if (exist.getRole() == null || !exist.getRole().getId().equals(roleId)) {
                exist.setRole(role);
            }
            if (roleId == 1L) {

--- a/src/main/java/cn/quantgroup/cashloanflowboss/core/configuration/ApplicationSecurityHandler.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/core/configuration/ApplicationSecurityHandler.java
@@ -69,8 +69,7 @@ public class ApplicationSecurityHandler implements SecurityHandler {
        boolean hasPrivilege = principal.isSuperAdministrator();

        List<Role> roleList = getRoleAndParent(principal.getRoles());
-        hasPrivilege &= CollectionUtils.isEmpty(roleList);
-        hasPrivilege &= roleList.stream().anyMatch(roleItem -> this.checkAuthority(authorityId, roleItem));
+        hasPrivilege |= CollectionUtils.isNotEmpty(roleList) && roleList.stream().anyMatch(roleItem -> this.checkAuthority(authorityId, roleItem));
        if (hasPrivilege) {
            return new Tuple<>(Boolean.TRUE, null);
        } else {