qian xian

src/main/java/cn/quantgroup/cashloanflowboss/core/configuration/ApplicationSecurityHandler.java

@@ -32,19 +32,25 @@ public class ApplicationSecurityHandler implements SecurityHandler {
         Assert.isNull(principal, ApplicationStatus.AUTHENTICATION_FAILURE);
 
         // 如果是超级管理员跳过权限验证
-        boolean superAdministrator = principal.isSuperAdministrator();
 
-        boolean anyMatch = principal.getRoles().stream().anyMatch(role -> {
+        return  principal.isSuperAdministrator() || principal.getRoles().stream().anyMatch(role -> {
             List<Role> roleList = getRoleAndParent(role);
+            if (CollectionUtils.isEmpty(roleList)) {
+                return false;
+            }
             return roleList.stream().anyMatch(_role -> this.checkAuthority(authorityId, _role));
         });
-        return  superAdministrator || anyMatch;
 
     }
 
+    /**
+     * 遍历出用户的父级 role
+     * @param role
+     * @return
+     */
     private List<Role> getRoleAndParent(Role role) {
         if (role == null) {
-            return new ArrayList<>();
+            return null;
         }
 
         List<Role> list = new ArrayList<>();