tongtong/youlai-boot
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修复普通用户或其他权限用户能在swagger下更改系统管理员角色状态的安全漏洞

Browse Source
This commit is contained in:
yms
2025-06-18 17:01:08 +08:00
parent 02f835e59e
commit 48ec38e076
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/main/java/com/youlai/boot/system/controller/RoleController.java
View File

@@ -91,6 +91,7 @@ public class RoleController {
@Operation(summary = "修改角色状态") @Operation(summary = "修改角色状态")
@PutMapping(value = "/{roleId}/status") @PutMapping(value = "/{roleId}/status")
@PreAuthorize("@ss.hasPerm('sys:role:edit')")
public Result<?> updateRoleStatus( public Result<?> updateRoleStatus(
@Parameter(description = "角色ID") @PathVariable Long roleId, @Parameter(description = "角色ID") @PathVariable Long roleId,
@Parameter(description = "状态(1:启用;0:禁用)") @RequestParam Integer status @Parameter(description = "状态(1:启用;0:禁用)") @RequestParam Integer status