修复普通用户或其他权限用户能在swagger下更改系统管理员角色状态,获取用户表单数据,更改菜单显示状态的安全漏洞

2025-06-18 17:24:15 +08:00
parent 48ec38e076
commit 86a9b3e212
2 changed files with 3 additions and 0 deletions
--- a/src/main/java/com/youlai/boot/system/controller/MenuController.java
+++ b/src/main/java/com/youlai/boot/system/controller/MenuController.java
@@ -102,6 +102,7 @@ public class MenuController {

    @Operation(summary = "修改菜单显示状态")
    @PatchMapping("/{menuId}")
+    @PreAuthorize("@ss.hasPerm('sys:menu:edit')")
    public Result<?> updateMenuVisible(
            @Parameter(description = "菜单ID") @PathVariable Long menuId,
            @Parameter(description = "显示状态(1:显示;0:隐藏)") Integer visible