huangge1199/RuoYi-Vue-Oracle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修复任意账户越权问题

Browse Source
This commit is contained in:
RuoYi 2021-07-27 12:51:35 +08:00
parent c55255b460
commit c3dfac5538
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/main/java/com/ruoyi/project/system/controller/SysProfileController.java
View File

@ -71,9 +71,12 @@ public class SysProfileController extends BaseController
{ {
return AjaxResult.error("修改用户'" + user.getUserName() + "'失败,邮箱账号已存在"); return AjaxResult.error("修改用户'" + user.getUserName() + "'失败,邮箱账号已存在");
} }
LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
SysUser sysUser = loginUser.getUser();
user.setUserId(sysUser.getUserId());
user.setPassword(null);
if (userService.updateUserProfile(user) > 0) if (userService.updateUserProfile(user) > 0)
{ {
LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
// 更新缓存用户信息 // 更新缓存用户信息
loginUser.getUser().setNickName(user.getNickName()); loginUser.getUser().setNickName(user.getNickName());
loginUser.getUser().setPhonenumber(user.getPhonenumber()); loginUser.getUser().setPhonenumber(user.getPhonenumber());