chenxudong
/
electromagnetic-data-new
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

增强权限校验

This commit is contained in:
chenxudong 2025-05-13 10:32:24 +08:00
parent a46e067f6f
commit a9a8d02df2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/config/LoginInterceptor.java
View File

@ -87,7 +87,7 @@ public class LoginInterceptor implements HandlerInterceptor {
private boolean checkSysAdminOperation(HttpServletRequest request, HttpServletResponse response) { private boolean checkSysAdminOperation(HttpServletRequest request, HttpServletResponse response) {
String uri = request.getRequestURI(); String uri = request.getRequestURI();
if (uri.startsWith("/data/ed/prj") && !UserThreadLocal.getAdminType().equals(AdminTypeEnum.SYSTEM.getValue())) { if ((uri.startsWith("/data/ed/prj") || uri.startsWith("/data/ed/repo/prj")) && !UserThreadLocal.getAdminType().equals(AdminTypeEnum.SYSTEM.getValue())) {
log.warn("{}没有层级操作权限,当前用户类型是{}", UserThreadLocal.getUsername(), UserThreadLocal.getAdminType()); log.warn("{}没有层级操作权限,当前用户类型是{}", UserThreadLocal.getUsername(), UserThreadLocal.getAdminType());
response.setStatus(HttpServletResponse.SC_FORBIDDEN); response.setStatus(HttpServletResponse.SC_FORBIDDEN);
return false; return false;