FatttSnake/oxygen-api
1
0
Fork 0
Code Pull Requests Activity

Other users cannot change admin password

Browse Source
This commit is contained in:
Fat Snake
2023-12-01 16:12:05 +08:00
parent 8dc5533473
commit 1ad38bf2a8
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/main/kotlin/top/fatweb/api/service/permission/impl/UserServiceImpl.kt
View File

@@ -5,6 +5,7 @@ import com.baomidou.mybatisplus.extension.kotlin.KtQueryWrapper
import com.baomidou.mybatisplus.extension.kotlin.KtUpdateWrapper import com.baomidou.mybatisplus.extension.kotlin.KtUpdateWrapper
import com.baomidou.mybatisplus.extension.plugins.pagination.Page import com.baomidou.mybatisplus.extension.plugins.pagination.Page
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl
import org.springframework.security.access.AccessDeniedException
import org.springframework.security.crypto.password.PasswordEncoder import org.springframework.security.crypto.password.PasswordEncoder
import org.springframework.stereotype.Service import org.springframework.stereotype.Service
import org.springframework.transaction.annotation.Transactional import org.springframework.transaction.annotation.Transactional
@@ -201,6 +202,10 @@ class UserServiceImpl(
} }
override fun changePassword(userChangePasswordParam: UserChangePasswordParam) { override fun changePassword(userChangePasswordParam: UserChangePasswordParam) {
if (WebUtil.getLoginUserId() != 0L && userChangePasswordParam.id == 0L) {
throw AccessDeniedException("Access denied")
}
val user = baseMapper.selectById(userChangePasswordParam.id) val user = baseMapper.selectById(userChangePasswordParam.id)
user?.let { user?.let {
val wrapper = KtUpdateWrapper(User()) val wrapper = KtUpdateWrapper(User())