forked from aixan/RuoYi-Vue
		
	!669 用户多角色,数据权限切面处理时可能出现权限抬升的情况。
Merge pull request !669 from 0慕容雪0/master
This commit is contained in:
		| @@ -106,8 +106,9 @@ public class DataScopeAspect | |||||||
|                 continue; |                 continue; | ||||||
|             } |             } | ||||||
|             if (DATA_SCOPE_ALL.equals(dataScope)) |             if (DATA_SCOPE_ALL.equals(dataScope)) | ||||||
|             { |             {                                 | ||||||
|                 sqlString = new StringBuilder(); |                 sqlString = new StringBuilder(); | ||||||
|  |                 conditions.add(dataScope); | ||||||
|                 break; |                 break; | ||||||
|             } |             } | ||||||
|             else if (DATA_SCOPE_CUSTOM.equals(dataScope)) |             else if (DATA_SCOPE_CUSTOM.equals(dataScope)) | ||||||
| @@ -141,6 +142,12 @@ public class DataScopeAspect | |||||||
|             conditions.add(dataScope); |             conditions.add(dataScope); | ||||||
|         } |         } | ||||||
|  |  | ||||||
|  |         // 多角色情况下,所有角色都不包含传递过来的权限字符,这个时候sqlString也会为空,所以要限制一下,不查询任何数据 | ||||||
|  |         if (StringUtils.isEmpty(conditions)) | ||||||
|  |         { | ||||||
|  |             sqlString.append(StringUtils.format(" OR {}.dept_id = 0 ", deptAlias)); | ||||||
|  |         } | ||||||
|  |  | ||||||
|         if (StringUtils.isNotBlank(sqlString.toString())) |         if (StringUtils.isNotBlank(sqlString.toString())) | ||||||
|         { |         { | ||||||
|             Object params = joinPoint.getArgs()[0]; |             Object params = joinPoint.getArgs()[0]; | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user
	 若依
					若依