From 09dfb25d735d26e08b81307515ec32708016da33 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子li <15040126243@163.com>
Date: 星期二, 07 十二月 2021 12:20:21 +0800
Subject: [PATCH] update 修改 健康检查权限 改为用户放行 提高安全性

---
 ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
index e4a6cdc..40cedca 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
@@ -5,9 +5,11 @@
 import com.ruoyi.common.core.domain.entity.SysRole;
 import com.ruoyi.common.core.domain.entity.SysUser;
 import com.ruoyi.common.core.domain.model.LoginUser;
+import com.ruoyi.common.core.service.UserService;
 import com.ruoyi.common.utils.SecurityUtils;
 import com.ruoyi.common.utils.StringUtils;
 import com.ruoyi.common.utils.reflect.ReflectUtils;
+import com.ruoyi.common.utils.spring.SpringUtils;
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.annotation.Aspect;
 import org.aspectj.lang.annotation.Before;
@@ -64,8 +66,8 @@
 		// 鑾峰彇褰撳墠鐨勭敤鎴�
 		LoginUser loginUser = SecurityUtils.getLoginUser();
 		if (StringUtils.isNotNull(loginUser)) {
-			SysUser currentUser = loginUser.getUser();
-			// 濡傛灉鏄秴绾х鐞嗗憳锛屽垯涓嶈繃婊ゆ暟鎹�
+			SysUser currentUser = SpringUtils.getBean(UserService.class).selectUserById(loginUser.getUserId());
+            // 濡傛灉鏄秴绾х鐞嗗憳锛屽垯涓嶈繃婊ゆ暟鎹�
 			if (StringUtils.isNotNull(currentUser) && !currentUser.isAdmin()) {
 				dataScopeFilter(joinPoint, currentUser, controllerDataScope.deptAlias(),
 					controllerDataScope.userAlias(), controllerDataScope.isUser());

--
Gitblit v1.9.3