From 69edf436da5d47d580b3554a8dadedc6697c74bb Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期五, 10 三月 2023 22:17:25 +0800
Subject: [PATCH] !305 fix 修复用户相关更新操作会越权的问题 Merge pull request !305 from 丶Stone/5.X
---
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysProfileController.java | 5 ++---
1 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysProfileController.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysProfileController.java
index 28b21c9..34aaae5 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysProfileController.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysProfileController.java
@@ -83,7 +83,6 @@
@PutMapping("/updatePwd")
public R<Void> updatePwd(String oldPassword, String newPassword) {
SysUserVo user = userService.selectUserById(LoginHelper.getUserId());
- String userName = user.getUserName();
String password = user.getPassword();
if (!BCrypt.checkpw(oldPassword, password)) {
return R.fail("淇敼瀵嗙爜澶辫触锛屾棫瀵嗙爜閿欒");
@@ -92,7 +91,7 @@
return R.fail("鏂板瘑鐮佷笉鑳戒笌鏃у瘑鐮佺浉鍚�");
}
- if (userService.resetUserPwd(userName, BCrypt.hashpw(newPassword)) > 0) {
+ if (userService.resetUserPwd(user.getUserId(), BCrypt.hashpw(newPassword)) > 0) {
return R.ok();
}
return R.fail("淇敼瀵嗙爜寮傚父锛岃鑱旂郴绠$悊鍛�");
@@ -113,7 +112,7 @@
}
SysOssVo oss = sysOssService.upload(avatarfile);
String avatar = oss.getUrl();
- if (userService.updateUserAvatar(LoginHelper.getUsername(), oss.getOssId())) {
+ if (userService.updateUserAvatar(LoginHelper.getUserId(), oss.getOssId())) {
AvatarVo avatarVo = new AvatarVo();
avatarVo.setImgUrl(avatar);
return R.ok(avatarVo);
--
Gitblit v1.9.3