后端增加 setSelfInfo 接口防止越权操作

2022-01-07 19:17:33 +08:00
parent 3a74c9483e
commit 8d34adee14
4 changed files with 24 additions and 1 deletions
--- a/server/source/system/api.go
+++ b/server/source/system/api.go
@@ -24,7 +24,8 @@ func (a *api) Initialize() error {
 		{ApiGroup: "系统用户", Method: "DELETE", Path: "/user/deleteUser", Description: "删除用户"},
 		{ApiGroup: "系统用户", Method: "POST", Path: "/user/register", Description: "用户注册(必选)"},
 		{ApiGroup: "系统用户", Method: "POST", Path: "/user/getUserList", Description: "获取用户列表"},
-		{ApiGroup: "系统用户", Method: "PUT", Path: "/user/setUserInfo", Description: "设置用户信息(必选)"},
+		{ApiGroup: "系统用户", Method: "PUT", Path: "/user/setUserInfo", Description: "设置用户信息"},
+		{ApiGroup: "系统用户", Method: "PUT", Path: "/user/setSelfInfo", Description: "设置自身信息(必选)"},
 		{ApiGroup: "系统用户", Method: "GET", Path: "/user/getUserInfo", Description: "获取自身信息(必选)"},
 		{ApiGroup: "系统用户", Method: "POST", Path: "/user/setUserAuthorities", Description: "设置权限组"},
 		{ApiGroup: "系统用户", Method: "POST", Path: "/user/changePassword", Description: "修改密码（建(选择)"},
--- a/server/source/system/casbin.go
+++ b/server/source/system/casbin.go
@@ -48,6 +48,7 @@ func (c *casbin) Initialize() error {

 		{PType: "p", V0: "888", V1: "/user/getUserInfo", V2: "GET"},
 		{PType: "p", V0: "888", V1: "/user/setUserInfo", V2: "PUT"},
+		{PType: "p", V0: "888", V1: "/user/setSelfInfo", V2: "PUT"},
 		{PType: "p", V0: "888", V1: "/user/getUserList", V2: "POST"},
 		{PType: "p", V0: "888", V1: "/user/deleteUser", V2: "DELETE"},
 		{PType: "p", V0: "888", V1: "/user/changePassword", V2: "POST"},