权限拦截验证

whycxzp

2023-12-25 25ca12f34988018c2994dc24918a14443560089b

权限拦截验证

 src/main/java/com/whyc/filter/AccessFilter.java

@@ -127,6 +127,21 @@
                    response.getWriter().write("非法请求，身份未验证");
                    return;
                }
                else if(requestURI.contains("userInf/resetSnId") //重置其他用户密码,必须1000以下的管理员才能设置
                        ||requestURI.contains("add")
                        ||requestURI.contains("delete")
                        ||requestURI.contains("update")
                ){
                    int userId = user.getUid();
                    if(userId>=1000){
                        //越权访问
                        logService.record(OperationLogEnum.TYPE_1_SYS.getType(), OperationLogEnum.TYPE_2_UNAUTHORIZED_ACCESS.getType(),"越权访问", "越权访问接口:" + requestURI);
                        response.setStatus(401);
                        response.setContentType("text/html;charset=utf-8");
                        response.getWriter().write("非法请求，身份未授权");
                        return;
                    }
                }
            //}
        }