From 0d52e11e3dd739eb5a67ea645f0ca4c4be77ad91 Mon Sep 17 00:00:00 2001
From: 平凡 <hmxmylove@163.com>
Date: Sat, 18 Jul 2020 00:03:27 +0800
Subject: [PATCH] 禁止加密密文返回前端

---
 ruoyi/src/main/java/com/ruoyi/project/system/controller/SysUserController.java |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/ruoyi/src/main/java/com/ruoyi/project/system/controller/SysUserController.java b/ruoyi/src/main/java/com/ruoyi/project/system/controller/SysUserController.java
index b93e8eb..5c68570 100644
--- a/ruoyi/src/main/java/com/ruoyi/project/system/controller/SysUserController.java
+++ b/ruoyi/src/main/java/com/ruoyi/project/system/controller/SysUserController.java
@@ -1,6 +1,7 @@
 package com.ruoyi.project.system.controller;
 
 import java.util.List;
+import java.util.stream.Collectors;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
@@ -25,6 +26,7 @@
 import com.ruoyi.framework.web.controller.BaseController;
 import com.ruoyi.framework.web.domain.AjaxResult;
 import com.ruoyi.framework.web.page.TableDataInfo;
+import com.ruoyi.project.system.domain.SysRole;
 import com.ruoyi.project.system.domain.SysUser;
 import com.ruoyi.project.system.service.ISysPostService;
 import com.ruoyi.project.system.service.ISysRoleService;
@@ -101,7 +103,8 @@
     public AjaxResult getInfo(@PathVariable(value = "userId", required = false) Long userId)
     {
         AjaxResult ajax = AjaxResult.success();
-        ajax.put("roles", roleService.selectRoleAll());
+        List<SysRole> roles = roleService.selectRoleAll();
+        ajax.put("roles", SysUser.isAdmin(userId) ? roles : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList()));
         ajax.put("posts", postService.selectPostAll());
         if (StringUtils.isNotNull(userId))
         {

--
Gitblit v1.9.2