From 9502203bbee72439c8f54aa692958f443a2ceeeb Mon Sep 17 00:00:00 2001
From: 若依 <yzz_ivy@163.com>
Date: Sun, 14 Mar 2021 16:32:07 +0800
Subject: [PATCH] !187 【漏洞修复】升级commons-collections版本，解决3.2.1版本的反序列化漏洞问题 Merge pull request !187 from Delusive/master

---
 ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
index 222888c..a796f84 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
@@ -79,11 +79,11 @@
         }
         // 获取当前的用户
         LoginUser loginUser = SpringUtils.getBean(TokenService.class).getLoginUser(ServletUtils.getRequest());
-        SysUser currentUser = loginUser.getUser();
-        if (currentUser != null)
+        if (StringUtils.isNotNull(loginUser))
         {
+            SysUser currentUser = loginUser.getUser();
             // 如果是超级管理员，则不过滤数据
-            if (!currentUser.isAdmin())
+            if (StringUtils.isNotNull(currentUser) && !currentUser.isAdmin())
             {
                 dataScopeFilter(joinPoint, currentUser, controllerDataScope.deptAlias(),
                         controllerDataScope.userAlias());

--
Gitblit v1.9.2