update 优化权限获取增加用户登录了但是查询的loginId是别人的场景

2025-05-26 16:31:10 +08:00 · 2025-05-26 16:31:10 +08:00 · d1889c42a3
commit d1889c42a3
parent a7ea096319
1 changed files with 2 additions and 2 deletions
--- a/ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/core/service/SaPermissionImpl.java
+++ b/ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/core/service/SaPermissionImpl.java
@ -28,7 +28,7 @@ public class SaPermissionImpl implements StpInterface {
    @Override
    public List<String> getPermissionList(Object loginId, String loginType) {
        LoginUser loginUser = LoginHelper.getLoginUser();
-        if (ObjectUtil.isNull(loginUser)) {
+        if (ObjectUtil.isNull(loginUser) || !loginUser.getLoginId().equals(loginId)) {
            List<String> list = StringUtils.splitList(loginId.toString(), ":");
            return new ArrayList<>(permissionService.getMenuPermission(Long.parseLong(list.get(1))));
        }
@ -46,7 +46,7 @@ public class SaPermissionImpl implements StpInterface {
    @Override
    public List<String> getRoleList(Object loginId, String loginType) {
        LoginUser loginUser = LoginHelper.getLoginUser();
-        if (ObjectUtil.isNull(loginUser)) {
+        if (ObjectUtil.isNull(loginUser) || !loginUser.getLoginId().equals(loginId)) {
            List<String> list = StringUtils.splitList(loginId.toString(), ":");
            return new ArrayList<>(permissionService.getRolePermission(Long.parseLong(list.get(1))));
        }