Java rapid development platform, based (Spring Boot, Spring MVC, Apache Shiro, MyBatis, Beetl, Bootstrap, AdminLTE), online code generation, including modules: Organization, role users, menu and button authorization, data permissions, system parameters, content management, workflow, etc. Loose coupling design is adopted; one key skin switch; account security Settings, password policies; Online scheduled task configuration; Support cluster, support SAAS; Support for multiple data sources
管理员角色对普通用户是不可见的,但是普通用户可以通过id来删除管理员的角色信息,以下展示了普通用户请求url:http://localhost:8080/jeesite/a/sys/user/delete?id=2 删除id为2的管理员的角色信息
The administrator role is not visible to regular users, but regular users can still delete the administrator's role information by using the 'id'. The following shows an example of a regular user requesting the URL: http://localhost:8080/jeesite/a/sys/user/delete?id=2 to delete the role information of the administrator with ID 2.
问题代码出现在com.thinkgem.jeesite.modules.sys.web.UserController类中的delete函数
The issue code is present in the 'delete' function of the 'UserController' class in com.thinkgem.jeesite.modules.sys.web.
管理员可见的
Visible to administrators.
发送请求尝试删除山东省总公司的id为2,用户名为sd_admin的
Attempting to delete the record with ID 2 and username "sd_admin" for the Shandong Provincial Headquarters by sending a request.
删除成功
Deletion successful.
登录管理员查看登录名为ad_admin的角色已经被删除
After logging in as an administrator, it is noticed that the role with the login name "ad_admin" has been deleted.
管理员角色对普通用户是不可见的,但是普通用户可以通过id来删除管理员的角色信息,以下展示了普通用户请求url:http://localhost:8080/jeesite/a/sys/user/delete?id=2 删除id为2的管理员的角色信息 The administrator role is not visible to regular users, but regular users can still delete the administrator's role information by using the 'id'. The following shows an example of a regular user requesting the URL: http://localhost:8080/jeesite/a/sys/user/delete?id=2 to delete the role information of the administrator with ID 2.
问题代码出现在com.thinkgem.jeesite.modules.sys.web.UserController类中的delete函数 The issue code is present in the 'delete' function of the 'UserController' class in com.thinkgem.jeesite.modules.sys.web.
管理员可见的 Visible to administrators.
发送请求尝试删除山东省总公司的id为2,用户名为sd_admin的 Attempting to delete the record with ID 2 and username "sd_admin" for the Shandong Provincial Headquarters by sending a request.
删除成功 Deletion successful.
登录管理员查看登录名为ad_admin的角色已经被删除 After logging in as an administrator, it is noticed that the role with the login name "ad_admin" has been deleted.
问题代码 The problematic code.