thinkgem / jeesite

Java rapid development platform, based (Spring Boot, Spring MVC, Apache Shiro, MyBatis, Beetl, Bootstrap, AdminLTE), online code generation, including modules: Organization, role users, menu and button authorization, data permissions, system parameters, content management, workflow, etc. Loose coupling design is adopted; one key skin switch; account security Settings, password policies; Online scheduled task configuration; Support cluster, support SAAS; Support for multiple data sources
http://jeesite.com
Apache License 2.0
8k stars 5.66k forks source link

济南市场部随意删除菜单信息 #519

Open yanzhou-felicity opened 1 year ago

yanzhou-felicity commented 1 year ago

济南综合部这个普通用户可以随意删除管理员用户创建的菜单。 The ordinary user "济南综合部" can freely delete menus created by administrator users.

问题代码发生在com.thinkgem.jeesite.modules.sys.web.MenuController中的delete方法中 The problematic code occurs in the 'delete' method of the 'MenuController' class in com.thinkgem.jeesite.modules.sys.web.

这里登录济南综合部,删除“日志查询”这个字段 Here, logging in as the ordinary user "济南综合部," I will delete the "日志查询" (Log Query) field. 图片1

删除成功: Deletion successful. 图片2

问题代码截图: Screenshot of problem code

图片3