New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

接口如何限制传参？ #58

Open

apple1563 opened this issue Oct 9, 2023 · 1 comment

apple1563 commented Oct 9, 2023

一个接口查询用户信息，如 /api/user?userId=xxx
有两个角色，一个是管理员，一个是代理，他们都有这个接口的权限。
管理员可以查询所有用户，代理只能查询他的下级。
如何防止代理传参userId不属于他自己下属的userId查询其他人信息？

Contributor

aklivecai commented Oct 17, 2023

角色管理中有：数据权限的配置呢

bufanyun pushed a commit that referenced this issue


          Merge pull request #58 from bufanyun/v2.0

ce4629e

up

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment