fix: 修复个人信息设置功能的bug

Closes #1087
2021-01-08 17:44:29 +08:00 · 2021-01-08 17:44:29 +08:00 · ddd640c7c1
parent 9723f85c46
commit ddd640c7c1
1 changed files with 4 additions and 0 deletions
--- a/backend/src/main/java/io/metersphere/controller/UserController.java
+++ b/backend/src/main/java/io/metersphere/controller/UserController.java
@ -136,6 +136,10 @@ public class UserController {

    @PostMapping("/update/current")
    public UserDTO updateCurrentUser(@RequestBody User user) {
+        String currentUserId = SessionUtils.getUserId();
+        if (!StringUtils.equals(currentUserId, user.getId())) {
+            MSException.throwException(Translator.get("not_authorized"));
+        }
        userService.updateUser(user);
        UserDTO userDTO = userService.getUserDTO(user.getId());
        SessionUtils.putUser(SessionUser.fromUser(userDTO));