调整了前端接口调用防止越权

3 years ago · 1c392574c8
4 changed files with 26 additions and 14 deletions
--- a/web/src/api/user.js
+++ b/web/src/api/user.js
@ -111,6 +111,22 @@ export const setUserInfo = (data) => {
  })
 }
 // @Tags SysUser
 // @Summary 设置用户信息
 // @Security ApiKeyAuth
 // @accept application/json
 // @Produce application/json
 // @Param data body model.SysUser true "设置用户信息"
 // @Success 200 {string} string "{"success":true,"data":{},"msg":"修改成功"}"
 // @Router /user/setSelfInfo [put]
 export const setSelfInfo = (data) => {
  return service({
    url: '/user/setSelfInfo',
    method: 'put',
    data: data
  })
 }
 // @Tags User
 // @Summary 设置用户权限
 // @Security ApiKeyAuth
--- a/web/src/components/chooseImg/index.vue
+++ b/web/src/components/chooseImg/index.vue
@ -22,7 +22,7 @@
 import { ref } from 'vue'
 import { getFileList } from '@/api/fileUploadAndDownload'
 const emit = defineEmits(['chooseImg'])
 const emit = defineEmits(['enterImg'])
 defineProps({
  target: {
    type: Object,
@ -42,7 +42,7 @@ const chooseImg = (url, target, targetKey) => {
  if (target && targetKey) {
    target[targetKey] = url
  }
  emit('enter-img', url)
  emit('enterImg', url)
  drawer.value = false
 }
--- a/web/src/pinia/modules/user.js
+++ b/web/src/pinia/modules/user.js
@ -1,4 +1,4 @@
 import { login, getUserInfo, setUserInfo as setUserInfoApi } from '@/api/user'
 import { login, getUserInfo, setSelfInfo } from '@/api/user'
 import { jsonInBlacklist } from '@/api/jwt'
 import router from '@/router/index'
 import { ElMessage } from 'element-plus'
@ -74,7 +74,7 @@ export const useUserStore = defineStore('user', () => {
  }
  /* 设置侧边栏模式*/
  const changeSideMode = async(data) => {
    const res = await setUserInfoApi({ sideMode: data, ID: userInfo.value.ID })
    const res = await setSelfInfo({ sideMode: data })
    if (res.code === 0) {
      userInfo.value.sideMode = data
      ElMessage({
--- a/web/src/view/person/person.vue
+++ b/web/src/view/person/person.vue
@ -178,7 +178,7 @@ export default {
 <script setup>
 import ChooseImg from '@/components/chooseImg/index.vue'
 import { setUserInfo, changePassword } from '@/api/user.js'
 import { setSelfInfo, changePassword } from '@/api/user.js'
 import { reactive, ref } from 'vue'
 import { ElMessage } from 'element-plus'
 import { useUserStore } from '@/pinia/modules/user'
@ -249,13 +249,10 @@ const openChooseImg = () => {
  chooseImgRef.value.open()
 }
 const ResetUserInfo = (data) => {
  userStore.ResetUserInfo(data)
 }
 const enterImg = async(url) => {
  const res = await setUserInfo({ headerImg: url, ID: userStore.userInfo.ID })
  const res = await setSelfInfo({ headerImg: url })
  if (res.code === 0) {
    ResetUserInfo({ headerImg: url })
    userStore.ResetUserInfo({ headerImg: url })
    ElMessage({
      type: 'success',
      message: '设置成功',
@ -274,12 +271,11 @@ const closeEdit = () => {
 }
 const enterEdit = async() => {
  const res = await setUserInfo({
    nickName: nickName.value,
    ID: userStore.userInfo.ID,
  const res = await setSelfInfo({
    nickName: nickName.value
  })
  if (res.code === 0) {
    ResetUserInfo({ nickName: nickName.value })
    userStore.ResetUserInfo({ nickName: nickName.value })
    ElMessage({
      type: 'success',
      message: '设置成功',