From 3ea1bc8fdbf14eeabd69f48e23ffae7b6fd932fc Mon Sep 17 00:00:00 2001
From: mkm <727897186@qq.com>
Date: Tue, 15 Oct 2024 21:29:23 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E9=9D=9E=E7=AE=A1=E7=90=86?=
 =?UTF-8?q?=E5=91=98=E7=BC=96=E8=BE=91=E4=BB=B7=E6=A0=BC=E7=9A=84=E6=9D=83?=
 =?UTF-8?q?=E9=99=90=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

此代码更改修复了一个安全漏洞，之前非管理员用户错误地被允许编辑价格。现在，只有管理员（admin_id 为 23）才能修改价格，其他用户试图修改将触发异常。
---
 .../beforehand_order_cart_info/BeforehandOrderCartInfoLogic.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/admin/logic/beforehand_order_cart_info/BeforehandOrderCartInfoLogic.php b/app/admin/logic/beforehand_order_cart_info/BeforehandOrderCartInfoLogic.php
index 4b8074942..0259c9ff5 100644
--- a/app/admin/logic/beforehand_order_cart_info/BeforehandOrderCartInfoLogic.php
+++ b/app/admin/logic/beforehand_order_cart_info/BeforehandOrderCartInfoLogic.php
@@ -97,7 +97,7 @@ class BeforehandOrderCartInfoLogic extends BaseLogic
         Db::startTrans();
         try {
             $find=BeforehandOrderCartInfo::where('id', $params['id'])->find();
-            if($params['admin_id']!=23&&$params['purchases']!=$find['price'] ){
+            if($params['admin_id']==23&&$params['purchases']!=$find['price'] ){
                 throw new BusinessException('当前账号没有权限编辑价格， 请联系管理员修改');
             }
             $find->save([