mkm/multi-store
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修复非管理员编辑价格的权限问题

Browse Source 
此代码更改修复了一个安全漏洞,之前非管理员用户错误地被允许编辑价格。现在,只有管理员(admin_id 为 23)才能修改价格,其他用户试图修改将触发异常。
This commit is contained in:
mkm 2024-10-15 21:29:23 +08:00
parent 1422ef0b59
commit 3ea1bc8fdb
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/admin/logic/beforehand_order_cart_info/BeforehandOrderCartInfoLogic.php
View File

@ -97,7 +97,7 @@ class BeforehandOrderCartInfoLogic extends BaseLogic
Db::startTrans(); Db::startTrans();
try { try {
$find=BeforehandOrderCartInfo::where('id', $params['id'])->find(); $find=BeforehandOrderCartInfo::where('id', $params['id'])->find();
if($params['admin_id']!=23&&$params['purchases']!=$find['price'] ){ if($params['admin_id']==23&&$params['purchases']!=$find['price'] ){
throw new BusinessException('当前账号没有权限编辑价格, 请联系管理员修改'); throw new BusinessException('当前账号没有权限编辑价格, 请联系管理员修改');
} }
$find->save([ $find->save([