管理员权限绕过

bi-server/src/main/java/com/usoftchina/bi/server/service/dashboard/DashboardsService.java

@@ -106,7 +106,7 @@ public class DashboardsService {
         int userId = Integer.parseInt(stringMap.get("id"));
         String name = stringMap.get("name");
         int createId = dashboardsMapper.getCreateIdById(dashboardsInfo.getId());
-        if (userId != createId) {
+        if (userId != createId && !RoleConstant.SUPER_ADMIN.getRole().equals(stringMap.get("role"))) {
             return new RepEntity(RepCode.NoAuthority);
         }
         Dashboards dashboards = new Dashboards();
@@ -177,7 +177,7 @@ public class DashboardsService {
     public RepEntity delDashboards(String token, Integer id) {
         int userId = BaseContextHolder.getUserId();
         int createId = dashboardsMapper.getCreateIdById(id);
-        if (userId != createId) {
+        if (userId != createId && !RoleConstant.SUPER_ADMIN.getRole().equals(BaseContextHolder.getRole())) {
             return new RepEntity(RepCode.NoAuthority);
         }
         Dashboards dashboards = dashboardsMapper.getDashboards(userId, id);
@@ -327,7 +327,7 @@ public class DashboardsService {
     public RepEntity getDashOrder(String token, int dashId) {
         int userId = BaseContextHolder.getUserId();
         int createId = dashboardsMapper.getCreateIdById(dashId);
-        if (userId != createId) {
+        if (userId != createId && !RoleConstant.SUPER_ADMIN.getRole().equals(BaseContextHolder.getRole())) {
             return new RepEntity(RepCode.NoAuthority);
         }