From 83341bb86a93f0301426921a32a89a1e986b8cb1 Mon Sep 17 00:00:00 2001
From: smallchill <smallchill@163.com>
Date: Tue, 18 May 2021 15:32:48 +0800
Subject: [PATCH] =?UTF-8?q?:zap:=20=E4=BC=98=E5=8C=96=E8=A7=92=E8=89=B2?=
 =?UTF-8?q?=E9=85=8D=E7=BD=AE=E9=80=BB=E8=BE=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../system/service/impl/RoleServiceImpl.java           | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/blade-service/blade-system/src/main/java/org/springblade/system/service/impl/RoleServiceImpl.java b/blade-service/blade-system/src/main/java/org/springblade/system/service/impl/RoleServiceImpl.java
index d9e0d665..de57bf72 100644
--- a/blade-service/blade-system/src/main/java/org/springblade/system/service/impl/RoleServiceImpl.java
+++ b/blade-service/blade-system/src/main/java/org/springblade/system/service/impl/RoleServiceImpl.java
@@ -83,6 +83,16 @@ public class RoleServiceImpl extends ServiceImpl<RoleMapper, Role> implements IR
 	}
 
 	private boolean grantRoleMenu(List<Long> roleIds, List<Long> menuIds) {
+		// 防止越权配置超管角色
+		int administratorCount = baseMapper.selectCount(Wrappers.<Role>query().lambda().eq(Role::getRoleAlias, RoleConstant.ADMINISTRATOR).in(Role::getId, roleIds));
+		if (!AuthUtil.isAdministrator() && administratorCount > 0) {
+			throw new ServiceException("无权配置超管角色!");
+		}
+		// 防止越权配置管理员角色
+		int adminCount = baseMapper.selectCount(Wrappers.<Role>query().lambda().eq(Role::getRoleAlias, RoleConstant.ADMIN).in(Role::getId, roleIds));
+		if (!AuthUtil.isAdmin() && adminCount > 0) {
+			throw new ServiceException("无权配置管理员角色!");
+		}
 		// 删除角色配置的菜单集合
 		roleMenuService.remove(Wrappers.<RoleMenu>update().lambda().in(RoleMenu::getRoleId, roleIds));
 		// 组装配置