修复渗透漏洞

apply-net/src/main/java/com/winsun/controller/codeManagerController.java

@@ -59,7 +59,7 @@ public class codeManagerController extends BaseController {
     @Autowired
     @Autowired
     private AuthCodeMapper authCodeMapper;
     private AuthCodeMapper authCodeMapper;
     @Autowired
     @Autowired
-    @Qualifier("redisStringTemplate")
+//    @Qualifier("redisStringTemplate")
     private RedisTemplate redisTemplate;
     private RedisTemplate redisTemplate;
     @Autowired
     @Autowired
     private ProductMapper productMapper;
     private ProductMapper productMapper;
@@ -75,6 +75,7 @@ public class codeManagerController extends BaseController {
     @Autowired
     @Autowired
     private SaveAuthCodeUtil saveAuthCodeUtil;
     private SaveAuthCodeUtil saveAuthCodeUtil;
 
 
+
     private static String PATH1 = "StudentCard1";
     private static String PATH1 = "StudentCard1";
     private static String PATH2 = "StudentCard2";
     private static String PATH2 = "StudentCard2";
     private static String PATH3 = "StudentCard3";
     private static String PATH3 = "StudentCard3";
@@ -120,6 +121,7 @@ public class codeManagerController extends BaseController {
             wrapper2.eq("order_status", "已完成");
             wrapper2.eq("order_status", "已完成");
             wrapper2.eq("business_number", phone);
             wrapper2.eq("business_number", phone);
             List<Order> list1 = orderMapper.selectList(wrapper2);
             List<Order> list1 = orderMapper.selectList(wrapper2);
+
             if (redisTemplate.hasKey(phone + ":num")) {
             if (redisTemplate.hasKey(phone + ":num")) {
                 redisTemplate.opsForValue().increment(phone + ":num", 1L);
                 redisTemplate.opsForValue().increment(phone + ":num", 1L);
             } else {
             } else {

service-manager/src/main/java/com/winsun/controller/PersonalCenterController.java

@@ -276,7 +276,7 @@ public class PersonalCenterController extends BaseController {
     @Permission(menuname = "个人中心用户详情", value = "partnerInfo", method = RequestMethod.POST)
     @Permission(menuname = "个人中心用户详情", value = "partnerInfo", method = RequestMethod.POST)
     public ResponseData<Map<String, Object>> selectPartnerInfo(String partner) {
     public ResponseData<Map<String, Object>> selectPartnerInfo(String partner) {
         ShiroUser shiroUser = getShiroUser();
         ShiroUser shiroUser = getShiroUser();
-        if (partner.equals(shiroUser.getId().toString())){
+        if (!partner.equals(shiroUser.getId().toString())){
             return ResponseData.error("权限不一致");
             return ResponseData.error("权限不一致");
         }
         }
         SysUser sysUser = sysUserMapper.selectById(partner);
         SysUser sysUser = sysUserMapper.selectById(partner);

service-manager/src/main/java/com/winsun/controller/hhrUserController.java

@@ -59,7 +59,7 @@ public class hhrUserController extends BaseController {
     @Permission(menuname = "督导查询", value = "getOrderList", method = RequestMethod.POST)
     @Permission(menuname = "督导查询", value = "getOrderList", method = RequestMethod.POST)
     public ResponseData<Map<String, Object>> getOrderList(String userId, Integer pageNo, Integer pageSize, String customer, String orderStatus, String userType, Integer selectFlag) {
     public ResponseData<Map<String, Object>> getOrderList(String userId, Integer pageNo, Integer pageSize, String customer, String orderStatus, String userType, Integer selectFlag) {
         ShiroUser shiroUser = getShiroUser();
         ShiroUser shiroUser = getShiroUser();
-        if (shiroUser.getId().toString().equals(userId)){
+        if (!shiroUser.getId().toString().equals(userId)){
             return ResponseData.error("权限不一致");
             return ResponseData.error("权限不一致");
         }
         }
         if (StringUtils.isBlank(userId)) {
         if (StringUtils.isBlank(userId)) {