We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
你好,我看到网站的菜单权限貌似是通过localstorage对象来存储并基于此来控制的。但这个对象前台用户是可以自己更改的,这样用户就可以自定义属性来修改权限(如localStorage.setItem('is_supper',"true")),他就能看到所有的菜单了。
The text was updated successfully, but these errors were encountered:
是的,如果自己去改就可以看到全部菜单。不过没关系,后端API也会判断用户的权限。就算用户看到没权限的菜单,接口也是无法调用。
Sorry, something went wrong.
一个没有权限的账号,登陆后通过修改修改localstorage,is_supper=true后刷新在菜单中用户管理修改管理员密码
No branches or pull requests
你好,我看到网站的菜单权限貌似是通过localstorage对象来存储并基于此来控制的。但这个对象前台用户是可以自己更改的,这样用户就可以自定义属性来修改权限(如localStorage.setItem('is_supper',"true")),他就能看到所有的菜单了。
The text was updated successfully, but these errors were encountered: