From 9249de0235e33c5f0c6033ff3e9d0835b67683fe Mon Sep 17 00:00:00 2001
From: 362270511 <362270511@qq.com>
Date: Wed, 14 Aug 2024 15:44:51 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=20Admin.NET/Admin.NET.Web.Co?=
 =?UTF-8?q?re/Handlers/JwtHandler.cs?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Contains有个问题就是 如果我两个api的地址重复率比较高，就拿通知接口举例子，接口1是 sysNotice/page， 接口2是sysNotice/pageReceived 。黑名单中有一个sysNotice/page这个接口，用Contains方法sysNotice/page这块就重复了，我勾选了通知菜单，但是我访问sysNotice/pageReceived就提示没有权限。因为，Contains就匹配上了 sysNotice/page，所以不能用Contains，用EndsWith比较合适，匹配和path最后一致就行
---
 Admin.NET/Admin.NET.Web.Core/Handlers/JwtHandler.cs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Admin.NET/Admin.NET.Web.Core/Handlers/JwtHandler.cs b/Admin.NET/Admin.NET.Web.Core/Handlers/JwtHandler.cs
index e5656e2e..ffaf9a0b 100644
--- a/Admin.NET/Admin.NET.Web.Core/Handlers/JwtHandler.cs
+++ b/Admin.NET/Admin.NET.Web.Core/Handlers/JwtHandler.cs
@@ -92,11 +92,11 @@ namespace Admin.NET.Web.Core
             var roleApis = await sysRoleService.GetUserApiList();
 
             // 若当前路由在按钮权限集合里面则放行
-            if (roleApis[0].Exists(u => path.Contains(u, StringComparison.CurrentCultureIgnoreCase)))
+            if (roleApis[0].Exists(u => path.EndsWith(u, StringComparison.CurrentCultureIgnoreCase)))
                 return true;
 
             // 若当前路由在已接口黑名单里面则禁止
-            return roleApis[1].TrueForAll(u => !path.Contains(u, StringComparison.CurrentCultureIgnoreCase));
+            return roleApis[1].TrueForAll(u => !path.EndsWith(u, StringComparison.CurrentCultureIgnoreCase));
         }
     }
 }
\ No newline at end of file