Inconsistent Authorization #42
Description
When the web front-end sends a request to create or modify role permissions, the PermissionList is always null. In backend code, if the PermissionList in requests is empty, no action is taken. If such one user's permission is cancel, although he cannot perform unauthorized permission operations through webpage, he can still achieve the same goal by sending requests through tools like postman. Critical code: src/main/java/com/suke/czx/modules/sys/service/impl/SysRoleServiceImpl.java,updateRoleMenu,saveRoleMenu