From 95d0409f1fedbddce69a290c1f6aee5c980fd36f Mon Sep 17 00:00:00 2001
From: zhou-hao <admin@hsweb.me>
Date: Wed, 26 Jun 2019 16:25:08 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E5=90=8C=E6=97=B6=E5=AD=98?=
 =?UTF-8?q?=E5=9C=A8=E8=A7=92=E8=89=B2=E5=92=8C=E6=9D=83=E9=99=90=E6=8E=A7?=
 =?UTF-8?q?=E5=88=B6=E7=9A=84=E9=80=BB=E8=BE=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../basic/handler/DefaultAuthorizingHandler.java       | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java
index 393c8af5e..080d3e23a 100644
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java
@@ -201,7 +201,10 @@ public class DefaultAuthorizingHandler implements AuthorizingHandler {
             Function<Predicate<Role>, Boolean> func = logicalIsOr
                     ? authentication.getRoles().stream()::anyMatch
                     : authentication.getRoles().stream()::allMatch;
-            access = func.apply(role -> rolesDef.contains(role.getId()));
+
+            access = logicalIsOr
+                    ? access || func.apply(role -> rolesDef.contains(role.getId()))
+                    : access && func.apply(role -> rolesDef.contains(role.getId()));
         }
         //控制用户
         if (!usersDef.isEmpty()) {
@@ -211,7 +214,10 @@ public class DefaultAuthorizingHandler implements AuthorizingHandler {
             Function<Predicate<String>, Boolean> func = logicalIsOr
                     ? usersDef.stream()::anyMatch
                     : usersDef.stream()::allMatch;
-            access = func.apply(authentication.getUser().getUsername()::equals);
+            access = logicalIsOr
+                    ? access || func.apply(authentication.getUser().getUsername()::equals)
+                    : access && func.apply(authentication.getUser().getUsername()::equals);
+
         }
         if (!access) {
             throw new AccessDenyException(definition.getMessage());