/profile页更新用户信息会导致用户角色丢失。另外通过伪造接口数据,接口api/v1/user/update存在变成超级管理员的风险 <img width="577" height="143" alt="Image" src="https://github.com/user-attachments/assets/ae4d7fd6-bacb-4ba0-a606-9673042a9cac" /> <img width="857" height="198" alt="Image" src="https://github.com/user-attachments/assets/8226d37d-49d5-421e-89ac-82c769c982ec" /> <img width="443" height="176" alt="Image" src="https://github.com/user-attachments/assets/a87c525b-0b80-4e33-ada4-aaa3c1ecba7b" />
