fix(user): 修复用户查询权限判断逻辑

- 将权限判断条件从 OR 改为 AND 操作符 - 确保非超级管理员用户无法显示所有数据 - 修复了权限控制的安全漏洞
2026-06-14 10:49:52 +08:00 · 2026-06-14 10:49:52 +08:00 · dbbe383313
parent 36ad7c0bfa
commit dbbe383313
1 changed files with 1 additions and 1 deletions
--- a/nflg-wms-admin/src/main/java/com/nflg/wms/admin/service/UserControllerService.java
+++ b/nflg-wms-admin/src/main/java/com/nflg/wms/admin/service/UserControllerService.java
@ -186,7 +186,7 @@ public class UserControllerService {
        if (Objects.nonNull(request.getDeptId())) {
            request.setDeptIds(deptService.getWithChildren(request.getDeptId()));
        }
-        if (!request.getShowAll() || !UserUtil.getRoles().contains(Constant.SUPER_ADMIN)) {
+        if (!request.getShowAll() && !UserUtil.getRoles().contains(Constant.SUPER_ADMIN)) {
            request.setCreateById(UserUtil.getUserId());
        }
        IPage<UserVO> pu = uService.search(request);