From dbbe383313ccb4bdb3ff71954ce93fce490ac70b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9B=B9=E9=B9=8F=E9=A3=9E?= Date: Sun, 14 Jun 2026 10:49:52 +0800 Subject: [PATCH] =?UTF-8?q?fix(user):=20=E4=BF=AE=E5=A4=8D=E7=94=A8?= =?UTF-8?q?=E6=88=B7=E6=9F=A5=E8=AF=A2=E6=9D=83=E9=99=90=E5=88=A4=E6=96=AD?= =?UTF-8?q?=E9=80=BB=E8=BE=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 将权限判断条件从 OR 改为 AND 操作符 - 确保非超级管理员用户无法显示所有数据 - 修复了权限控制的安全漏洞 --- .../java/com/nflg/wms/admin/service/UserControllerService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nflg-wms-admin/src/main/java/com/nflg/wms/admin/service/UserControllerService.java b/nflg-wms-admin/src/main/java/com/nflg/wms/admin/service/UserControllerService.java index bb79bde2..6fa5803f 100644 --- a/nflg-wms-admin/src/main/java/com/nflg/wms/admin/service/UserControllerService.java +++ b/nflg-wms-admin/src/main/java/com/nflg/wms/admin/service/UserControllerService.java @@ -186,7 +186,7 @@ public class UserControllerService { if (Objects.nonNull(request.getDeptId())) { request.setDeptIds(deptService.getWithChildren(request.getDeptId())); } - if (!request.getShowAll() || !UserUtil.getRoles().contains(Constant.SUPER_ADMIN)) { + if (!request.getShowAll() && !UserUtil.getRoles().contains(Constant.SUPER_ADMIN)) { request.setCreateById(UserUtil.getUserId()); } IPage pu = uService.search(request);