From 80261cd9b2f739f76ed1972c439afe5371c58b70 Mon Sep 17 00:00:00 2001
From: wucongxing <815046773@qq.com>
Date: Mon, 3 Jul 2023 09:02:27 +0800
Subject: [PATCH] =?UTF-8?q?=E7=BB=9F=E4=B8=80=E9=AA=8C=E8=AF=81=E7=AE=A1?=
 =?UTF-8?q?=E7=90=86=E5=91=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 api/controller/user.go | 13 -------------
 api/service/user.go    |  8 ++++++++
 2 files changed, 8 insertions(+), 13 deletions(-)

diff --git a/api/controller/user.go b/api/controller/user.go
index 3610a92..1e51b76 100644
--- a/api/controller/user.go
+++ b/api/controller/user.go
@@ -187,19 +187,6 @@ func (r *User) PutUser(c *gin.Context) {
 		return
 	}
 
-	// 获取角色身份
-	roleService := service.RoleService{}
-	isAdmin, err := roleService.GetRoleIden(c)
-	if err != nil {
-		responses.FailWithMessage(err.Error(), c)
-		return
-	}
-
-	if !isAdmin {
-		responses.FailWithMessage("非管理员，无法操作", c)
-		return
-	}
-
 	// 业务处理
 	userService := service.UserService{}
 	_, err = userService.PutUser(c, userId, UserRequest.PutUser)
diff --git a/api/service/user.go b/api/service/user.go
index 9de9dd3..1ae295e 100644
--- a/api/service/user.go
+++ b/api/service/user.go
@@ -221,6 +221,14 @@ func (r *UserService) PutUser(c *gin.Context, requestUserId int64, putUserReques
 	}
 
 	adminRoleDao := dao.AdminRoleDao{}
+	adminRole, err := adminRoleDao.GetAdminRoleFirstById(loginRoleId)
+	if err != nil || adminRole == nil {
+		return false, errors.New("非法操作")
+	}
+
+	if adminRole.IsAdmin == 0 && loginUserId != requestUserId {
+		return false, errors.New("普通用户只可修改自己的用户数据")
+	}
 
 	if putUserRequest.Access != adminUser.Access {
 		// 检测账号名