diff --git a/server/controllers/user.js b/server/controllers/user.js
index 6a428997..b1da1fbb 100755
--- a/server/controllers/user.js
+++ b/server/controllers/user.js
@@ -411,6 +411,10 @@ class userController extends baseController {
       let userInst = yapi.getInst(userModel);
       let id = ctx.request.query.id;
 
+      if (this.getRole() !== 'admin' && id != this.getUid()) {
+        return (ctx.body = yapi.commons.resReturn(null, 401, '没有权限'));
+      }
+
       if (!id) {
         return (ctx.body = yapi.commons.resReturn(null, 400, 'uid不能为空'));
       }