From d6e82622c0df91afb30019aacbde3f036d647d67 Mon Sep 17 00:00:00 2001
From: WebPuY <871513369@qq.com>
Date: Sun, 20 Sep 2020 10:28:15 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E8=A7=A3=E5=86=B3=E8=AF=B7=E6=B1=82?=
 =?UTF-8?q?=E7=94=A8=E6=88=B7=E4=BF=A1=E6=81=AF=E6=8E=A5=E5=8F=A3=E7=9A=84?=
 =?UTF-8?q?=E8=B6=8A=E6=9D=83=E6=BC=8F=E6=B4=9E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/controllers/user.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server/controllers/user.js b/server/controllers/user.js
index 6a428997..b1da1fbb 100755
--- a/server/controllers/user.js
+++ b/server/controllers/user.js
@@ -411,6 +411,10 @@ class userController extends baseController {
       let userInst = yapi.getInst(userModel);
       let id = ctx.request.query.id;
 
+      if (this.getRole() !== 'admin' && id != this.getUid()) {
+        return (ctx.body = yapi.commons.resReturn(null, 401, '没有权限'));
+      }
+
       if (!id) {
         return (ctx.body = yapi.commons.resReturn(null, 400, 'uid不能为空'));
       }