From 17a6a70ab1d9198b37998af9bf63c40e858c623e Mon Sep 17 00:00:00 2001
From: yupeng <roc__yu@163.com>
Date: 星期六, 22 三月 2025 11:21:35 +0800
Subject: [PATCH] Merge remote-tracking branch 'origin/master' into xizang-changyun

---
 ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
index b44867f..53ed772 100644
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
@@ -22,6 +22,7 @@
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.util.CollectionUtils;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
@@ -56,6 +57,7 @@
      */
     @ApiOperation(value = "获取用户列表")
     @PostMapping("/list")
+    @PreAuthorize("@ss.hasPermi('system:user')")
     public AjaxResult list(@RequestBody SysUserQuery query)
     {
         PageInfo<SysUserVO> list = userService.pageList(query);
@@ -64,6 +66,8 @@
 
     @ApiOperation(value = "获取用户列表-不分页")
     @PostMapping("/listNotPage")
+    @PreAuthorize("@ss.hasPermi('system:user')")
+
     public AjaxResult listNotPage()
     {
         List<SysUser> list = userService.selectList();

--
Gitblit v1.7.1