From 10d998901c4acb6b2ac34b7b613dbccb069fc1f0 Mon Sep 17 00:00:00 2001
From: zzy <zhong.zy@bsoft.com.cn>
Date: Sun, 26 Apr 2026 23:12:28 +0800
Subject: [PATCH] =?UTF-8?q?=E5=8F=96=E6=B6=88=E8=B6=8A=E6=9D=83=E7=9A=84?=
 =?UTF-8?q?=E9=99=90=E5=88=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../core/security/TenantSecurityWebFilter.java   | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/fjrcloud-framework/fjrcloud-spring-boot-starter-biz-tenant/src/main/java/com/fjrcloud/community/framework/tenant/core/security/TenantSecurityWebFilter.java b/fjrcloud-framework/fjrcloud-spring-boot-starter-biz-tenant/src/main/java/com/fjrcloud/community/framework/tenant/core/security/TenantSecurityWebFilter.java
index e972987..66c077e 100644
--- a/fjrcloud-framework/fjrcloud-spring-boot-starter-biz-tenant/src/main/java/com/fjrcloud/community/framework/tenant/core/security/TenantSecurityWebFilter.java
+++ b/fjrcloud-framework/fjrcloud-spring-boot-starter-biz-tenant/src/main/java/com/fjrcloud/community/framework/tenant/core/security/TenantSecurityWebFilter.java
@@ -20,7 +20,6 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
-import java.util.Objects;
 import java.util.Set;
 
 /**
@@ -78,14 +77,15 @@ public class TenantSecurityWebFilter extends ApiRequestFilter {
                 tenantId = user.getTenantId();
                 TenantContextHolder.setTenantId(tenantId);
             // 如果传递了租户编号，则进行比对租户编号，避免越权问题
-            } else if (!Objects.equals(user.getTenantId(), TenantContextHolder.getTenantId())) {
-                log.error("[doFilterInternal][租户({}) User({}/{}) 越权访问租户({}) URL({}/{})]",
-                        user.getTenantId(), user.getId(), user.getUserType(),
-                        TenantContextHolder.getTenantId(), request.getRequestURI(), request.getMethod());
-                ServletUtils.writeJSON(response, CommonResult.error(GlobalErrorCodeConstants.FORBIDDEN.getCode(),
-                        "您无权访问该租户的数据"));
-                return;
             }
+//            else if (!Objects.equals(user.getTenantId(), TenantContextHolder.getTenantId())) {
+//                log.error("[doFilterInternal][租户({}) User({}/{}) 越权访问租户({}) URL({}/{})]",
+//                        user.getTenantId(), user.getId(), user.getUserType(),
+//                        TenantContextHolder.getTenantId(), request.getRequestURI(), request.getMethod());
+//                ServletUtils.writeJSON(response, CommonResult.error(GlobalErrorCodeConstants.FORBIDDEN.getCode(),
+//                        "您无权访问该租户的数据"));
+//                return;
+//            }
         }
 
         // 2. 超级管理员（系统租户）默认忽略租户隔离，可查询所有数据