取消越权的限制

fjrcloud-framework/fjrcloud-spring-boot-starter-biz-tenant/src/main/java/com/fjrcloud/community/framework/tenant/core/security/TenantSecurityWebFilter.java

@@ -20,7 +20,6 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
-import java.util.Objects;
 import java.util.Set;
 
 /**
@@ -78,14 +77,15 @@ public class TenantSecurityWebFilter extends ApiRequestFilter {
                 tenantId = user.getTenantId();
                 TenantContextHolder.setTenantId(tenantId);
             // 如果传递了租户编号，则进行比对租户编号，避免越权问题
-            } else if (!Objects.equals(user.getTenantId(), TenantContextHolder.getTenantId())) {
-                log.error("[doFilterInternal][租户({}) User({}/{}) 越权访问租户({}) URL({}/{})]",
-                        user.getTenantId(), user.getId(), user.getUserType(),
-                        TenantContextHolder.getTenantId(), request.getRequestURI(), request.getMethod());
-                ServletUtils.writeJSON(response, CommonResult.error(GlobalErrorCodeConstants.FORBIDDEN.getCode(),
-                        "您无权访问该租户的数据"));
-                return;
             }
+//            else if (!Objects.equals(user.getTenantId(), TenantContextHolder.getTenantId())) {
+//                log.error("[doFilterInternal][租户({}) User({}/{}) 越权访问租户({}) URL({}/{})]",
+//                        user.getTenantId(), user.getId(), user.getUserType(),
+//                        TenantContextHolder.getTenantId(), request.getRequestURI(), request.getMethod());
+//                ServletUtils.writeJSON(response, CommonResult.error(GlobalErrorCodeConstants.FORBIDDEN.getCode(),
+//                        "您无权访问该租户的数据"));
+//                return;
+//            }
         }
 
         // 2. 超级管理员（系统租户）默认忽略租户隔离，可查询所有数据