From 7d7bd4fe5663e8581b429b2406122e1dbebfca32 Mon Sep 17 00:00:00 2001
From: Wu Clan <jianhengwu0407@gmail.com>
Date: Sun, 1 Jun 2025 00:41:24 +0800
Subject: [PATCH] Fix data permission condition for filter data

---
 backend/common/security/permission.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/backend/common/security/permission.py b/backend/common/security/permission.py
index 3b9344bd4..62c3efa7a 100644
--- a/backend/common/security/permission.py
+++ b/backend/common/security/permission.py
@@ -57,8 +57,11 @@ async def filter_data_permission(db: AsyncSession, request: Request) -> ColumnEl
     :return:
     """
     # 是否过滤数据权限
+    if request.user.is_superuser:
+        return or_(1 == 1)
+
     for role in request.user.roles:
-        if role.is_filter_scopes:
+        if not role.is_filter_scopes:
             return or_(1 == 1)
 
     # 获取数据范围
@@ -71,8 +74,8 @@ async def filter_data_permission(db: AsyncSession, request: Request) -> ColumnEl
     # 转换为列表
     data_scopes = list(unique_data_scopes.values())
 
-    # 超级管理员和无规则用户不做过滤
-    if request.user.is_superuser or not data_scopes:
+    # 无规则用户不做过滤
+    if not data_scopes:
         return or_(1 == 1)
 
     # 获取数据范围规则