diff --git a/bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/constant/Constants.java b/bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/constant/Constants.java
index a670df5..9227ab5 100644
--- a/bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/constant/Constants.java
+++ b/bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/constant/Constants.java
@@ -121,7 +121,7 @@ public class Constants
     /**
      * 自动识别json对象白名单配置（仅允许解析的包名，范围越小越安全）
      */
-    public static final String[] JSON_WHITELIST_STR = { "org.springframework", "com.bonus" };
+    public static final String[] JSON_WHITELIST_STR = { "org.springframework", "com.bonus", "com.fasterxml.jackson.databind.node.NullNode" };
 
     /**
      * 定时任务白名单配置（仅允许访问的包名，如其他需要可以自行添加）
diff --git a/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysUserController.java b/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysUserController.java
index af71f93..cb16bf3 100644
--- a/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysUserController.java
+++ b/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysUserController.java
@@ -90,6 +90,20 @@ public class SysUserController extends BaseController {
         return getDataTableError(new ArrayList<>());
     }
 
+    @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth(isUser = false), requiresPermissions = @RequiresPermissions("system:user:list"))
+    @PostMapping("/listByPost")
+    @SysLog(title = "用户管理", businessType = OperaType.QUERY, logType = 0, module = "系统管理->用户管理", details = "查询用户列表")
+    public TableDataInfo listByPost(@RequestBody SysUser user) {
+        try {
+            startPage();
+            List<SysUser> list = userService.selectUserList(user);
+            return getDataTable(list);
+        } catch (Exception e) {
+            logger.error(e.toString(), e);
+        }
+        return getDataTableError(new ArrayList<>());
+    }
+
     @RequiresPermissions("system:user:export")
     @PostMapping("/export")
     @SysLog(title = "用户管理", businessType = OperaType.EXPORT, logType = 0, module = "系统管理->用户管理", details = "导出用户信息")
diff --git a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysUserServiceImpl.java b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysUserServiceImpl.java
index 56939d1..32fc173 100644
--- a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysUserServiceImpl.java
+++ b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysUserServiceImpl.java
@@ -109,7 +109,6 @@ public class SysUserServiceImpl implements ISysUserService {
             user.setPhonenumber(phone);
         }
         user.setCompanyId(SecurityUtils.getLoginUser().getSysUser().getCompanyId());
-        //user.setDeptId(SecurityUtils.getLoginUser().getSysUser().getFirstLevelDeptId());
         List<SysUser> sysUsers = userMapper.selectUserList(user);
         //transferCanteenAdminAndCustInfo(sysUsers); //安徽送变电绿智食堂用户数据转换工具 （一次性工具）
         for (SysUser sysUser : sysUsers) {
diff --git a/bonus-modules/bonus-system/src/main/resources/mapper/system/SysUserMapper.xml b/bonus-modules/bonus-system/src/main/resources/mapper/system/SysUserMapper.xml
index f02f7a3..4057fa8 100644
--- a/bonus-modules/bonus-system/src/main/resources/mapper/system/SysUserMapper.xml
+++ b/bonus-modules/bonus-system/src/main/resources/mapper/system/SysUserMapper.xml
@@ -159,6 +159,12 @@
                 #{item}
             </foreach>
         </if>
+        <if test="roles != null and roles.size() > 0">
+            and r.role_key in
+            <foreach collection="roles" item="item" index="index" separator="," open="(" close=")">
+                #{item.roleKey}
+            </foreach>
+        </if>
        <include refid="com.bonus.system.mapper.DataScopeMapper.dataScopeFilter"/>
         GROUP BY u.user_id
     </select>