diff --git a/backstage/application/backstage/controllers/User.php b/backstage/application/backstage/controllers/User.php
index 4eca6d2..f9b7577 100644
--- a/backstage/application/backstage/controllers/User.php
+++ b/backstage/application/backstage/controllers/User.php
@@ -86,6 +86,12 @@ class User extends CI_Controller
 
     public function delUser($id)
     {
+        // 判断这个学生的company_id 和 当前管理员的company_id 是否一致
+        if(!checkCompanyId($id)){
+            $data = array('success' => false, 'msg' => '不能修改其他公司的用户');
+            echo json_encode($data);
+            exit;
+        }
         $rs = $this->user_model->user_delete($id);
         lwReturn($rs);
     }
@@ -97,6 +103,11 @@ class User extends CI_Controller
             foreach ($info as $k => $v){
                 $info[$k] = cleanInput($v);
             }
+            // 判断这个学生的company_id 和 当前管理员的company_id 是否一致
+            if(!checkCompanyId($userId)){
+                lwReturn(false, array('msg' => '不能修改其他公司的用户'));
+            }
+
             $rs = $this->user_model->user_edit($userId, $info);
             lwReturn($rs);
         } else {
@@ -205,6 +216,14 @@ class User extends CI_Controller
     public function deleteUser()
     {
         $userId = $this->input->post('userId');
+
+        // 判断这个学生的company_id 和 当前管理员的company_id 是否一致
+        if(!checkCompanyId($userId)){
+            $data = array('success' => false, 'msg' => '不能修改其他公司的用户');
+            echo json_encode($data);
+            exit;
+        }
+
         $this->tb_user->update(array('enabled' => -99), array('id' => $userId));
         $data = array('success' => true, 'msg' => '已经删除用户');
         echo json_encode($data);
diff --git a/backstage/application/backstage/helpers/common_helper.php b/backstage/application/backstage/helpers/common_helper.php
index 1afaa75..e305ff8 100644
--- a/backstage/application/backstage/helpers/common_helper.php
+++ b/backstage/application/backstage/helpers/common_helper.php
@@ -162,3 +162,16 @@ if(!function_exists('cleanInput')) {
         return $data;
     }
 }
+
+
+// 判断当前管理员的company_id 和 参数的user_id的company_id 是否一致
+function checkCompanyId($userId){
+    $CI =& get_instance();
+    $CI->load->library('lw_db',array('tb_name'=>'tb_user'),'tb_user');
+    $userInfo = $CI->tb_user->get_one(array('id'=>$userId));
+    if($userInfo['company_id'] == $CI->session->companyId){
+        return true;
+    }else{
+        return false;
+    }
+}