fix: 修复个人信息设置功能的bug

Closes #1087

backend/src/main/java/io/metersphere/controller/UserController.java

@@ -136,6 +136,10 @@ public class UserController {
 
     @PostMapping("/update/current")
     public UserDTO updateCurrentUser(@RequestBody User user) {
+        String currentUserId = SessionUtils.getUserId();
+        if (!StringUtils.equals(currentUserId, user.getId())) {
+            MSException.throwException(Translator.get("not_authorized"));
+        }
         userService.updateUser(user);
         UserDTO userDTO = userService.getUserDTO(user.getId());
         SessionUtils.putUser(SessionUser.fromUser(userDTO));