master：系统权限调整；

2025-11-24 16:13:17 +08:00 · 2025-11-24 16:13:17 +08:00 · efedb86f7d
parent 4d58960697
commit efedb86f7d
2 changed files with 18 additions and 5 deletions
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/xkt/AdvertController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/xkt/AdvertController.java
@ -32,7 +32,7 @@ public class AdvertController extends XktBaseController {

    final IAdvertService advertService;

-    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
+    @PreAuthorize("@ss.hasAnyRoles('admin')")
    @ApiOperation(value = "新增推广营销", httpMethod = "POST", response = R.class)
    @Log(title = "新增推广营销", businessType = BusinessType.INSERT)
    @PostMapping
@ -40,21 +40,21 @@ public class AdvertController extends XktBaseController {
        return R.ok(advertService.create(BeanUtil.toBean(createVO, AdvertCreateDTO.class)));
    }

-    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
+    @PreAuthorize("@ss.hasAnyRoles('admin')")
    @ApiOperation(value = "获取推广营销详细信息", httpMethod = "GET", response = R.class)
    @GetMapping(value = "/{advertId}")
    public R<AdvertResVO> getInfo(@PathVariable("advertId") Long advertId) {
        return R.ok(BeanUtil.toBean(advertService.getInfo(advertId), AdvertResVO.class));
    }

-    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
+    @PreAuthorize("@ss.hasAnyRoles('admin')")
    @ApiOperation(value = "查询推广营销列表 ", httpMethod = "POST", response = R.class)
    @PostMapping("/page")
    public R<Page<AdvertResDTO>> page(@Validated @RequestBody AdvertPageVO pageVO) {
        return R.ok(advertService.page(BeanUtil.toBean(pageVO, AdvertPageDTO.class)));
    }

-    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
+    @PreAuthorize("@ss.hasAnyRoles('admin')")
    @ApiOperation(value = "修改推广营销信息", httpMethod = "PUT", response = R.class)
    @Log(title = "修改推广营销信息", businessType = BusinessType.UPDATE)
    @PutMapping
@ -62,7 +62,7 @@ public class AdvertController extends XktBaseController {
        return R.ok(advertService.updateAdvert(BeanUtil.toBean(updateVO, AdvertUpdateDTO.class)));
    }

-    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
+    @PreAuthorize("@ss.hasAnyRoles('admin')")
    @ApiOperation(value = "上线/下线 营销推广", httpMethod = "PUT", response = R.class)
    @Log(title = "上线/下线 营销推广", businessType = BusinessType.UPDATE)
    @PutMapping("/change-status")
--- a/xkt/src/main/java/com/ruoyi/xkt/service/impl/AdvertServiceImpl.java
+++ b/xkt/src/main/java/com/ruoyi/xkt/service/impl/AdvertServiceImpl.java
@ -9,6 +9,7 @@ import com.ruoyi.common.constant.HttpStatus;
 import com.ruoyi.common.core.page.Page;
 import com.ruoyi.common.enums.AdType;
 import com.ruoyi.common.exception.ServiceException;
+import com.ruoyi.common.utils.SecurityUtils;
 import com.ruoyi.xkt.domain.Advert;
 import com.ruoyi.xkt.domain.SysFile;
 import com.ruoyi.xkt.dto.advert.*;
@ -52,6 +53,10 @@ public class AdvertServiceImpl implements IAdvertService {
    @Override
    @Transactional
    public Integer create(AdvertCreateDTO createDTO) {
+        // 用户是否为档口管理者或子账户
+        if (!SecurityUtils.isAdmin()) {
+            throw new ServiceException("当前用户非管理员账号，无权限操作!", HttpStatus.ERROR);
+        }
        Advert advert = BeanUtil.toBean(createDTO, Advert.class);
        advert.setBasicSymbol(random10Str());
        advert.setOnlineStatus(AdOnlineStatus.ONLINE.getValue());
@ -136,6 +141,10 @@ public class AdvertServiceImpl implements IAdvertService {
    @Override
    @Transactional
    public Integer updateAdvert(AdvertUpdateDTO updateDTO) {
+        // 用户是否为档口管理者或子账户
+        if (!SecurityUtils.isAdmin()) {
+            throw new ServiceException("当前用户非管理员账号，无权限操作!", HttpStatus.ERROR);
+        }
        Advert advert = Optional.ofNullable(this.advertMapper.selectOne(new LambdaQueryWrapper<Advert>()
                        .eq(Advert::getId, updateDTO.getAdvertId()).eq(Advert::getDelFlag, Constants.UNDELETED)))
                .orElseThrow(() -> new ServiceException("推广营销不存在!", HttpStatus.ERROR));
@ -158,6 +167,10 @@ public class AdvertServiceImpl implements IAdvertService {
    @Override
    @Transactional
    public Integer changeAdvertStatus(AdvertChangeStatusDTO changeStatusDTO) {
+        // 用户是否为档口管理者或子账户
+        if (!SecurityUtils.isAdmin()) {
+            throw new ServiceException("当前用户非管理员账号，无权限操作!", HttpStatus.ERROR);
+        }
        // 判断状态是否合法
        AdOnlineStatus.of(changeStatusDTO.getStatus());
        Advert advert = Optional.ofNullable(this.advertMapper.selectOne(new LambdaQueryWrapper<Advert>()