From efedb86f7d687c1f0f3480d6ac9138d13e5701cd Mon Sep 17 00:00:00 2001
From: liujiang <569804566@qq.com>
Date: Mon, 24 Nov 2025 16:13:17 +0800
Subject: [PATCH] =?UTF-8?q?master=EF=BC=9A=E7=B3=BB=E7=BB=9F=E6=9D=83?=
 =?UTF-8?q?=E9=99=90=E8=B0=83=E6=95=B4=EF=BC=9B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../ruoyi/web/controller/xkt/AdvertController.java  | 10 +++++-----
 .../ruoyi/xkt/service/impl/AdvertServiceImpl.java   | 13 +++++++++++++
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/xkt/AdvertController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/xkt/AdvertController.java
index 7a37b72d7..d4d979174 100644
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/xkt/AdvertController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/xkt/AdvertController.java
@@ -32,7 +32,7 @@ public class AdvertController extends XktBaseController {
 
     final IAdvertService advertService;
 
-    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
+    @PreAuthorize("@ss.hasAnyRoles('admin')")
     @ApiOperation(value = "新增推广营销", httpMethod = "POST", response = R.class)
     @Log(title = "新增推广营销", businessType = BusinessType.INSERT)
     @PostMapping
@@ -40,21 +40,21 @@ public class AdvertController extends XktBaseController {
         return R.ok(advertService.create(BeanUtil.toBean(createVO, AdvertCreateDTO.class)));
     }
 
-    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
+    @PreAuthorize("@ss.hasAnyRoles('admin')")
     @ApiOperation(value = "获取推广营销详细信息", httpMethod = "GET", response = R.class)
     @GetMapping(value = "/{advertId}")
     public R<AdvertResVO> getInfo(@PathVariable("advertId") Long advertId) {
         return R.ok(BeanUtil.toBean(advertService.getInfo(advertId), AdvertResVO.class));
     }
 
-    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
+    @PreAuthorize("@ss.hasAnyRoles('admin')")
     @ApiOperation(value = "查询推广营销列表 ", httpMethod = "POST", response = R.class)
     @PostMapping("/page")
     public R<Page<AdvertResDTO>> page(@Validated @RequestBody AdvertPageVO pageVO) {
         return R.ok(advertService.page(BeanUtil.toBean(pageVO, AdvertPageDTO.class)));
     }
 
-    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
+    @PreAuthorize("@ss.hasAnyRoles('admin')")
     @ApiOperation(value = "修改推广营销信息", httpMethod = "PUT", response = R.class)
     @Log(title = "修改推广营销信息", businessType = BusinessType.UPDATE)
     @PutMapping
@@ -62,7 +62,7 @@ public class AdvertController extends XktBaseController {
         return R.ok(advertService.updateAdvert(BeanUtil.toBean(updateVO, AdvertUpdateDTO.class)));
     }
 
-    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
+    @PreAuthorize("@ss.hasAnyRoles('admin')")
     @ApiOperation(value = "上线/下线 营销推广", httpMethod = "PUT", response = R.class)
     @Log(title = "上线/下线 营销推广", businessType = BusinessType.UPDATE)
     @PutMapping("/change-status")
diff --git a/xkt/src/main/java/com/ruoyi/xkt/service/impl/AdvertServiceImpl.java b/xkt/src/main/java/com/ruoyi/xkt/service/impl/AdvertServiceImpl.java
index d3ab9e063..338d1c01d 100644
--- a/xkt/src/main/java/com/ruoyi/xkt/service/impl/AdvertServiceImpl.java
+++ b/xkt/src/main/java/com/ruoyi/xkt/service/impl/AdvertServiceImpl.java
@@ -9,6 +9,7 @@ import com.ruoyi.common.constant.HttpStatus;
 import com.ruoyi.common.core.page.Page;
 import com.ruoyi.common.enums.AdType;
 import com.ruoyi.common.exception.ServiceException;
+import com.ruoyi.common.utils.SecurityUtils;
 import com.ruoyi.xkt.domain.Advert;
 import com.ruoyi.xkt.domain.SysFile;
 import com.ruoyi.xkt.dto.advert.*;
@@ -52,6 +53,10 @@ public class AdvertServiceImpl implements IAdvertService {
     @Override
     @Transactional
     public Integer create(AdvertCreateDTO createDTO) {
+        // 用户是否为档口管理者或子账户
+        if (!SecurityUtils.isAdmin()) {
+            throw new ServiceException("当前用户非管理员账号，无权限操作!", HttpStatus.ERROR);
+        }
         Advert advert = BeanUtil.toBean(createDTO, Advert.class);
         advert.setBasicSymbol(random10Str());
         advert.setOnlineStatus(AdOnlineStatus.ONLINE.getValue());
@@ -136,6 +141,10 @@ public class AdvertServiceImpl implements IAdvertService {
     @Override
     @Transactional
     public Integer updateAdvert(AdvertUpdateDTO updateDTO) {
+        // 用户是否为档口管理者或子账户
+        if (!SecurityUtils.isAdmin()) {
+            throw new ServiceException("当前用户非管理员账号，无权限操作!", HttpStatus.ERROR);
+        }
         Advert advert = Optional.ofNullable(this.advertMapper.selectOne(new LambdaQueryWrapper<Advert>()
                         .eq(Advert::getId, updateDTO.getAdvertId()).eq(Advert::getDelFlag, Constants.UNDELETED)))
                 .orElseThrow(() -> new ServiceException("推广营销不存在!", HttpStatus.ERROR));
@@ -158,6 +167,10 @@ public class AdvertServiceImpl implements IAdvertService {
     @Override
     @Transactional
     public Integer changeAdvertStatus(AdvertChangeStatusDTO changeStatusDTO) {
+        // 用户是否为档口管理者或子账户
+        if (!SecurityUtils.isAdmin()) {
+            throw new ServiceException("当前用户非管理员账号，无权限操作!", HttpStatus.ERROR);
+        }
         // 判断状态是否合法
         AdOnlineStatus.of(changeStatusDTO.getStatus());
         Advert advert = Optional.ofNullable(this.advertMapper.selectOne(new LambdaQueryWrapper<Advert>()