From e94f1684e8f76c0be84e29d28384b81f962b101a Mon Sep 17 00:00:00 2001
From: XinYi Song <2037158277@qq.com>
Date: Thu, 23 Dec 2021 15:27:49 +0800
Subject: [PATCH] =?UTF-8?q?1=E3=80=81=E4=BF=AE=E6=94=B9=E4=BA=86=E5=90=84?=
 =?UTF-8?q?=E7=BA=A7=E6=9F=A5=E7=9C=8B=E8=A6=81=E5=AE=A1=E6=A0=B8=E5=95=86?=
 =?UTF-8?q?=E5=93=81=E4=BF=A1=E6=81=AF=E7=9A=84=E5=8A=9F=E8=83=BD=E6=A8=A1?=
 =?UTF-8?q?=E5=9D=97=EF=BC=8C=E6=B7=BB=E5=8A=A0=E4=BA=86=E7=9B=B8=E5=85=B3?=
 =?UTF-8?q?=E7=9A=84=E6=9D=83=E9=99=90=E9=85=8D=E7=BD=AE=E4=BF=A1=E6=81=AF?=
 =?UTF-8?q?=202=E3=80=81=E4=BF=AE=E6=94=B9=E4=BA=86=E5=90=84=E7=BA=A7?=
 =?UTF-8?q?=E8=BF=9B=E8=A1=8C=E5=AE=A1=E6=A0=B8=E7=9A=84=E6=93=8D=E4=BD=9C?=
 =?UTF-8?q?=E7=9A=84=E5=8A=9F=E8=83=BD=E6=A8=A1=E5=9D=97=EF=BC=8C=E6=B7=BB?=
 =?UTF-8?q?=E5=8A=A0=E4=BA=86=E7=9B=B8=E5=85=B3=E7=9A=84=E6=9D=83=E9=99=90?=
 =?UTF-8?q?=E9=85=8D=E7=BD=AE=E4=BF=A1=E6=81=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/main/java/com/xkrs/controller/ProductController.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/xkrs/controller/ProductController.java b/src/main/java/com/xkrs/controller/ProductController.java
index b516850..4fd3b00 100644
--- a/src/main/java/com/xkrs/controller/ProductController.java
+++ b/src/main/java/com/xkrs/controller/ProductController.java
@@ -8,6 +8,7 @@ import com.xkrs.model.entity.SysUserEntity;
 import com.xkrs.model.qo.ProductQo;
 import com.xkrs.service.ProductService;
 import org.springframework.context.i18n.LocaleContextHolder;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -83,6 +84,7 @@ public class ProductController {
      * @return
      */
     @PostMapping("/selectProductReviewType")
+    @PreAuthorize("hasAnyAuthority('auth_administor','auth_city','auth_county')")
     public String selectProductReviewType(@RequestBody Map map, @RequestHeader(value="Authorization") String token){
         Locale locale = LocaleContextHolder.getLocale();
         String productCity = (String) map.get("productCity");
@@ -103,7 +105,8 @@ public class ProductController {
      * @return
      */
     @PostMapping("/updateReviewType")
-    public String updateReviewType(@RequestBody Map map){
+    @PreAuthorize("hasAnyAuthority('auth_administor','auth_city','auth_county')")
+    public String updateReviewType(@RequestBody Map map,@RequestHeader(value="Authorization") String token){
         Integer productId = (Integer) map.get("productId");
         String reviewType = (String) map.get("reviewType");
         return productService.updateReviewType(productId,reviewType);