feat: 商品维护接口仅管理员可操作

2026-03-24 00:55:43 +00:00
parent 3d84686fcf
commit 8c1b5d8be3
1 changed files with 36 additions and 12 deletions
--- a/src/main/java/com/example/building/controller/ProductController.java
+++ b/src/main/java/com/example/building/controller/ProductController.java
@@ -31,26 +31,38 @@ public class ProductController {
    }

    /**
-     * 新增分类
+     * 新增分类（仅管理员）
     */
    @PostMapping("/categories")
-    public Result<Category> createCategory(@RequestBody Category category) {
+    public Result<Category> createCategory(@RequestBody Category category,
+                                          @RequestHeader(value = "X-User-Role", required = false) String role) {
+        if (!"admin".equals(role)) {
+            return Result.error("只有管理员可以操作");
+        }
        return Result.success(productService.createCategory(category));
    }

    /**
-     * 修改分类
+     * 修改分类（仅管理员）
     */
    @PutMapping("/categories/{id}")
-    public Result<Category> updateCategory(@PathVariable String id, @RequestBody Category category) {
+    public Result<Category> updateCategory(@PathVariable String id, @RequestBody Category category,
+                                          @RequestHeader(value = "X-User-Role", required = false) String role) {
+        if (!"admin".equals(role)) {
+            return Result.error("只有管理员可以操作");
+        }
        return Result.success(productService.updateCategory(id, category));
    }

    /**
-     * 删除分类
+     * 删除分类（仅管理员）
     */
    @DeleteMapping("/categories/{id}")
-    public Result<Void> deleteCategory(@PathVariable String id) {
+    public Result<Void> deleteCategory(@PathVariable String id,
+                                       @RequestHeader(value = "X-User-Role", required = false) String role) {
+        if (!"admin".equals(role)) {
+            return Result.error("只有管理员可以操作");
+        }
        productService.deleteCategory(id);
        return Result.success();
    }
@@ -76,26 +88,38 @@ public class ProductController {
    }

    /**
-     * 新增商品
+     * 新增商品（仅管理员）
     */
    @PostMapping
-    public Result<Product> createProduct(@RequestBody Product product) {
+    public Result<Product> createProduct(@RequestBody Product product,
+                                         @RequestHeader(value = "X-User-Role", required = false) String role) {
+        if (!"admin".equals(role)) {
+            return Result.error("只有管理员可以操作");
+        }
        return Result.success(productService.createProduct(product));
    }

    /**
-     * 修改商品
+     * 修改商品（仅管理员）
     */
    @PutMapping("/{id}")
-    public Result<Product> updateProduct(@PathVariable String id, @RequestBody Product product) {
+    public Result<Product> updateProduct(@PathVariable String id, @RequestBody Product product,
+                                         @RequestHeader(value = "X-User-Role", required = false) String role) {
+        if (!"admin".equals(role)) {
+            return Result.error("只有管理员可以操作");
+        }
        return Result.success(productService.updateProduct(id, product));
    }

    /**
-     * 删除商品
+     * 删除商品（仅管理员）
     */
    @DeleteMapping("/{id}")
-    public Result<Void> deleteProduct(@PathVariable String id) {
+    public Result<Void> deleteProduct(@PathVariable String id,
+                                      @RequestHeader(value = "X-User-Role", required = false) String role) {
+        if (!"admin".equals(role)) {
+            return Result.error("只有管理员可以操作");
+        }
        productService.deleteProduct(id);
        return Result.success();
    }