report_update
Change-Id: Ic98394db54f5aa263ec07b75d1ccca9f1d6f6cd0
diff --git a/src/main/java/com/example/g8backend/controller/AdminController.java b/src/main/java/com/example/g8backend/controller/AdminController.java
index 89208c6..64a0f01 100644
--- a/src/main/java/com/example/g8backend/controller/AdminController.java
+++ b/src/main/java/com/example/g8backend/controller/AdminController.java
@@ -1,23 +1,46 @@
package com.example.g8backend.controller;
+import com.example.g8backend.dto.ApiResponse;
+import com.example.g8backend.entity.Report;
import com.example.g8backend.service.AdminService;
+import com.example.g8backend.service.IReportService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
@RestController
@RequestMapping("/admin")
public class AdminController {
@Autowired
private AdminService adminService;
-
+ private IReportService reportService;
@PostMapping("/grant-vip/{userId}")
@PreAuthorize("hasRole('ADMIN')") // 仅允许管理员访问
public String grantVip(@PathVariable Long userId) {
boolean success = adminService.grantVip(userId);
return success ? "VIP授予成功" : "操作失败(用户不存在)";
}
+ // 获取举报记录(支持按状态过滤)
+ @GetMapping("/reports")
+ @PreAuthorize("hasRole('ADMIN')")
+ public ApiResponse<List<Report>> getReports(
+ @RequestParam(required = false) String status) {
+ // 从安全上下文自动获取管理员ID
+ Long adminId = (Long) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
+ return ApiResponse.success(reportService.getReports(status, adminId));
+ }
+ // 处理举报
+ @PutMapping("/reports/{reportId}")
+ @PreAuthorize("hasRole('ADMIN')")
+ public ApiResponse<String> resolveReport(
+ @PathVariable Long reportId,
+ @RequestParam String status,
+ @RequestParam(required = false) String notes) {
+ reportService.resolveReport(reportId, null, status, notes); // adminId在服务层自动获取
+ return ApiResponse.success("举报处理完成");
+ }
+
}
\ No newline at end of file
diff --git a/src/main/java/com/example/g8backend/controller/PostController.java b/src/main/java/com/example/g8backend/controller/PostController.java
index 1e0adf4..6800666 100644
--- a/src/main/java/com/example/g8backend/controller/PostController.java
+++ b/src/main/java/com/example/g8backend/controller/PostController.java
@@ -209,28 +209,4 @@
}
}
-
- @GetMapping("/reports")
- public ResponseEntity<ApiResponse<List<Report>>> getReports(
- @RequestParam(required = false) String status) {
- List<Report> reports = reportService.getReports(status);
- return ResponseEntity.ok(ApiResponse.success(reports));
- }
-
- @PutMapping("/report/{reportId}")
- public ResponseEntity<ApiResponse<String>> resolveReport(
- @PathVariable Long reportId,
- @RequestParam Long adminId, // 实际部署时可从 token 解析或改为登录信息中获取
- @RequestParam String status,
- @RequestParam(required = false) String notes) {
- try {
- reportService.resolveReport(reportId, adminId, status, notes);
- return ResponseEntity.ok(ApiResponse.message("举报处理完成"));
- } catch (IllegalArgumentException e) {
- return ResponseEntity.badRequest().body(ApiResponse.error(400, e.getMessage()));
- }
- }
-
-
-
}
diff --git a/src/main/java/com/example/g8backend/service/IReportService.java b/src/main/java/com/example/g8backend/service/IReportService.java
index c1cf775..5c67fa8 100644
--- a/src/main/java/com/example/g8backend/service/IReportService.java
+++ b/src/main/java/com/example/g8backend/service/IReportService.java
@@ -11,5 +11,5 @@
boolean resolveReport(Long reportId, Long adminUserId, String status, String notes);
// 获取举报列表(按状态过滤)
- List<Report> getReports(String status);
+ List<Report> getReports(String status,Long requesterUserId);
}
\ No newline at end of file
diff --git a/src/main/java/com/example/g8backend/service/impl/ReportServiceImpl.java b/src/main/java/com/example/g8backend/service/impl/ReportServiceImpl.java
index f27de25..a4d5c1a 100644
--- a/src/main/java/com/example/g8backend/service/impl/ReportServiceImpl.java
+++ b/src/main/java/com/example/g8backend/service/impl/ReportServiceImpl.java
@@ -2,9 +2,12 @@
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.example.g8backend.entity.Report;
+import com.example.g8backend.entity.User;
import com.example.g8backend.mapper.ReportMapper;
+import com.example.g8backend.mapper.UserMapper;
import com.example.g8backend.service.IReportService;
import lombok.RequiredArgsConstructor;
+import org.springframework.security.access.AccessDeniedException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.time.LocalDateTime;
@@ -14,6 +17,7 @@
@RequiredArgsConstructor
public class ReportServiceImpl implements IReportService {
private final ReportMapper reportMapper;
+ private final UserMapper userMapper; // 新增 UserMapper 用于获取用户角色
@Override
@Transactional
@@ -42,6 +46,11 @@
@Override
@Transactional
public boolean resolveReport(Long reportId, Long adminUserId, String status, String notes) {
+ User adminUser = userMapper.selectById(adminUserId);
+ if (adminUser == null || !"ADMIN".equals(adminUser.getRole())) {
+ throw new AccessDeniedException("无权执行此操作:非管理员用户");
+ }
+
Report report = reportMapper.selectById(reportId);
if (report == null) {
throw new IllegalArgumentException("举报记录不存在");
@@ -54,11 +63,13 @@
}
@Override
- public List<Report> getReports(String status) {
+ public List<Report> getReports(String status, Long requesterUserId) {
+ User requester = userMapper.selectById(requesterUserId);
+ if (requester == null || !"ADMIN".equals(requester.getRole())) {
+ throw new AccessDeniedException("无权查看举报记录:非管理员用户");
+ }
return reportMapper.selectList(
new QueryWrapper<Report>().eq("status", status)
);
}
-
-
}
\ No newline at end of file