expandAdminFunction
Change-Id: If3b875b3017d1922b15150dd735ca2ce5a3a77f0
diff --git a/src/main/java/com/example/g8backend/controller/AdminController.java b/src/main/java/com/example/g8backend/controller/AdminController.java
index 394e445..a4193cb 100644
--- a/src/main/java/com/example/g8backend/controller/AdminController.java
+++ b/src/main/java/com/example/g8backend/controller/AdminController.java
@@ -1,10 +1,13 @@
package com.example.g8backend.controller;
import com.example.g8backend.dto.ApiResponse;
+import com.example.g8backend.entity.Post;
import com.example.g8backend.entity.Report;
import com.example.g8backend.service.AdminService;
+import com.example.g8backend.service.IPostService;
import com.example.g8backend.service.IReportService;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
@@ -17,6 +20,8 @@
@Autowired
private AdminService adminService;
private IReportService reportService;
+ @Autowired
+ private IPostService postService;
@PostMapping("/grant-vip/{userId}")
@PreAuthorize("hasRole('ADMIN')") // 仅允许管理员访问
public String grantVip(@PathVariable Long userId) {
@@ -43,4 +48,68 @@
return ApiResponse.success("举报处理完成");
}
+
+ // 封禁用户
+ @PostMapping("/users/{userId}/ban")
+ @PreAuthorize("hasRole('ADMIN')")
+ public ApiResponse<String> banUser(
+ @PathVariable Long userId,
+ @RequestParam String reason) {
+ Long adminId = getCurrentAdminId();
+ boolean success = adminService.banUser(userId, reason, adminId);
+ return success ?
+ ApiResponse.success("用户封禁成功") :
+ ApiResponse.error(400, "操作失败");
+ }
+
+ // 解封用户
+ @PostMapping("/users/{userId}/unban")
+ @PreAuthorize("hasRole('ADMIN')")
+ public ApiResponse<String> unbanUser(@PathVariable Long userId) {
+ Long adminId = getCurrentAdminId();
+ boolean success = adminService.unbanUser(userId, adminId);
+ return success ?
+ ApiResponse.success("用户解封成功") :
+ ApiResponse.error(400, "操作失败");
+ }
+
+ // 锁定帖子
+ @PostMapping("/posts/{postId}/lock")
+ @PreAuthorize("hasRole('ADMIN')")
+ public ApiResponse<String> lockPost(
+ @PathVariable Long postId,
+ @RequestParam String reason) {
+ Long adminId = getCurrentAdminId();
+ boolean success = adminService.lockPost(postId, reason, adminId);
+ return success ?
+ ApiResponse.success("帖子已锁定") :
+ ApiResponse.error(400, "操作失败");
+ }
+
+ // 解锁帖子
+ @PostMapping("/posts/{postId}/unlock")
+ @PreAuthorize("hasRole('ADMIN')")
+ public ApiResponse<String> unlockPost(@PathVariable Long postId) {
+ Long adminId = getCurrentAdminId();
+ boolean success = adminService.unlockPost(postId, adminId);
+ return success ?
+ ApiResponse.success("帖子已解锁") :
+ ApiResponse.error(400, "操作失败");
+ }
+ @DeleteMapping("/{postId}")
+ public ResponseEntity<ApiResponse<String>> deletePost(@PathVariable Long postId) {
+ long userId = (long) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
+ Post post = postService.getById(postId);
+ if (post == null) {
+ return ResponseEntity.status(404).body(ApiResponse.error(404, "Post not found."));
+ }
+ postService.removeById(postId);
+ return ResponseEntity.ok(ApiResponse.message("Post deleted successfully."));
+ }
+
+ private Long getCurrentAdminId() {
+ return (Long) SecurityContextHolder.getContext()
+ .getAuthentication().getPrincipal();
+ }
+
}
\ No newline at end of file
diff --git a/src/main/java/com/example/g8backend/controller/AuthController.java b/src/main/java/com/example/g8backend/controller/AuthController.java
index 538d433..48376f2 100644
--- a/src/main/java/com/example/g8backend/controller/AuthController.java
+++ b/src/main/java/com/example/g8backend/controller/AuthController.java
@@ -94,6 +94,10 @@
return ApiResponse.error(400, "用户名或密码错误");
}
+ if (existingUser.getIsBanned()) {
+ return ApiResponse.error(403, "账号已被封禁,请联系管理员");
+ }
+
String token = jwtUtil.generateToken(existingUser.getUserId());
Map<String, String> response = new HashMap<>();
response.put("token", token);
diff --git a/src/main/java/com/example/g8backend/controller/PostController.java b/src/main/java/com/example/g8backend/controller/PostController.java
index 6800666..41be09a 100644
--- a/src/main/java/com/example/g8backend/controller/PostController.java
+++ b/src/main/java/com/example/g8backend/controller/PostController.java
@@ -51,26 +51,12 @@
@GetMapping("/{postId}")
public ResponseEntity<ApiResponse<Post>> getPost(@PathVariable Long postId) {
+ Post post = postService.getById(postId);
long userId = (long) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
postService.recordViewHistory(userId, postId);
- Post post = postService.getById(postId);
return ResponseEntity.ok(ApiResponse.success(post));
}
- @DeleteMapping("/{postId}")
- public ResponseEntity<ApiResponse<String>> deletePost(@PathVariable Long postId) {
- long userId = (long) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
- Post post = postService.getById(postId);
- if (post == null) {
- return ResponseEntity.status(404).body(ApiResponse.error(404, "Post not found."));
- }
- if (post.getUserId() != userId) {
- return ResponseEntity.status(403).body(ApiResponse.error(403, "You are not authorized to delete this post."));
- }
- postService.removeById(postId);
- return ResponseEntity.ok(ApiResponse.message("Post deleted successfully."));
- }
-
@GetMapping("/getAll")
public ResponseEntity<ApiResponse<List<Post>>> getAllPosts() {
return ResponseEntity.ok(ApiResponse.success(postService.list()));
@@ -209,4 +195,18 @@
}
}
+ @DeleteMapping("/{postId}")
+ public ResponseEntity<ApiResponse<String>> deletePost(@PathVariable Long postId) {
+ long userId = (long) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
+ Post post = postService.getById(postId);
+ if (post == null) {
+ return ResponseEntity.status(404).body(ApiResponse.error(404, "Post not found."));
+ }
+ if (post.getUserId() != userId) {
+ return ResponseEntity.status(403).body(ApiResponse.error(403, "You are not authorized to delete this post."));
+ }
+ postService.removeById(postId);
+ return ResponseEntity.ok(ApiResponse.message("Post deleted successfully."));
+ }
+
}