diff --git a/luoo_music/src/main/java/com/luoo/music/controller/AlbumController.java b/luoo_music/src/main/java/com/luoo/music/controller/AlbumController.java index 935ba32..7c3f1e8 100644 --- a/luoo_music/src/main/java/com/luoo/music/controller/AlbumController.java +++ b/luoo_music/src/main/java/com/luoo/music/controller/AlbumController.java @@ -69,7 +69,7 @@ public class AlbumController { @RequestMapping(value = "/delete", method = RequestMethod.POST) public Result delete(@ApiParam(value = "Header中的token信息", required = true) @RequestHeader("Authorization") String token, @ApiParam(value = "专辑id", required = true) String id) { - albumService.deleteAlbum(id); + albumService.deleteAlbum(token, id); return Result.success(); } @@ -77,7 +77,7 @@ public class AlbumController { @RequestMapping(value = "/delete/song", method = RequestMethod.POST) public Result deleteAlbumSong(@ApiParam(value = "Header中的token信息", required = true) @RequestHeader("Authorization") String token, @ApiParam(value = "专辑歌曲绑定的id", required = true) String id) { - albumService.deleteAlbumSong(id); + albumService.deleteAlbumSong(token, id); return Result.success(); } diff --git a/luoo_music/src/main/java/com/luoo/music/service/AlbumService.java b/luoo_music/src/main/java/com/luoo/music/service/AlbumService.java index cd9d308..fedeaad 100644 --- a/luoo_music/src/main/java/com/luoo/music/service/AlbumService.java +++ b/luoo_music/src/main/java/com/luoo/music/service/AlbumService.java @@ -222,6 +222,9 @@ public class AlbumService { UserLoginDto user = jwtUtil.getUserLoginDto(token); if (user != null) { + if (ObjectUtils.notEqual(user.getUserId(), artistAlbum.getCreateUser())) { + throw new RuntimeException("只允许本人操作!"); + } artistAlbum.setUpdateUser(user.getUserId()); } else { throw new RuntimeException("用户校验失败,请重新登录"); @@ -236,8 +239,10 @@ public class AlbumService { * @param id 专辑id */ @Transactional(rollbackFor = Exception.class) - public void deleteAlbum(String id) { - ArtistAlbum artistAlbum = artistAlbumDao.findById(id).get(); + public void deleteAlbum(String token, String id) { + + ArtistAlbum artistAlbum = checkAlbum(token, id); + artistAlbumDao.delete(artistAlbum); artistAlbumSongDao.deleteByAlbumId(id); @@ -249,14 +254,39 @@ public class AlbumService { * @param id 专辑-歌曲绑定关系的id */ @Transactional(rollbackFor = Exception.class) - public void deleteAlbumSong(String id) { + public void deleteAlbumSong(String token, String id) { + ArtistAlbumSong artistAlbumSong = artistAlbumSongDao.findById(id).get(); if (artistAlbumSong.getId() == null) { throw new RuntimeException("该专辑不存在此歌曲"); } + + checkAlbum(token, artistAlbumSong.getAlbumId()); + artistAlbumSongDao.delete(artistAlbumSong); } + /** + * 校验是否本人操作,专辑只有上传的人才能删除/更新 + * + * @param token token + * @param id 专辑id + * @return 如果是本人操作,返回该专辑对象 + */ + private ArtistAlbum checkAlbum(String token, String id) { + ArtistAlbum artistAlbum = artistAlbumDao.findById(id).get(); + + UserLoginDto user = jwtUtil.getUserLoginDto(token); + if (user != null) { + if (ObjectUtils.notEqual(user.getUserId(), artistAlbum.getCreateUser())) { + throw new RuntimeException("只允许本人操作!"); + } + } else { + throw new RuntimeException("用户校验失败,请重新登录"); + } + return artistAlbum; + } + /** * 后期编辑时为专辑新增一首歌 * @@ -267,7 +297,7 @@ public class AlbumService { @Transactional(rollbackFor = Exception.class) public void addNewSong(String token, String id, AlbumSongAddDTO albumSongAddDTO) { UserLoginDto user = jwtUtil.getUserLoginDto(token); - ArtistAlbum artistAlbum = artistAlbumDao.findById(id).get(); + ArtistAlbum artistAlbum = checkAlbum(token, id); addSongForAlbum(albumSongAddDTO, user, artistAlbum); }