release-只有本人可以删除/修改专辑内容

luoo_music/src/main/java/com/luoo/music/controller/AlbumController.java

@@ -69,7 +69,7 @@ public class AlbumController {
     @RequestMapping(value = "/delete", method = RequestMethod.POST)
     public Result<Void> delete(@ApiParam(value = "Header中的token信息", required = true) @RequestHeader("Authorization") String token,
                                @ApiParam(value = "专辑id", required = true) String id) {
-        albumService.deleteAlbum(id);
+        albumService.deleteAlbum(token, id);
         return Result.success();
     }
 
@@ -77,7 +77,7 @@ public class AlbumController {
     @RequestMapping(value = "/delete/song", method = RequestMethod.POST)
     public Result<Void> deleteAlbumSong(@ApiParam(value = "Header中的token信息", required = true) @RequestHeader("Authorization") String token,
                                         @ApiParam(value = "专辑歌曲绑定的id", required = true) String id) {
-        albumService.deleteAlbumSong(id);
+        albumService.deleteAlbumSong(token, id);
         return Result.success();
     }
 

luoo_music/src/main/java/com/luoo/music/service/AlbumService.java

@@ -222,6 +222,9 @@ public class AlbumService {
 
         UserLoginDto user = jwtUtil.getUserLoginDto(token);
         if (user != null) {
+            if (ObjectUtils.notEqual(user.getUserId(), artistAlbum.getCreateUser())) {
+                throw new RuntimeException("只允许本人操作！");
+            }
             artistAlbum.setUpdateUser(user.getUserId());
         } else {
             throw new RuntimeException("用户校验失败，请重新登录");
@@ -236,8 +239,10 @@ public class AlbumService {
      * @param id 专辑id
      */
     @Transactional(rollbackFor = Exception.class)
-    public void deleteAlbum(String id) {
+    public void deleteAlbum(String token, String id) {
-        ArtistAlbum artistAlbum = artistAlbumDao.findById(id).get();
+
+        ArtistAlbum artistAlbum = checkAlbum(token, id);
+
         artistAlbumDao.delete(artistAlbum);
 
         artistAlbumSongDao.deleteByAlbumId(id);
@@ -249,14 +254,39 @@ public class AlbumService {
      * @param id 专辑-歌曲绑定关系的id
      */
     @Transactional(rollbackFor = Exception.class)
-    public void deleteAlbumSong(String id) {
+    public void deleteAlbumSong(String token, String id) {
+
         ArtistAlbumSong artistAlbumSong = artistAlbumSongDao.findById(id).get();
         if (artistAlbumSong.getId() == null) {
             throw new RuntimeException("该专辑不存在此歌曲");
         }
+
+        checkAlbum(token, artistAlbumSong.getAlbumId());
+
         artistAlbumSongDao.delete(artistAlbumSong);
     }
 
+    /**
+     * 校验是否本人操作，专辑只有上传的人才能删除/更新
+     *
+     * @param token token
+     * @param id    专辑id
+     * @return      如果是本人操作，返回该专辑对象
+     */
+    private ArtistAlbum checkAlbum(String token, String id) {
+        ArtistAlbum artistAlbum = artistAlbumDao.findById(id).get();
+
+        UserLoginDto user = jwtUtil.getUserLoginDto(token);
+        if (user != null) {
+            if (ObjectUtils.notEqual(user.getUserId(), artistAlbum.getCreateUser())) {
+                throw new RuntimeException("只允许本人操作！");
+            }
+        } else {
+            throw new RuntimeException("用户校验失败，请重新登录");
+        }
+        return artistAlbum;
+    }
+
     /**
      * 后期编辑时为专辑新增一首歌
      *
@@ -267,7 +297,7 @@ public class AlbumService {
     @Transactional(rollbackFor = Exception.class)
     public void addNewSong(String token, String id, AlbumSongAddDTO albumSongAddDTO) {
         UserLoginDto user = jwtUtil.getUserLoginDto(token);
-        ArtistAlbum artistAlbum = artistAlbumDao.findById(id).get();
+        ArtistAlbum artistAlbum = checkAlbum(token, id);
         addSongForAlbum(albumSongAddDTO, user, artistAlbum);
     }