fixed 平台方操作权限限制

fuint-application/src/main/java/com/fuint/module/backendApi/controller/BackendBannerController.java

@@ -183,21 +183,22 @@ public class BackendBannerController extends BaseController {
             return getFailureResult(1001, "请先登录");
         }
 
-        BannerDto info = new BannerDto();
-        info.setTitle(title);
-        info.setDescription(description);
-        info.setImage(image);
-        info.setUrl(url);
-        info.setOperator(accountInfo.getAccountName());
-        info.setStatus(status);
-        info.setStoreId(Integer.parseInt(storeId));
-        info.setSort(Integer.parseInt(sort));
-        info.setMerchantId(accountInfo.getMerchantId());
+        BannerDto bannerDto = new BannerDto();
+        bannerDto.setTitle(title);
+        bannerDto.setDescription(description);
+        bannerDto.setImage(image);
+        bannerDto.setUrl(url);
+        bannerDto.setOperator(accountInfo.getAccountName());
+        bannerDto.setStatus(status);
+        bannerDto.setStoreId(Integer.parseInt(storeId));
+        bannerDto.setSort(Integer.parseInt(sort));
+        bannerDto.setMerchantId(accountInfo.getMerchantId());
+
         if (StringUtil.isNotEmpty(id)) {
-            info.setId(Integer.parseInt(id));
-            bannerService.updateBanner(info);
+            bannerDto.setId(Integer.parseInt(id));
+            bannerService.updateBanner(bannerDto);
         } else {
-            bannerService.addBanner(info);
+            bannerService.addBanner(bannerDto);
         }
 
         return getSuccessResult(true);

fuint-application/src/main/java/com/fuint/module/backendApi/controller/BackendMemberGroupController.java

@@ -116,6 +116,11 @@ public class BackendMemberGroupController extends BaseController {
         if (accountInfo == null) {
             return getFailureResult(1001, "请先登录");
         }
+
+        if (accountInfo.getMerchantId() == null || accountInfo.getMerchantId() <= 0) {
+            return getFailureResult(201, "平台方帐号无法执行该操作，请使用商户帐号操作");
+        }
+
         memberGroupDto.setMerchantId(accountInfo.getMerchantId());
         memberGroupDto.setStoreId(accountInfo.getStoreId());
         memberGroupDto.setOperator(accountInfo.getAccountName());

fuint-application/src/main/java/com/fuint/module/backendApi/controller/BackendStaffController.java

@@ -163,6 +163,10 @@ public class BackendStaffController extends BaseController {
             return getFailureResult(1001, "请先登录");
         }
 
+        if (accountInfo.getMerchantId() == null || accountInfo.getMerchantId() <= 0) {
+            return getFailureResult(201, "平台方帐号无法执行该操作，请使用商户帐号操作");
+        }
+
         MtStaff mtStaff = new MtStaff();
         if (StringUtil.isNotEmpty(id)) {
             mtStaff = staffService.queryStaffById(Integer.parseInt(id));

fuint-application/src/main/java/com/fuint/module/backendApi/controller/BackendUserGradeController.java

@@ -164,8 +164,13 @@ public class BackendUserGradeController extends BaseController {
         }
 
         String operator = accountInfo.getAccountName();
-        userGradeService.deleteUserGrade(id, operator);
 
+        MtUserGrade mtUserGrade = userGradeService.queryUserGradeById(0, id, 0);
+        if (mtUserGrade == null || !mtUserGrade.getMerchantId().equals(accountInfo.getMerchantId())) {
+            return getFailureResult(201, "您没有删除权限");
+        }
+
+        userGradeService.deleteUserGrade(id, operator);
         return getSuccessResult(true);
     }
 
@@ -198,6 +203,10 @@ public class BackendUserGradeController extends BaseController {
         String status = param.get("status") == null ? StatusEnum.ENABLED.getKey() : CommonUtil.replaceXSS(param.get("status").toString());
         String id = param.get("id") == null ? "" : param.get("id").toString();
 
+        if (accountInfo.getMerchantId() == null || accountInfo.getMerchantId() <= 0) {
+            return getFailureResult(201, "平台方帐号无法执行该操作，请使用商户帐号操作");
+        }
+
         if (StringUtil.isEmpty(grade) || StringUtil.isEmpty(name)) {
             return getFailureResult(201, "参数有误");
         }