diff --git a/src/main/java/com/xkrs/controller/ProductController.java b/src/main/java/com/xkrs/controller/ProductController.java
index 4fd3b00..b1aae88 100644
--- a/src/main/java/com/xkrs/controller/ProductController.java
+++ b/src/main/java/com/xkrs/controller/ProductController.java
@@ -119,7 +119,8 @@ public class ProductController {
      */
     @Transactional(rollbackFor=Exception.class)
     @PostMapping("/updateOffShelf")
-    public String updateOffShelf(@RequestBody Map map){
+    @PreAuthorize("hasAnyAuthority('auth_affiliate_merchant','auth_city','auth_county')")
+    public String updateOffShelf(@RequestBody Map map,@RequestHeader(value="Authorization") String token){
         Locale locale = LocaleContextHolder.getLocale();
         Integer productId = (Integer) map.get("productId");
         productDao.updateShelfTypeById(productId,"2");