diff --git a/src/main/java/com/xkrs/controller/ProductController.java b/src/main/java/com/xkrs/controller/ProductController.java
index b516850..4fd3b00 100644
--- a/src/main/java/com/xkrs/controller/ProductController.java
+++ b/src/main/java/com/xkrs/controller/ProductController.java
@@ -8,6 +8,7 @@ import com.xkrs.model.entity.SysUserEntity;
 import com.xkrs.model.qo.ProductQo;
 import com.xkrs.service.ProductService;
 import org.springframework.context.i18n.LocaleContextHolder;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -83,6 +84,7 @@ public class ProductController {
      * @return
      */
     @PostMapping("/selectProductReviewType")
+    @PreAuthorize("hasAnyAuthority('auth_administor','auth_city','auth_county')")
     public String selectProductReviewType(@RequestBody Map map, @RequestHeader(value="Authorization") String token){
         Locale locale = LocaleContextHolder.getLocale();
         String productCity = (String) map.get("productCity");
@@ -103,7 +105,8 @@ public class ProductController {
      * @return
      */
     @PostMapping("/updateReviewType")
-    public String updateReviewType(@RequestBody Map map){
+    @PreAuthorize("hasAnyAuthority('auth_administor','auth_city','auth_county')")
+    public String updateReviewType(@RequestBody Map map,@RequestHeader(value="Authorization") String token){
         Integer productId = (Integer) map.get("productId");
         String reviewType = (String) map.get("reviewType");
         return productService.updateReviewType(productId,reviewType);