From 4d7a208f388e42e7dd83dab0e38eadfa0847de1c Mon Sep 17 00:00:00 2001
From: 无关风月 <443237572@qq.com>
Date: 星期三, 11 十二月 2024 19:24:10 +0800
Subject: [PATCH] Merge branch 'master' of http://120.76.84.145:10101/gitblit/r/java/mx_charging_pile

---
 ruoyi-service/ruoyi-order/src/main/java/com/ruoyi/order/controller/TOrderAppealController.java |   18 +++++++++++++++++-
 1 files changed, 17 insertions(+), 1 deletions(-)

diff --git a/ruoyi-service/ruoyi-order/src/main/java/com/ruoyi/order/controller/TOrderAppealController.java b/ruoyi-service/ruoyi-order/src/main/java/com/ruoyi/order/controller/TOrderAppealController.java
index 0322582..a11a855 100644
--- a/ruoyi-service/ruoyi-order/src/main/java/com/ruoyi/order/controller/TOrderAppealController.java
+++ b/ruoyi-service/ruoyi-order/src/main/java/com/ruoyi/order/controller/TOrderAppealController.java
@@ -8,6 +8,8 @@
 import com.ruoyi.common.core.web.domain.AjaxResult;
 import com.ruoyi.common.core.web.domain.BasePojo;
 import com.ruoyi.common.core.web.page.PageInfo;
+import com.ruoyi.common.security.annotation.Logical;
+import com.ruoyi.common.security.annotation.RequiresPermissions;
 import com.ruoyi.common.security.service.TokenService;
 import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.order.api.model.*;
@@ -56,6 +58,9 @@
         this.orderAppealService = orderAppealService;
         this.tokenService = tokenService;
     }
+    
+    
+    @RequiresPermissions(value = {"/appealOrder"}, logical = Logical.OR)
     @ApiOperation(tags = {"后台-订单管理-订单申诉"},value = "列表")
     @PostMapping(value = "/manage/pageList")
     public R<Page<TOrderAppeal>> managePageList(@RequestBody ManageOrderAppealQuery manageOrderAppealQuery) {
@@ -75,13 +80,19 @@
 
 
     }
+    
+    
+    @RequiresPermissions(value = {"/appealOrder/del"}, logical = Logical.OR)
     @ApiOperation(tags = {"后台-订单管理-订单申诉"},value = "删除")
     @DeleteMapping (value = "/manage/delete")
     public R<Page<TOrderAppeal>> delete(String ids) {
         orderAppealService.removeBatchByIds(Arrays.asList(ids.split(",")));
         return R.ok();
     }
-
+    
+    
+    
+    @RequiresPermissions(value = {"/appealOrder/select", "/appealOrder/handle"}, logical = Logical.OR)
     @ApiOperation(tags = {"后台-订单管理-订单申诉"},value = "后台-订单管理-订单申诉")
     @PostMapping(value = "/manage/feedback")
     public R manageFeedback(@RequestBody ManageFeedbackDto manageFeedbackDto) {
@@ -109,6 +120,11 @@
     @GetMapping(value = "/getDetailById")
     @ApiOperation(tags = {"小程序-订单申诉"},value = "查询订单申诉详情")
     public AjaxResult<TOrderAppealVO> getDetailById(String id) {
+        TOrderAppeal orderAppeal = orderAppealService.getById(id);
+        Long userId = tokenService.getLoginUserApplet().getUserId();
+        if(!orderAppeal.getAppUserId().equals(userId)){
+            return AjaxResult.error("权限不足");
+        }
         return AjaxResult.ok(orderAppealService.getDetailById(id));
     }
     

--
Gitblit v1.7.1