From ad1f4f786436a8a7d9d9b4e0f2df243c1768581d Mon Sep 17 00:00:00 2001
From: Pu Zhibing <393733352@qq.com>
Date: 星期五, 13 十二月 2024 09:24:26 +0800
Subject: [PATCH] Merge remote-tracking branch 'origin/master'

---
 ruoyi-service/ruoyi-order/src/main/java/com/ruoyi/order/controller/TOrderAppealController.java |   46 ++++++++++++++++++++++++++++++++++++++++++++--
 1 files changed, 44 insertions(+), 2 deletions(-)

diff --git a/ruoyi-service/ruoyi-order/src/main/java/com/ruoyi/order/controller/TOrderAppealController.java b/ruoyi-service/ruoyi-order/src/main/java/com/ruoyi/order/controller/TOrderAppealController.java
index 0322582..fab72cd 100644
--- a/ruoyi-service/ruoyi-order/src/main/java/com/ruoyi/order/controller/TOrderAppealController.java
+++ b/ruoyi-service/ruoyi-order/src/main/java/com/ruoyi/order/controller/TOrderAppealController.java
@@ -1,13 +1,18 @@
 package com.ruoyi.order.controller;
 
 
+import com.baomidou.mybatisplus.extension.conditions.query.LambdaQueryChainWrapper;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.ruoyi.account.api.feignClient.AppUserClient;
 import com.ruoyi.account.api.model.TAppUser;
+import com.ruoyi.chargingPile.api.domain.SiteMenu;
+import com.ruoyi.chargingPile.api.feignClient.PartnerClient;
 import com.ruoyi.common.core.domain.R;
 import com.ruoyi.common.core.web.domain.AjaxResult;
 import com.ruoyi.common.core.web.domain.BasePojo;
 import com.ruoyi.common.core.web.page.PageInfo;
+import com.ruoyi.common.security.annotation.Logical;
+import com.ruoyi.common.security.annotation.RequiresPermissions;
 import com.ruoyi.common.security.service.TokenService;
 import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.order.api.model.*;
@@ -16,13 +21,22 @@
 import com.ruoyi.order.dto.ManageFeedbackDto;
 import com.ruoyi.order.dto.ManageOrderAppealQuery;
 import com.ruoyi.order.service.*;
+import com.ruoyi.other.api.feignClient.RoleSiteClient;
+import com.ruoyi.other.api.feignClient.UserSiteClient;
+import com.ruoyi.system.api.domain.SysUser;
+import com.ruoyi.system.api.feignClient.SysUserClient;
+import com.ruoyi.system.api.feignClient.SysUserRoleClient;
+import com.ruoyi.system.api.model.SysUserRoleVo;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
+import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.List;
+import java.util.Set;
 
 /**
  * <p>
@@ -49,6 +63,21 @@
 
     @Resource
     private TVipOrderService vipOrderService;
+    
+    @Resource
+    private SysUserClient sysUserClient;
+    
+    @Resource
+    private PartnerClient partnerService;
+    
+    @Resource
+    private UserSiteClient userSiteClient;
+    
+    @Resource
+    private RoleSiteClient roleSiteClient;
+    
+    @Resource
+    private SysUserRoleClient sysUserRoleClient;
 
 
     @Autowired
@@ -56,10 +85,12 @@
         this.orderAppealService = orderAppealService;
         this.tokenService = tokenService;
     }
+    
+    
+    @RequiresPermissions(value = {"/appealOrder"}, logical = Logical.OR)
     @ApiOperation(tags = {"后台-订单管理-订单申诉"},value = "列表")
     @PostMapping(value = "/manage/pageList")
     public R<Page<TOrderAppeal>> managePageList(@RequestBody ManageOrderAppealQuery manageOrderAppealQuery) {
-
         Page<TOrderAppeal> page = orderAppealService.lambdaQuery().eq(manageOrderAppealQuery.getStatus() != null, TOrderAppeal::getStatus, manageOrderAppealQuery.getStatus())
                 .like(manageOrderAppealQuery.getCode() != null, TOrderAppeal::getCode, manageOrderAppealQuery.getCode())
                 .like(manageOrderAppealQuery.getPhone() != null, TOrderAppeal::getPhone, manageOrderAppealQuery.getPhone())
@@ -75,13 +106,19 @@
 
 
     }
+    
+    
+    @RequiresPermissions(value = {"/appealOrder/del"}, logical = Logical.OR)
     @ApiOperation(tags = {"后台-订单管理-订单申诉"},value = "删除")
     @DeleteMapping (value = "/manage/delete")
     public R<Page<TOrderAppeal>> delete(String ids) {
         orderAppealService.removeBatchByIds(Arrays.asList(ids.split(",")));
         return R.ok();
     }
-
+    
+    
+    
+    @RequiresPermissions(value = {"/appealOrder/select", "/appealOrder/handle"}, logical = Logical.OR)
     @ApiOperation(tags = {"后台-订单管理-订单申诉"},value = "后台-订单管理-订单申诉")
     @PostMapping(value = "/manage/feedback")
     public R manageFeedback(@RequestBody ManageFeedbackDto manageFeedbackDto) {
@@ -109,6 +146,11 @@
     @GetMapping(value = "/getDetailById")
     @ApiOperation(tags = {"小程序-订单申诉"},value = "查询订单申诉详情")
     public AjaxResult<TOrderAppealVO> getDetailById(String id) {
+        TOrderAppeal orderAppeal = orderAppealService.getById(id);
+        Long userId = tokenService.getLoginUserApplet().getUserId();
+        if(!orderAppeal.getAppUserId().equals(userId)){
+            return AjaxResult.error("权限不足");
+        }
         return AjaxResult.ok(orderAppealService.getDetailById(id));
     }
     

--
Gitblit v1.7.1