From 9d708ae20c35f9b28b7f17606363afb48d9c75ca Mon Sep 17 00:00:00 2001 From: Jerry Yan <792602257@qq.com> Date: Mon, 17 Nov 2025 01:02:31 +0800 Subject: [PATCH 1/2] =?UTF-8?q?fix(voucher):=20=E7=A7=BB=E9=99=A4=E4=BA=BA?= =?UTF-8?q?=E8=84=B8=E9=AA=8C=E8=AF=81=E4=B8=AD=E7=9A=84=E7=94=A8=E6=88=B7?= =?UTF-8?q?ID=E6=A3=80=E6=9F=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 删除了人脸验证中不必要的用户ID匹配检查 - 简化了自动领取凭证的逻辑流程 - 保留了景区ID的设置以确保业务连续性 --- .../com/ycwl/basic/controller/mobile/AppVoucherController.java | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/main/java/com/ycwl/basic/controller/mobile/AppVoucherController.java b/src/main/java/com/ycwl/basic/controller/mobile/AppVoucherController.java index 7fcd369c..7bfb53eb 100644 --- a/src/main/java/com/ycwl/basic/controller/mobile/AppVoucherController.java +++ b/src/main/java/com/ycwl/basic/controller/mobile/AppVoucherController.java @@ -64,9 +64,6 @@ public class AppVoucherController { if (face == null) { throw new BaseException("请选择人脸"); } - if (!face.getMemberId().equals(Long.valueOf(BaseContextHandler.getUserId()))) { - throw new BaseException("自动领取失败"); - } req.setScenicId(face.getScenicId()); VoucherCodeResp result = voucherCodeService.claimVoucher(req); return ApiResponse.success(result); From d408c4796372b5af2da8862dfbe8aefc3c3198c9 Mon Sep 17 00:00:00 2001 From: Jerry Yan <792602257@qq.com> Date: Mon, 17 Nov 2025 10:06:32 +0800 Subject: [PATCH 2/2] =?UTF-8?q?feat(mobile):=20=E5=A2=9E=E5=BC=BA=E4=BA=BA?= =?UTF-8?q?=E8=84=B8=E6=95=B0=E6=8D=AE=E8=AE=BF=E9=97=AE=E6=8E=A7=E5=88=B6?= =?UTF-8?q?=E5=B9=B6=E4=BC=98=E5=8C=96=E8=AE=A2=E5=8D=95=E6=9F=A5=E8=AF=A2?= =?UTF-8?q?=E9=80=BB=E8=BE=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 在删除人脸数据前增加用户权限校验,确保操作安全 - 移除订单详情接口中的用户身份强制绑定,简化查询流程 - 更新视频与图片资源查询方法,去除冗余的用户ID参数 - 调整Mapper层SQL语句,解耦人脸关联数据对用户的依赖 - 优化服务层代码结构,提升数据获取效率与一致性 --- .../controller/mobile/AppFaceController.java | 17 +++++++++++++ .../mobile/AppOrderV2Controller.java | 25 ++++--------------- .../com/ycwl/basic/mapper/SourceMapper.java | 4 +-- .../service/mobile/impl/GoodsServiceImpl.java | 5 ---- .../service/pc/impl/OrderServiceImpl.java | 8 +++--- src/main/resources/mapper/OrderMapper.xml | 5 ---- src/main/resources/mapper/SourceMapper.xml | 4 +-- 7 files changed, 30 insertions(+), 38 deletions(-) diff --git a/src/main/java/com/ycwl/basic/controller/mobile/AppFaceController.java b/src/main/java/com/ycwl/basic/controller/mobile/AppFaceController.java index b9898c9f..2b899f2b 100644 --- a/src/main/java/com/ycwl/basic/controller/mobile/AppFaceController.java +++ b/src/main/java/com/ycwl/basic/controller/mobile/AppFaceController.java @@ -1,13 +1,16 @@ package com.ycwl.basic.controller.mobile; +import com.ycwl.basic.exception.BaseException; import com.ycwl.basic.model.jwt.JwtInfo; import com.ycwl.basic.model.mobile.face.FaceRecognizeResp; import com.ycwl.basic.model.mobile.face.FaceStatusResp; import com.ycwl.basic.model.mobile.scenic.content.ContentPageVO; import com.ycwl.basic.model.mobile.face.FaceRecognitionUpdateReq; import com.ycwl.basic.model.mobile.face.FaceRecognitionDetailVO; +import com.ycwl.basic.model.pc.face.entity.FaceEntity; import com.ycwl.basic.model.pc.face.resp.FaceRespVO; import com.ycwl.basic.model.pc.faceSample.entity.FaceSampleEntity; +import com.ycwl.basic.repository.FaceRepository; import com.ycwl.basic.service.pc.FaceService; import com.ycwl.basic.utils.ApiResponse; import com.ycwl.basic.utils.JwtTokenUtil; @@ -28,6 +31,8 @@ public class AppFaceController { @Autowired private FaceService faceService; + @Autowired + private FaceRepository faceRepository; /** * 1、上传人脸照片 @@ -65,6 +70,18 @@ public class AppFaceController { @DeleteMapping("/{faceId}") public ApiResponse deleteFace(@PathVariable("faceId") Long faceId) { + // 添加权限检查:验证当前用户是否拥有该 face + JwtInfo worker = JwtTokenUtil.getWorker(); + Long userId = worker.getUserId(); + + FaceEntity face = faceRepository.getFace(faceId); + if (face == null) { + throw new BaseException("人脸数据不存在"); + } + if (!face.getMemberId().equals(userId)) { + throw new BaseException("无权删除此人脸"); + } + return faceService.deleteFace(faceId); } diff --git a/src/main/java/com/ycwl/basic/controller/mobile/AppOrderV2Controller.java b/src/main/java/com/ycwl/basic/controller/mobile/AppOrderV2Controller.java index 42eab2a8..1793552f 100644 --- a/src/main/java/com/ycwl/basic/controller/mobile/AppOrderV2Controller.java +++ b/src/main/java/com/ycwl/basic/controller/mobile/AppOrderV2Controller.java @@ -262,36 +262,21 @@ public class AppOrderV2Controller { } /** - * 用户查询自己的订单详情 + * 查询订单详情 */ @GetMapping("/detail/{orderId}") public ApiResponse getUserOrderDetail(@PathVariable("orderId") Long orderId) { - String currentUserIdStr = BaseContextHandler.getUserId(); - if (currentUserIdStr == null) { - log.warn("用户未登录"); - return ApiResponse.fail("用户未登录"); - } - - Long currentUserId = Long.valueOf(currentUserIdStr); - - log.info("用户查询订单详情: userId={}, orderId={}", currentUserId, orderId); - + log.info("查询订单详情: orderId={}", orderId); + try { OrderV2DetailResponse detail = orderService.getOrderDetail(orderId); if (detail == null) { return ApiResponse.fail("订单不存在"); } - - // 验证订单是否属于当前用户 - if (!currentUserId.equals(detail.getMemberId())) { - log.warn("用户尝试访问他人订单: userId={}, orderId={}, orderOwner={}", - currentUserId, orderId, detail.getMemberId()); - return ApiResponse.fail("无权访问该订单"); - } - + return ApiResponse.success(detail); } catch (Exception e) { - log.error("查询用户订单详情失败: userId={}, orderId={}", currentUserId, orderId, e); + log.error("查询订单详情失败: orderId={}", orderId, e); return ApiResponse.fail("查询失败:" + e.getMessage()); } } diff --git a/src/main/java/com/ycwl/basic/mapper/SourceMapper.java b/src/main/java/com/ycwl/basic/mapper/SourceMapper.java index 4c8c3c35..70f556aa 100644 --- a/src/main/java/com/ycwl/basic/mapper/SourceMapper.java +++ b/src/main/java/com/ycwl/basic/mapper/SourceMapper.java @@ -72,9 +72,9 @@ public interface SourceMapper { int hasRelationTo(Long memberId, Long sourceId, int type); List listVideoByScenicFaceRelation(Long scenicId, Long faceId); - List listVideoByFaceRelation(Long memberId, Long faceId); + List listVideoByFaceRelation(Long faceId); - List listImageByFaceRelation(Long memberId, Long faceId); + List listImageByFaceRelation(Long faceId); List listByFaceRelation(Long faceId, Integer type); SourceEntity getEntity(Long id); diff --git a/src/main/java/com/ycwl/basic/service/mobile/impl/GoodsServiceImpl.java b/src/main/java/com/ycwl/basic/service/mobile/impl/GoodsServiceImpl.java index a91c3afc..5ce3b9d9 100644 --- a/src/main/java/com/ycwl/basic/service/mobile/impl/GoodsServiceImpl.java +++ b/src/main/java/com/ycwl/basic/service/mobile/impl/GoodsServiceImpl.java @@ -125,7 +125,6 @@ public class GoodsServiceImpl implements GoodsService { videoReqQuery.setScenicId(scenicId); videoReqQuery.setIsBuy(query.getIsBuy()); videoReqQuery.setFaceId(query.getFaceId()); - videoReqQuery.setMemberId(Long.valueOf(BaseContextHandler.getUserId())); //查询成片vlog List videoList = videoMapper.queryByRelation(videoReqQuery); videoList.forEach(videoRespVO -> { @@ -150,7 +149,6 @@ public class GoodsServiceImpl implements GoodsService { sourceReqQuery.setScenicId(scenicId); sourceReqQuery.setIsBuy(query.getIsBuy()); sourceReqQuery.setFaceId(query.getFaceId()); - sourceReqQuery.setMemberId(Long.valueOf(BaseContextHandler.getUserId())); //查询源素材 List sourceList = sourceMapper.queryByRelation(sourceReqQuery); ScenicConfigManager scenicConfig = scenicRepository.getScenicConfigManager(scenicId); @@ -204,7 +202,6 @@ public class GoodsServiceImpl implements GoodsService { SourceReqQuery sourceReqQuery = new SourceReqQuery(); sourceReqQuery.setScenicId(face.getScenicId()); sourceReqQuery.setIsBuy(query.getIsBuy()); - sourceReqQuery.setMemberId(face.getMemberId()); sourceReqQuery.setType(sourceType); sourceReqQuery.setFaceId(face.getId()); List list = sourceMapper.listUser(sourceReqQuery); @@ -563,7 +560,6 @@ public class GoodsServiceImpl implements GoodsService { SourceReqQuery sourceReqQuery = new SourceReqQuery(); sourceReqQuery.setScenicId(face.getScenicId()); sourceReqQuery.setIsBuy(query.getIsBuy()); - sourceReqQuery.setMemberId(face.getMemberId()); sourceReqQuery.setType(sourceType); sourceReqQuery.setFaceId(face.getId()); List list = sourceMapper.listUser(sourceReqQuery); @@ -652,7 +648,6 @@ public class GoodsServiceImpl implements GoodsService { Integer sourceType = query.getSourceType(); SourceReqQuery sourceReqQuery = new SourceReqQuery(); sourceReqQuery.setScenicId(face.getScenicId()); - sourceReqQuery.setMemberId(face.getMemberId()); sourceReqQuery.setType(sourceType); sourceReqQuery.setFaceId(query.getFaceId()); List list = sourceMapper.listUser(sourceReqQuery); diff --git a/src/main/java/com/ycwl/basic/service/pc/impl/OrderServiceImpl.java b/src/main/java/com/ycwl/basic/service/pc/impl/OrderServiceImpl.java index 24ede82e..05c75313 100644 --- a/src/main/java/com/ycwl/basic/service/pc/impl/OrderServiceImpl.java +++ b/src/main/java/com/ycwl/basic/service/pc/impl/OrderServiceImpl.java @@ -299,7 +299,7 @@ public class OrderServiceImpl implements OrderService { List _f = new ArrayList<>(); orderItemList.forEach(item -> { if (Integer.valueOf(1).equals(item.getGoodsType())) { // 原片 goodsId就是人脸ID - List memberVideoEntityList = sourceMapper.listVideoByFaceRelation(order.getMemberId(), item.getGoodsId()); + List memberVideoEntityList = sourceMapper.listVideoByFaceRelation(item.getGoodsId()); item.setCoverList(memberVideoEntityList.stream().map(SourceEntity::getUrl).collect(Collectors.toList())); if (!_f.contains(1)) { _f.add(1); @@ -320,7 +320,7 @@ public class OrderServiceImpl implements OrderService { } } } else if (Integer.valueOf(2).equals(item.getGoodsType())) { // 照片 goodsId就是人脸ID - List memberVideoEntityList = sourceMapper.listImageByFaceRelation(order.getMemberId(), item.getGoodsId()); + List memberVideoEntityList = sourceMapper.listImageByFaceRelation(item.getGoodsId()); item.setCoverList(memberVideoEntityList.stream().map(SourceEntity::getUrl).collect(Collectors.toList())); if (!_f.contains(2)) { _f.add(2); @@ -519,14 +519,14 @@ public class OrderServiceImpl implements OrderService { } orderItemList.forEach(item -> { if (Integer.valueOf(1).equals(item.getGoodsType())) { // 原片 - List memberVideoEntityList = sourceMapper.listVideoByFaceRelation(orderReqQuery.getMemberId(), item.getFaceId()); + List memberVideoEntityList = sourceMapper.listVideoByFaceRelation(item.getFaceId()); item.setCoverList(memberVideoEntityList.stream().map(SourceEntity::getUrl).collect(Collectors.toList())); if (!memberVideoEntityList.isEmpty()) { item.setShootingTime(memberVideoEntityList.getFirst().getCreateTime()); item.setCount(1); } } else if (Integer.valueOf(2).equals(item.getGoodsType())) { - List memberVideoEntityList = sourceMapper.listImageByFaceRelation(orderReqQuery.getMemberId(), item.getFaceId()); + List memberVideoEntityList = sourceMapper.listImageByFaceRelation(item.getFaceId()); item.setCoverList(memberVideoEntityList.stream().map(SourceEntity::getUrl).collect(Collectors.toList())); if (!memberVideoEntityList.isEmpty()) { item.setShootingTime(memberVideoEntityList.getFirst().getCreateTime()); diff --git a/src/main/resources/mapper/OrderMapper.xml b/src/main/resources/mapper/OrderMapper.xml index 6d7c3f96..700056f0 100644 --- a/src/main/resources/mapper/OrderMapper.xml +++ b/src/main/resources/mapper/OrderMapper.xml @@ -396,11 +396,6 @@ o.scenic_id from `order` AS o left join face f on o.face_id = f.id - - - and o.member_id=#{memberId} - - order by o.create_at desc