You've already forked FrameTour-BE
feat(mobile): 增强人脸数据访问控制并优化订单查询逻辑
- 在删除人脸数据前增加用户权限校验,确保操作安全 - 移除订单详情接口中的用户身份强制绑定,简化查询流程 - 更新视频与图片资源查询方法,去除冗余的用户ID参数 - 调整Mapper层SQL语句,解耦人脸关联数据对用户的依赖 - 优化服务层代码结构,提升数据获取效率与一致性
This commit is contained in:
@@ -1,13 +1,16 @@
|
||||
package com.ycwl.basic.controller.mobile;
|
||||
|
||||
import com.ycwl.basic.exception.BaseException;
|
||||
import com.ycwl.basic.model.jwt.JwtInfo;
|
||||
import com.ycwl.basic.model.mobile.face.FaceRecognizeResp;
|
||||
import com.ycwl.basic.model.mobile.face.FaceStatusResp;
|
||||
import com.ycwl.basic.model.mobile.scenic.content.ContentPageVO;
|
||||
import com.ycwl.basic.model.mobile.face.FaceRecognitionUpdateReq;
|
||||
import com.ycwl.basic.model.mobile.face.FaceRecognitionDetailVO;
|
||||
import com.ycwl.basic.model.pc.face.entity.FaceEntity;
|
||||
import com.ycwl.basic.model.pc.face.resp.FaceRespVO;
|
||||
import com.ycwl.basic.model.pc.faceSample.entity.FaceSampleEntity;
|
||||
import com.ycwl.basic.repository.FaceRepository;
|
||||
import com.ycwl.basic.service.pc.FaceService;
|
||||
import com.ycwl.basic.utils.ApiResponse;
|
||||
import com.ycwl.basic.utils.JwtTokenUtil;
|
||||
@@ -28,6 +31,8 @@ public class AppFaceController {
|
||||
|
||||
@Autowired
|
||||
private FaceService faceService;
|
||||
@Autowired
|
||||
private FaceRepository faceRepository;
|
||||
|
||||
/**
|
||||
* 1、上传人脸照片
|
||||
@@ -65,6 +70,18 @@ public class AppFaceController {
|
||||
|
||||
@DeleteMapping("/{faceId}")
|
||||
public ApiResponse<String> deleteFace(@PathVariable("faceId") Long faceId) {
|
||||
// 添加权限检查:验证当前用户是否拥有该 face
|
||||
JwtInfo worker = JwtTokenUtil.getWorker();
|
||||
Long userId = worker.getUserId();
|
||||
|
||||
FaceEntity face = faceRepository.getFace(faceId);
|
||||
if (face == null) {
|
||||
throw new BaseException("人脸数据不存在");
|
||||
}
|
||||
if (!face.getMemberId().equals(userId)) {
|
||||
throw new BaseException("无权删除此人脸");
|
||||
}
|
||||
|
||||
return faceService.deleteFace(faceId);
|
||||
}
|
||||
|
||||
|
||||
@@ -262,36 +262,21 @@ public class AppOrderV2Controller {
|
||||
}
|
||||
|
||||
/**
|
||||
* 用户查询自己的订单详情
|
||||
* 查询订单详情
|
||||
*/
|
||||
@GetMapping("/detail/{orderId}")
|
||||
public ApiResponse<OrderV2DetailResponse> getUserOrderDetail(@PathVariable("orderId") Long orderId) {
|
||||
String currentUserIdStr = BaseContextHandler.getUserId();
|
||||
if (currentUserIdStr == null) {
|
||||
log.warn("用户未登录");
|
||||
return ApiResponse.fail("用户未登录");
|
||||
}
|
||||
|
||||
Long currentUserId = Long.valueOf(currentUserIdStr);
|
||||
|
||||
log.info("用户查询订单详情: userId={}, orderId={}", currentUserId, orderId);
|
||||
|
||||
log.info("查询订单详情: orderId={}", orderId);
|
||||
|
||||
try {
|
||||
OrderV2DetailResponse detail = orderService.getOrderDetail(orderId);
|
||||
if (detail == null) {
|
||||
return ApiResponse.fail("订单不存在");
|
||||
}
|
||||
|
||||
// 验证订单是否属于当前用户
|
||||
if (!currentUserId.equals(detail.getMemberId())) {
|
||||
log.warn("用户尝试访问他人订单: userId={}, orderId={}, orderOwner={}",
|
||||
currentUserId, orderId, detail.getMemberId());
|
||||
return ApiResponse.fail("无权访问该订单");
|
||||
}
|
||||
|
||||
|
||||
return ApiResponse.success(detail);
|
||||
} catch (Exception e) {
|
||||
log.error("查询用户订单详情失败: userId={}, orderId={}", currentUserId, orderId, e);
|
||||
log.error("查询订单详情失败: orderId={}", orderId, e);
|
||||
return ApiResponse.fail("查询失败:" + e.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -72,9 +72,9 @@ public interface SourceMapper {
|
||||
int hasRelationTo(Long memberId, Long sourceId, int type);
|
||||
|
||||
List<SourceEntity> listVideoByScenicFaceRelation(Long scenicId, Long faceId);
|
||||
List<SourceEntity> listVideoByFaceRelation(Long memberId, Long faceId);
|
||||
List<SourceEntity> listVideoByFaceRelation(Long faceId);
|
||||
|
||||
List<SourceEntity> listImageByFaceRelation(Long memberId, Long faceId);
|
||||
List<SourceEntity> listImageByFaceRelation(Long faceId);
|
||||
List<MemberSourceEntity> listByFaceRelation(Long faceId, Integer type);
|
||||
|
||||
SourceEntity getEntity(Long id);
|
||||
|
||||
@@ -125,7 +125,6 @@ public class GoodsServiceImpl implements GoodsService {
|
||||
videoReqQuery.setScenicId(scenicId);
|
||||
videoReqQuery.setIsBuy(query.getIsBuy());
|
||||
videoReqQuery.setFaceId(query.getFaceId());
|
||||
videoReqQuery.setMemberId(Long.valueOf(BaseContextHandler.getUserId()));
|
||||
//查询成片vlog
|
||||
List<VideoRespVO> videoList = videoMapper.queryByRelation(videoReqQuery);
|
||||
videoList.forEach(videoRespVO -> {
|
||||
@@ -150,7 +149,6 @@ public class GoodsServiceImpl implements GoodsService {
|
||||
sourceReqQuery.setScenicId(scenicId);
|
||||
sourceReqQuery.setIsBuy(query.getIsBuy());
|
||||
sourceReqQuery.setFaceId(query.getFaceId());
|
||||
sourceReqQuery.setMemberId(Long.valueOf(BaseContextHandler.getUserId()));
|
||||
//查询源素材
|
||||
List<SourceRespVO> sourceList = sourceMapper.queryByRelation(sourceReqQuery);
|
||||
ScenicConfigManager scenicConfig = scenicRepository.getScenicConfigManager(scenicId);
|
||||
@@ -204,7 +202,6 @@ public class GoodsServiceImpl implements GoodsService {
|
||||
SourceReqQuery sourceReqQuery = new SourceReqQuery();
|
||||
sourceReqQuery.setScenicId(face.getScenicId());
|
||||
sourceReqQuery.setIsBuy(query.getIsBuy());
|
||||
sourceReqQuery.setMemberId(face.getMemberId());
|
||||
sourceReqQuery.setType(sourceType);
|
||||
sourceReqQuery.setFaceId(face.getId());
|
||||
List<SourceRespVO> list = sourceMapper.listUser(sourceReqQuery);
|
||||
@@ -563,7 +560,6 @@ public class GoodsServiceImpl implements GoodsService {
|
||||
SourceReqQuery sourceReqQuery = new SourceReqQuery();
|
||||
sourceReqQuery.setScenicId(face.getScenicId());
|
||||
sourceReqQuery.setIsBuy(query.getIsBuy());
|
||||
sourceReqQuery.setMemberId(face.getMemberId());
|
||||
sourceReqQuery.setType(sourceType);
|
||||
sourceReqQuery.setFaceId(face.getId());
|
||||
List<SourceRespVO> list = sourceMapper.listUser(sourceReqQuery);
|
||||
@@ -652,7 +648,6 @@ public class GoodsServiceImpl implements GoodsService {
|
||||
Integer sourceType = query.getSourceType();
|
||||
SourceReqQuery sourceReqQuery = new SourceReqQuery();
|
||||
sourceReqQuery.setScenicId(face.getScenicId());
|
||||
sourceReqQuery.setMemberId(face.getMemberId());
|
||||
sourceReqQuery.setType(sourceType);
|
||||
sourceReqQuery.setFaceId(query.getFaceId());
|
||||
List<SourceRespVO> list = sourceMapper.listUser(sourceReqQuery);
|
||||
|
||||
@@ -299,7 +299,7 @@ public class OrderServiceImpl implements OrderService {
|
||||
List<Integer> _f = new ArrayList<>();
|
||||
orderItemList.forEach(item -> {
|
||||
if (Integer.valueOf(1).equals(item.getGoodsType())) { // 原片 goodsId就是人脸ID
|
||||
List<SourceEntity> memberVideoEntityList = sourceMapper.listVideoByFaceRelation(order.getMemberId(), item.getGoodsId());
|
||||
List<SourceEntity> memberVideoEntityList = sourceMapper.listVideoByFaceRelation(item.getGoodsId());
|
||||
item.setCoverList(memberVideoEntityList.stream().map(SourceEntity::getUrl).collect(Collectors.toList()));
|
||||
if (!_f.contains(1)) {
|
||||
_f.add(1);
|
||||
@@ -320,7 +320,7 @@ public class OrderServiceImpl implements OrderService {
|
||||
}
|
||||
}
|
||||
} else if (Integer.valueOf(2).equals(item.getGoodsType())) { // 照片 goodsId就是人脸ID
|
||||
List<SourceEntity> memberVideoEntityList = sourceMapper.listImageByFaceRelation(order.getMemberId(), item.getGoodsId());
|
||||
List<SourceEntity> memberVideoEntityList = sourceMapper.listImageByFaceRelation(item.getGoodsId());
|
||||
item.setCoverList(memberVideoEntityList.stream().map(SourceEntity::getUrl).collect(Collectors.toList()));
|
||||
if (!_f.contains(2)) {
|
||||
_f.add(2);
|
||||
@@ -519,14 +519,14 @@ public class OrderServiceImpl implements OrderService {
|
||||
}
|
||||
orderItemList.forEach(item -> {
|
||||
if (Integer.valueOf(1).equals(item.getGoodsType())) { // 原片
|
||||
List<SourceEntity> memberVideoEntityList = sourceMapper.listVideoByFaceRelation(orderReqQuery.getMemberId(), item.getFaceId());
|
||||
List<SourceEntity> memberVideoEntityList = sourceMapper.listVideoByFaceRelation(item.getFaceId());
|
||||
item.setCoverList(memberVideoEntityList.stream().map(SourceEntity::getUrl).collect(Collectors.toList()));
|
||||
if (!memberVideoEntityList.isEmpty()) {
|
||||
item.setShootingTime(memberVideoEntityList.getFirst().getCreateTime());
|
||||
item.setCount(1);
|
||||
}
|
||||
} else if (Integer.valueOf(2).equals(item.getGoodsType())) {
|
||||
List<SourceEntity> memberVideoEntityList = sourceMapper.listImageByFaceRelation(orderReqQuery.getMemberId(), item.getFaceId());
|
||||
List<SourceEntity> memberVideoEntityList = sourceMapper.listImageByFaceRelation(item.getFaceId());
|
||||
item.setCoverList(memberVideoEntityList.stream().map(SourceEntity::getUrl).collect(Collectors.toList()));
|
||||
if (!memberVideoEntityList.isEmpty()) {
|
||||
item.setShootingTime(memberVideoEntityList.getFirst().getCreateTime());
|
||||
|
||||
@@ -396,11 +396,6 @@
|
||||
o.scenic_id
|
||||
from `order` AS o
|
||||
left join face f on o.face_id = f.id
|
||||
<where>
|
||||
<if test="memberId!=null">
|
||||
and o.member_id=#{memberId}
|
||||
</if>
|
||||
</where>
|
||||
order by o.create_at desc
|
||||
</select>
|
||||
<select id="appDetail" resultMap="AppBaseResultMap">
|
||||
|
||||
@@ -290,7 +290,7 @@
|
||||
select s.*, ms.is_buy
|
||||
from member_source ms
|
||||
left join source s on ms.source_id = s.id
|
||||
where ms.face_id = #{faceId} and ms.member_id = #{memberId} and ms.type = 1
|
||||
where ms.face_id = #{faceId} and ms.type = 1
|
||||
order by create_time desc
|
||||
</select>
|
||||
<select id="listVideoByScenicFaceRelation" resultType="com.ycwl.basic.model.pc.source.entity.SourceEntity">
|
||||
@@ -304,7 +304,7 @@
|
||||
select s.*, ms.is_buy
|
||||
from member_source ms
|
||||
left join source s on ms.source_id = s.id
|
||||
where ms.face_id = #{faceId} and ms.member_id = #{memberId} and ms.type = 2
|
||||
where ms.face_id = #{faceId} and ms.type = 2
|
||||
</select>
|
||||
<select id="getEntity" resultType="com.ycwl.basic.model.pc.source.entity.SourceEntity">
|
||||
select *
|
||||
|
||||
Reference in New Issue
Block a user