diff --git a/src/main/java/com/ycwl/basic/controller/mobile/AppFaceController.java b/src/main/java/com/ycwl/basic/controller/mobile/AppFaceController.java index b9898c9f..2b899f2b 100644 --- a/src/main/java/com/ycwl/basic/controller/mobile/AppFaceController.java +++ b/src/main/java/com/ycwl/basic/controller/mobile/AppFaceController.java @@ -1,13 +1,16 @@ package com.ycwl.basic.controller.mobile; +import com.ycwl.basic.exception.BaseException; import com.ycwl.basic.model.jwt.JwtInfo; import com.ycwl.basic.model.mobile.face.FaceRecognizeResp; import com.ycwl.basic.model.mobile.face.FaceStatusResp; import com.ycwl.basic.model.mobile.scenic.content.ContentPageVO; import com.ycwl.basic.model.mobile.face.FaceRecognitionUpdateReq; import com.ycwl.basic.model.mobile.face.FaceRecognitionDetailVO; +import com.ycwl.basic.model.pc.face.entity.FaceEntity; import com.ycwl.basic.model.pc.face.resp.FaceRespVO; import com.ycwl.basic.model.pc.faceSample.entity.FaceSampleEntity; +import com.ycwl.basic.repository.FaceRepository; import com.ycwl.basic.service.pc.FaceService; import com.ycwl.basic.utils.ApiResponse; import com.ycwl.basic.utils.JwtTokenUtil; @@ -28,6 +31,8 @@ public class AppFaceController { @Autowired private FaceService faceService; + @Autowired + private FaceRepository faceRepository; /** * 1、上传人脸照片 @@ -65,6 +70,18 @@ public class AppFaceController { @DeleteMapping("/{faceId}") public ApiResponse deleteFace(@PathVariable("faceId") Long faceId) { + // 添加权限检查:验证当前用户是否拥有该 face + JwtInfo worker = JwtTokenUtil.getWorker(); + Long userId = worker.getUserId(); + + FaceEntity face = faceRepository.getFace(faceId); + if (face == null) { + throw new BaseException("人脸数据不存在"); + } + if (!face.getMemberId().equals(userId)) { + throw new BaseException("无权删除此人脸"); + } + return faceService.deleteFace(faceId); } diff --git a/src/main/java/com/ycwl/basic/controller/mobile/AppOrderV2Controller.java b/src/main/java/com/ycwl/basic/controller/mobile/AppOrderV2Controller.java index 42eab2a8..1793552f 100644 --- a/src/main/java/com/ycwl/basic/controller/mobile/AppOrderV2Controller.java +++ b/src/main/java/com/ycwl/basic/controller/mobile/AppOrderV2Controller.java @@ -262,36 +262,21 @@ public class AppOrderV2Controller { } /** - * 用户查询自己的订单详情 + * 查询订单详情 */ @GetMapping("/detail/{orderId}") public ApiResponse getUserOrderDetail(@PathVariable("orderId") Long orderId) { - String currentUserIdStr = BaseContextHandler.getUserId(); - if (currentUserIdStr == null) { - log.warn("用户未登录"); - return ApiResponse.fail("用户未登录"); - } - - Long currentUserId = Long.valueOf(currentUserIdStr); - - log.info("用户查询订单详情: userId={}, orderId={}", currentUserId, orderId); - + log.info("查询订单详情: orderId={}", orderId); + try { OrderV2DetailResponse detail = orderService.getOrderDetail(orderId); if (detail == null) { return ApiResponse.fail("订单不存在"); } - - // 验证订单是否属于当前用户 - if (!currentUserId.equals(detail.getMemberId())) { - log.warn("用户尝试访问他人订单: userId={}, orderId={}, orderOwner={}", - currentUserId, orderId, detail.getMemberId()); - return ApiResponse.fail("无权访问该订单"); - } - + return ApiResponse.success(detail); } catch (Exception e) { - log.error("查询用户订单详情失败: userId={}, orderId={}", currentUserId, orderId, e); + log.error("查询订单详情失败: orderId={}", orderId, e); return ApiResponse.fail("查询失败:" + e.getMessage()); } } diff --git a/src/main/java/com/ycwl/basic/mapper/SourceMapper.java b/src/main/java/com/ycwl/basic/mapper/SourceMapper.java index 4c8c3c35..70f556aa 100644 --- a/src/main/java/com/ycwl/basic/mapper/SourceMapper.java +++ b/src/main/java/com/ycwl/basic/mapper/SourceMapper.java @@ -72,9 +72,9 @@ public interface SourceMapper { int hasRelationTo(Long memberId, Long sourceId, int type); List listVideoByScenicFaceRelation(Long scenicId, Long faceId); - List listVideoByFaceRelation(Long memberId, Long faceId); + List listVideoByFaceRelation(Long faceId); - List listImageByFaceRelation(Long memberId, Long faceId); + List listImageByFaceRelation(Long faceId); List listByFaceRelation(Long faceId, Integer type); SourceEntity getEntity(Long id); diff --git a/src/main/java/com/ycwl/basic/service/mobile/impl/GoodsServiceImpl.java b/src/main/java/com/ycwl/basic/service/mobile/impl/GoodsServiceImpl.java index a91c3afc..5ce3b9d9 100644 --- a/src/main/java/com/ycwl/basic/service/mobile/impl/GoodsServiceImpl.java +++ b/src/main/java/com/ycwl/basic/service/mobile/impl/GoodsServiceImpl.java @@ -125,7 +125,6 @@ public class GoodsServiceImpl implements GoodsService { videoReqQuery.setScenicId(scenicId); videoReqQuery.setIsBuy(query.getIsBuy()); videoReqQuery.setFaceId(query.getFaceId()); - videoReqQuery.setMemberId(Long.valueOf(BaseContextHandler.getUserId())); //查询成片vlog List videoList = videoMapper.queryByRelation(videoReqQuery); videoList.forEach(videoRespVO -> { @@ -150,7 +149,6 @@ public class GoodsServiceImpl implements GoodsService { sourceReqQuery.setScenicId(scenicId); sourceReqQuery.setIsBuy(query.getIsBuy()); sourceReqQuery.setFaceId(query.getFaceId()); - sourceReqQuery.setMemberId(Long.valueOf(BaseContextHandler.getUserId())); //查询源素材 List sourceList = sourceMapper.queryByRelation(sourceReqQuery); ScenicConfigManager scenicConfig = scenicRepository.getScenicConfigManager(scenicId); @@ -204,7 +202,6 @@ public class GoodsServiceImpl implements GoodsService { SourceReqQuery sourceReqQuery = new SourceReqQuery(); sourceReqQuery.setScenicId(face.getScenicId()); sourceReqQuery.setIsBuy(query.getIsBuy()); - sourceReqQuery.setMemberId(face.getMemberId()); sourceReqQuery.setType(sourceType); sourceReqQuery.setFaceId(face.getId()); List list = sourceMapper.listUser(sourceReqQuery); @@ -563,7 +560,6 @@ public class GoodsServiceImpl implements GoodsService { SourceReqQuery sourceReqQuery = new SourceReqQuery(); sourceReqQuery.setScenicId(face.getScenicId()); sourceReqQuery.setIsBuy(query.getIsBuy()); - sourceReqQuery.setMemberId(face.getMemberId()); sourceReqQuery.setType(sourceType); sourceReqQuery.setFaceId(face.getId()); List list = sourceMapper.listUser(sourceReqQuery); @@ -652,7 +648,6 @@ public class GoodsServiceImpl implements GoodsService { Integer sourceType = query.getSourceType(); SourceReqQuery sourceReqQuery = new SourceReqQuery(); sourceReqQuery.setScenicId(face.getScenicId()); - sourceReqQuery.setMemberId(face.getMemberId()); sourceReqQuery.setType(sourceType); sourceReqQuery.setFaceId(query.getFaceId()); List list = sourceMapper.listUser(sourceReqQuery); diff --git a/src/main/java/com/ycwl/basic/service/pc/impl/OrderServiceImpl.java b/src/main/java/com/ycwl/basic/service/pc/impl/OrderServiceImpl.java index 24ede82e..05c75313 100644 --- a/src/main/java/com/ycwl/basic/service/pc/impl/OrderServiceImpl.java +++ b/src/main/java/com/ycwl/basic/service/pc/impl/OrderServiceImpl.java @@ -299,7 +299,7 @@ public class OrderServiceImpl implements OrderService { List _f = new ArrayList<>(); orderItemList.forEach(item -> { if (Integer.valueOf(1).equals(item.getGoodsType())) { // 原片 goodsId就是人脸ID - List memberVideoEntityList = sourceMapper.listVideoByFaceRelation(order.getMemberId(), item.getGoodsId()); + List memberVideoEntityList = sourceMapper.listVideoByFaceRelation(item.getGoodsId()); item.setCoverList(memberVideoEntityList.stream().map(SourceEntity::getUrl).collect(Collectors.toList())); if (!_f.contains(1)) { _f.add(1); @@ -320,7 +320,7 @@ public class OrderServiceImpl implements OrderService { } } } else if (Integer.valueOf(2).equals(item.getGoodsType())) { // 照片 goodsId就是人脸ID - List memberVideoEntityList = sourceMapper.listImageByFaceRelation(order.getMemberId(), item.getGoodsId()); + List memberVideoEntityList = sourceMapper.listImageByFaceRelation(item.getGoodsId()); item.setCoverList(memberVideoEntityList.stream().map(SourceEntity::getUrl).collect(Collectors.toList())); if (!_f.contains(2)) { _f.add(2); @@ -519,14 +519,14 @@ public class OrderServiceImpl implements OrderService { } orderItemList.forEach(item -> { if (Integer.valueOf(1).equals(item.getGoodsType())) { // 原片 - List memberVideoEntityList = sourceMapper.listVideoByFaceRelation(orderReqQuery.getMemberId(), item.getFaceId()); + List memberVideoEntityList = sourceMapper.listVideoByFaceRelation(item.getFaceId()); item.setCoverList(memberVideoEntityList.stream().map(SourceEntity::getUrl).collect(Collectors.toList())); if (!memberVideoEntityList.isEmpty()) { item.setShootingTime(memberVideoEntityList.getFirst().getCreateTime()); item.setCount(1); } } else if (Integer.valueOf(2).equals(item.getGoodsType())) { - List memberVideoEntityList = sourceMapper.listImageByFaceRelation(orderReqQuery.getMemberId(), item.getFaceId()); + List memberVideoEntityList = sourceMapper.listImageByFaceRelation(item.getFaceId()); item.setCoverList(memberVideoEntityList.stream().map(SourceEntity::getUrl).collect(Collectors.toList())); if (!memberVideoEntityList.isEmpty()) { item.setShootingTime(memberVideoEntityList.getFirst().getCreateTime()); diff --git a/src/main/resources/mapper/OrderMapper.xml b/src/main/resources/mapper/OrderMapper.xml index 6d7c3f96..700056f0 100644 --- a/src/main/resources/mapper/OrderMapper.xml +++ b/src/main/resources/mapper/OrderMapper.xml @@ -396,11 +396,6 @@ o.scenic_id from `order` AS o left join face f on o.face_id = f.id - - - and o.member_id=#{memberId} - - order by o.create_at desc