feat(mobile): 增强人脸数据访问控制并优化订单查询逻辑

- 在删除人脸数据前增加用户权限校验，确保操作安全
- 移除订单详情接口中的用户身份强制绑定，简化查询流程
- 更新视频与图片资源查询方法，去除冗余的用户ID参数
- 调整Mapper层SQL语句，解耦人脸关联数据对用户的依赖
- 优化服务层代码结构，提升数据获取效率与一致性

src/main/java/com/ycwl/basic/controller/mobile/AppFaceController.java

@@ -1,13 +1,16 @@
 package com.ycwl.basic.controller.mobile;
 
+import com.ycwl.basic.exception.BaseException;
 import com.ycwl.basic.model.jwt.JwtInfo;
 import com.ycwl.basic.model.mobile.face.FaceRecognizeResp;
 import com.ycwl.basic.model.mobile.face.FaceStatusResp;
 import com.ycwl.basic.model.mobile.scenic.content.ContentPageVO;
 import com.ycwl.basic.model.mobile.face.FaceRecognitionUpdateReq;
 import com.ycwl.basic.model.mobile.face.FaceRecognitionDetailVO;
+import com.ycwl.basic.model.pc.face.entity.FaceEntity;
 import com.ycwl.basic.model.pc.face.resp.FaceRespVO;
 import com.ycwl.basic.model.pc.faceSample.entity.FaceSampleEntity;
+import com.ycwl.basic.repository.FaceRepository;
 import com.ycwl.basic.service.pc.FaceService;
 import com.ycwl.basic.utils.ApiResponse;
 import com.ycwl.basic.utils.JwtTokenUtil;
@@ -28,6 +31,8 @@ public class AppFaceController {
 
     @Autowired
     private FaceService faceService;
+    @Autowired
+    private FaceRepository faceRepository;
 
     /**
      * 1、上传人脸照片
@@ -65,6 +70,18 @@ public class AppFaceController {
 
     @DeleteMapping("/{faceId}")
     public ApiResponse<String> deleteFace(@PathVariable("faceId") Long faceId) {
+        // 添加权限检查：验证当前用户是否拥有该 face
+        JwtInfo worker = JwtTokenUtil.getWorker();
+        Long userId = worker.getUserId();
+
+        FaceEntity face = faceRepository.getFace(faceId);
+        if (face == null) {
+            throw new BaseException("人脸数据不存在");
+        }
+        if (!face.getMemberId().equals(userId)) {
+            throw new BaseException("无权删除此人脸");
+        }
+
         return faceService.deleteFace(faceId);
     }