公司查询积分订单

fs-company/src/main/java/com/fs/company/controller/store/FsStoreOrderController.java

@@ -19,6 +19,7 @@ import com.fs.erp.dto.ErpOrderQueryResponse;
 import com.fs.erp.service.IErpOrderService;
 import com.fs.framework.security.LoginUser;
 import com.fs.framework.security.SecurityUtils;
+import com.fs.company.domain.CompanyRole;
 import com.fs.framework.service.TokenService;
 import com.fs.his.config.FsSysConfig;
 import com.fs.his.domain.*;
@@ -93,7 +94,7 @@ public class FsStoreOrderController extends BaseController
     /**
      * 查询直播/点播订单列表（fs_store_order_scrm 中 order_type=2 直播订单，order_type=3 点播订单）
      * 如果前端传了 orderType，则按指定类型查询；如果没传（null），则查询所有直播和点播订单（orderType IN (2,3)）
-     * 分公司负责人(userType=00)可查公司下所有订单，否则仅能查自己的订单
+     * 分公司负责人(userType=00)或 finance_order_goods 角色可查公司下所有订单，否则仅能查自己的订单
      */
     @PostMapping("/healthLiveList")
     public FsStoreOrderListAndStatisticsVo healthLiveList(@RequestBody com.fs.hisStore.param.FsStoreOrderParam param) {
@@ -103,7 +104,7 @@ public class FsStoreOrderController extends BaseController
         if (param.getOrderType() == null) {
             param.setOrderType(-1); // 特殊值，表示查询所有直播和点播订单
         }
-        if (!"00".equals(loginUser.getUser().getUserType())) {
+        if (!"00".equals(loginUser.getUser().getUserType()) && !hasRoleKey(loginUser, "finance_order_goods")) {
             param.setCompanyUserId(loginUser.getUser().getUserId());
         } else {
             param.setCompanyUserId(null);
@@ -167,7 +168,7 @@ public class FsStoreOrderController extends BaseController
         if (param.getOrderType() == null) {
             param.setOrderType(-1); // 特殊值，表示查询所有直播和点播订单
         }
-        if (!"00".equals(loginUser.getUser().getUserType())) {
+        if (!"00".equals(loginUser.getUser().getUserType()) && !hasRoleKey(loginUser, "finance_order_goods")) {
             param.setCompanyUserId(loginUser.getUser().getUserId());
         } else {
             param.setCompanyUserId(null);
@@ -1006,4 +1007,12 @@ public class FsStoreOrderController extends BaseController
         return null;
     }
 
+    private boolean hasRoleKey(LoginUser loginUser, String roleKey) {
+        List<CompanyRole> roles = loginUser.getUser().getRoles();
+        if (roles == null || roles.isEmpty()) {
+            return false;
+        }
+        return roles.stream().anyMatch(role -> roleKey.equals(role.getRoleKey()));
+    }
+
 }

fs-company/src/main/java/com/fs/hisStore/controller/FsIntegralOrderController.java

@@ -1,28 +1,26 @@
 package com.fs.hisStore.controller;
 
-import cn.hutool.core.lang.TypeReference;
-import cn.hutool.core.util.ObjectUtil;
 import cn.hutool.core.util.StrUtil;
-import cn.hutool.json.JSONUtil;
-import com.alibaba.fastjson.JSONObject;
 import com.fs.common.annotation.Log;
 import com.fs.common.core.controller.BaseController;
 import com.fs.common.core.domain.AjaxResult;
 import com.fs.common.core.domain.R;
 import com.fs.common.core.page.TableDataInfo;
 import com.fs.common.enums.BusinessType;
+import com.fs.common.exception.ServiceException;
+import com.fs.common.utils.ServletUtils;
 import com.fs.common.utils.StringUtils;
 import com.fs.common.utils.poi.ExcelUtil;
-import com.fs.his.domain.FsIntegralGoods;
+import com.fs.company.domain.CompanyRole;
+import com.fs.framework.security.LoginUser;
+import com.fs.framework.service.TokenService;
 import com.fs.his.domain.FsIntegralOrder;
 import com.fs.his.dto.ExpressInfoDTO;
 import com.fs.his.enums.ShipperCodeEnum;
-import com.fs.his.mapper.FsIntegralGoodsMapper;
 import com.fs.his.param.FsIntegralOrderCreateParam;
 import com.fs.his.param.FsIntegralOrderParam;
 import com.fs.his.service.IFsExpressService;
 import com.fs.his.service.IFsIntegralOrderService;
-import com.fs.his.utils.PhoneUtil;
 import com.fs.his.vo.FsIntegralOrderListVO;
 import com.fs.his.vo.FsIntegralOrderPVO;
 import com.fs.his.vo.FsStoreProductDeliverExcelVO;
@@ -31,7 +29,7 @@ import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 
-import java.util.*;
+import java.util.List;
 
 import static com.fs.his.utils.PhoneUtil.decryptAutoPhoneMk;
 import static com.fs.his.utils.PhoneUtil.decryptPhone;
@@ -50,16 +48,18 @@ public class FsIntegralOrderController extends BaseController
     private IFsIntegralOrderService fsIntegralOrderService;
     @Autowired
     private IFsExpressService expressService;
-
     @Autowired
-    private FsIntegralGoodsMapper fsIntegralGoodsMapper;
+    private TokenService tokenService;
+
     /**
      * 查询积分商品订单列表
+     * 销售公司只能查本公司数据；非管理员且非 finance_order_goods 角色只能查本人订单
      */
     @PreAuthorize("@ss.hasPermi('his:integralOrder:list')")
     @GetMapping("/list")
     public TableDataInfo list(FsIntegralOrderParam fsIntegralOrder)
     {
+        applyCompanyDataScope(fsIntegralOrder);
         startPage();
         List<FsIntegralOrderListVO> list = fsIntegralOrderService.selectFsIntegralOrderListVO(fsIntegralOrder);
         for (FsIntegralOrderListVO vo : list) {
@@ -75,15 +75,22 @@ public class FsIntegralOrderController extends BaseController
     @Log(title = "积分商品订单", businessType = BusinessType.EXPORT)
     @GetMapping("/export")
     public AjaxResult export(FsIntegralOrder fsIntegralOrder) {
+        LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
+        fsIntegralOrder.setCompanyId(loginUser.getCompany().getCompanyId());
+        if (!"00".equals(loginUser.getUser().getUserType()) && !hasRoleKey(loginUser, "finance_order_goods")) {
+            fsIntegralOrder.setCompanyUserId(loginUser.getUser().getUserId());
+        }
         return fsIntegralOrderService.export(fsIntegralOrder);
     }
+
     /**
      * 发货
      */
-//    @PreAuthorize("@ss.hasPermi('his:integralOrder:sendGoods')")
+    @PreAuthorize("@ss.hasPermi('his:integralOrder:sendGoods')")
     @PutMapping("/sendGoods")
     public AjaxResult sendGoods(@RequestBody FsIntegralOrder fsIntegralOrder)
     {
+        checkIntegralOrderAccess(fsIntegralOrderService.selectFsIntegralOrderByOrderId(fsIntegralOrder.getOrderId()));
         return toAjax(fsIntegralOrderService.sendGoods(fsIntegralOrder));
     }
 
@@ -93,6 +100,7 @@ public class FsIntegralOrderController extends BaseController
         ExcelUtil<FsStoreProductDeliverExcelVO> util = new ExcelUtil<>(FsStoreProductDeliverExcelVO.class);
         return util.importTemplateExcel("导入运单号");
     }
+
     @Log(title = "导入运单号", businessType = BusinessType.IMPORT)
     @PostMapping("/importData")
     public AjaxResult importData(MultipartFile file, boolean updateSupport) throws Exception
@@ -102,11 +110,13 @@ public class FsIntegralOrderController extends BaseController
         String message = fsIntegralOrderService.importProductDeliver(list);
         return AjaxResult.success(message);
     }
-//    @PreAuthorize("@ss.hasPermi('his:integralOrder:express')")
+
+    @PreAuthorize("@ss.hasPermi('his:integralOrder:express')")
     @GetMapping(value = "/getExpress/{id}")
     public R getExpress(@PathVariable("id") Long id)
     {
         FsIntegralOrder fsIntegralOrder = fsIntegralOrderService.selectFsIntegralOrderByOrderId(id);
+        checkIntegralOrderAccess(fsIntegralOrder);
         ExpressInfoDTO expressInfoDTO=null;
         if(StringUtils.isNotEmpty(fsIntegralOrder.getDeliverySn())){
             String lastFourNumber = "";
@@ -121,17 +131,19 @@ public class FsIntegralOrderController extends BaseController
         }
         return R.ok().put("data",expressInfoDTO);
     }
+
     /**
      * 获取积分商品订单详细信息
      */
-//    @PreAuthorize("@ss.hasPermi('his:integralOrder:query')")
+    @PreAuthorize("@ss.hasPermi('his:integralOrder:query')")
     @GetMapping(value = "/{orderId}")
     public AjaxResult getInfo(@PathVariable("orderId") Long orderId)
     {
-        FsIntegralOrderPVO order = fsIntegralOrderService.selectFsIntegralOrderPVO(orderId);
-
-        order.setUserPhone(decryptAutoPhoneMk(order.getUserPhone()));
-        return AjaxResult.success(order);
+        FsIntegralOrder order = fsIntegralOrderService.selectFsIntegralOrderByOrderId(orderId);
+        checkIntegralOrderAccess(order);
+        FsIntegralOrderPVO pvo = fsIntegralOrderService.selectFsIntegralOrderPVO(orderId);
+        pvo.setUserPhone(decryptAutoPhoneMk(pvo.getUserPhone()));
+        return AjaxResult.success(pvo);
     }
 
     @GetMapping(value = "/queryPhone/{orderId}")
@@ -139,8 +151,10 @@ public class FsIntegralOrderController extends BaseController
     @PreAuthorize("@ss.hasPermi('his:integralOrder:queryPhone')")
     public R getPhone(@PathVariable("orderId") Long orderId)
     {
-        FsIntegralOrderPVO order = fsIntegralOrderService.selectFsIntegralOrderPVO(orderId);
-        String userPhone = order.getUserPhone();
+        FsIntegralOrder order = fsIntegralOrderService.selectFsIntegralOrderByOrderId(orderId);
+        checkIntegralOrderAccess(order);
+        FsIntegralOrderPVO pvo = fsIntegralOrderService.selectFsIntegralOrderPVO(orderId);
+        String userPhone = pvo.getUserPhone();
         if (userPhone.length()>11){
             userPhone = decryptPhone(userPhone);
         }
@@ -150,7 +164,6 @@ public class FsIntegralOrderController extends BaseController
     /**
      * 新增积分商品订单
      */
-//    @PreAuthorize("@ss.hasPermi('his:integralOrder:add')")
     @Log(title = "积分商品订单", businessType = BusinessType.INSERT)
     @PostMapping
     public R add(@RequestBody FsIntegralOrderCreateParam param)
@@ -161,22 +174,56 @@ public class FsIntegralOrderController extends BaseController
     /**
      * 修改积分商品订单
      */
-//    @PreAuthorize("@ss.hasPermi('his:integralOrder:edit')")
+    @PreAuthorize("@ss.hasPermi('his:integralOrder:edit')")
     @Log(title = "积分商品订单", businessType = BusinessType.UPDATE)
     @PutMapping
     public AjaxResult edit(@RequestBody FsIntegralOrder fsIntegralOrder)
     {
+        checkIntegralOrderAccess(fsIntegralOrderService.selectFsIntegralOrderByOrderId(fsIntegralOrder.getOrderId()));
         return toAjax(fsIntegralOrderService.updateFsIntegralOrder(fsIntegralOrder));
     }
 
     /**
      * 删除积分商品订单
      */
-//    @PreAuthorize("@ss.hasPermi('his:integralOrder:remove')")
     @Log(title = "积分商品订单", businessType = BusinessType.DELETE)
 	@DeleteMapping("/{orderIds}")
     public AjaxResult remove(@PathVariable Long[] orderIds)
     {
+        for (Long orderId : orderIds) {
+            checkIntegralOrderAccess(fsIntegralOrderService.selectFsIntegralOrderByOrderId(orderId));
+        }
         return toAjax(fsIntegralOrderService.deleteFsIntegralOrderByOrderIds(orderIds));
     }
+
+    private void applyCompanyDataScope(FsIntegralOrderParam param) {
+        LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
+        param.setCompanyId(loginUser.getCompany().getCompanyId());
+        if (!"00".equals(loginUser.getUser().getUserType()) && !hasRoleKey(loginUser, "finance_order_goods")) {
+            param.setCompanyUserId(loginUser.getUser().getUserId());
+        }
+    }
+
+    private void checkIntegralOrderAccess(FsIntegralOrder order) {
+        if (order == null) {
+            throw new ServiceException("订单不存在");
+        }
+        LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
+        if (!loginUser.getCompany().getCompanyId().equals(order.getCompanyId())) {
+            throw new ServiceException("非法操作");
+        }
+        if (!"00".equals(loginUser.getUser().getUserType()) && !hasRoleKey(loginUser, "finance_order_goods")) {
+            if (order.getCompanyUserId() == null || !loginUser.getUser().getUserId().equals(order.getCompanyUserId())) {
+                throw new ServiceException("非法操作");
+            }
+        }
+    }
+
+    private boolean hasRoleKey(LoginUser loginUser, String roleKey) {
+        List<CompanyRole> roles = loginUser.getUser().getRoles();
+        if (roles == null || roles.isEmpty()) {
+            return false;
+        }
+        return roles.stream().anyMatch(role -> roleKey.equals(role.getRoleKey()));
+    }
 }

fs-company/src/main/java/com/fs/hisStore/controller/FsStoreOrderScrmController.java

@@ -20,6 +20,7 @@ import com.fs.common.utils.ServletUtils;
 import com.fs.common.utils.StringUtils;
 import com.fs.common.utils.poi.ExcelUtil;
 import com.fs.company.domain.Company;
+import com.fs.company.domain.CompanyRole;
 import com.fs.company.domain.CompanyUser;
 import com.fs.company.service.ICompanyService;
 import com.fs.company.service.ICompanyUserService;
@@ -136,13 +137,13 @@ public class FsStoreOrderScrmController extends BaseController
         String configJson = configService.selectConfigByKey("his.store");
         StoreConfig storeConfig = JSONUtil.toBean(configJson, StoreConfig.class);
         if(storeConfig != null && Boolean.TRUE.equals(storeConfig.getEnableCompanyOrderMode())){
-            if(!"00".equals(loginUser.getUser().getUserType())){//非管理员看见自己数据
+            if(!"00".equals(loginUser.getUser().getUserType()) && !hasRoleKey(loginUser, "finance_order_goods")){//非管理员看见自己数据
                 param.setCompanyUserId(loginUser.getUser().getUserId());
             }
             param.setIsCompanyOrder(1);//是否销售订单
         }
-        
-        
+
+
         if(!StringUtils.isEmpty(param.getCreateTimeRange())){
             param.setCreateTimeList(param.getCreateTimeRange().split("--"));
         }
@@ -223,7 +224,7 @@ public class FsStoreOrderScrmController extends BaseController
         String configJson = configService.selectConfigByKey("his.store");
         StoreConfig storeConfig = JSONUtil.toBean(configJson, StoreConfig.class);
         if(storeConfig != null && Boolean.TRUE.equals(storeConfig.getEnableCompanyOrderMode())){
-            if(!"00".equals(loginUser.getUser().getUserType())){//非管理员看见自己数据
+            if(!"00".equals(loginUser.getUser().getUserType()) && !hasRoleKey(loginUser, "finance_order_goods")){//非管理员看见自己数据
                 param.setCompanyUserId(loginUser.getUser().getUserId());
             }
             param.setIsCompanyOrder(1);//是否销售订单
@@ -551,7 +552,7 @@ public class FsStoreOrderScrmController extends BaseController
         String configJson = configService.selectConfigByKey("his.store");
         StoreConfig storeConfig = JSONUtil.toBean(configJson, StoreConfig.class);
         if(storeConfig != null && Boolean.TRUE.equals(storeConfig.getEnableCompanyOrderMode())){
-            if(!"00".equals(loginUser.getUser().getUserType())){//非管理员看见自己数据
+            if(!"00".equals(loginUser.getUser().getUserType()) && !hasRoleKey(loginUser, "finance_order_goods")){//非管理员看见自己数据
                 param.setCompanyUserId(loginUser.getUser().getUserId());
             }
             param.setIsCompanyOrder(1);//是否销售订单
@@ -691,4 +692,12 @@ public class FsStoreOrderScrmController extends BaseController
         BeanUtils.copyProperties(fsStoreOrderPayDeliveryDTO, fsStoreOrderScrm);
         return toAjax(fsStoreOrderService.updateFsStoreOrder(fsStoreOrderScrm));
     }
+
+    private boolean hasRoleKey(LoginUser loginUser, String roleKey) {
+        List<CompanyRole> roles = loginUser.getUser().getRoles();
+        if (roles == null || roles.isEmpty()) {
+            return false;
+        }
+        return roles.stream().anyMatch(role -> roleKey.equals(role.getRoleKey()));
+    }
 }

fs-service/src/main/java/com/fs/im/service/impl/OpenIMServiceImpl.java

@@ -1589,7 +1589,10 @@ public class OpenIMServiceImpl implements OpenIMService {
     }
 
     public void batchInsertWatchLogs(BatchSendCourseDTO batchSendCourseDTO, List<OpenImBatchResponseDataDTO.Results> results, Long project, List<FsImMsgSendDetail> imMsgSendDetailList) {
-        Map<Long, FsImMsgSendDetail> map = imMsgSendDetailList.stream().collect(Collectors.toMap(FsImMsgSendDetail::getUserId, v -> v));
+        Map<Long, FsImMsgSendDetail> map = imMsgSendDetailList.stream().collect(Collectors.toMap(
+                FsImMsgSendDetail::getUserId,
+                v -> v,
+                (exist, replace) -> replace));
         List<FsCourseWatchLog> watchLogsInsertList = new LinkedList<>();
         for (OpenImBatchResponseDataDTO.Results result : results) {
             FsCourseWatchLog fsCourseWatchLog = new FsCourseWatchLog();
@@ -1601,7 +1604,12 @@ public class OpenIMServiceImpl implements OpenIMService {
             fsCourseWatchLog.setCreateTime(new Date(result.getSendTime()));
             fsCourseWatchLog.setLogType(3);
             fsCourseWatchLog.setProject(project);
-            fsCourseWatchLog.setImMsgSendDetailId(map.get(Long.parseLong(userId)).getLogDetailId());
+            FsImMsgSendDetail imMsgSendDetail = map.get(Long.parseLong(userId));
+            if (imMsgSendDetail == null) {
+                log.warn("batchInsertWatchLogs 未找到用户发送详情, userId={}", userId);
+                continue;
+            }
+            fsCourseWatchLog.setImMsgSendDetailId(imMsgSendDetail.getLogDetailId());
             fsCourseWatchLog.setWatchType(1); // app
             fsCourseWatchLog.setLinkId(batchSendCourseDTO.getLinkId());
             watchLogsInsertList.add(fsCourseWatchLog);

fs-user-app/src/main/java/com/fs/app/controller/StoreOrderController.java

@@ -213,7 +213,7 @@ public class StoreOrderController extends  AppBaseController {
     @PostMapping("/syncExpress")
     public void syncExpress(@Validated @RequestBody FsStoreOrderExpressParam param, HttpServletRequest request){
         FsStoreOrderScrm order=orderScrmService.selectFsStoreOrderByOrderId(param.getOrderId());
-        if (order == null || order.getDeliverySn() == null || !order.getDeliverySn().equals("") || order.getDeliveryId() == null || !order.getDeliveryId().equals("")) {
+        if (order == null || order.getDeliverySn() == null || order.getDeliverySn().isEmpty() || order.getDeliveryId() == null || order.getDeliveryId().isEmpty()) {
             return;
         }
         FsStoreOrderExpressEditParam editParam = new FsStoreOrderExpressEditParam();