1、直播定时处理下

fs-admin/src/main/java/com/fs/his/controller/FsInquiryOrderController.java

@@ -54,6 +54,7 @@ public class FsInquiryOrderController extends BaseController
     /**
      * 查询问诊订单列表
      */
+    @PreAuthorize("@ss.hasPermi('his:inquiryOrder:list')")
     @GetMapping("/list")
    public TableDataInfo list(FsInquiryOrderParam fsInquiryOrder)
     {
@@ -78,9 +79,6 @@ public class FsInquiryOrderController extends BaseController
         if(!StringUtils.isEmpty(fsInquiryOrder.getPayTimeRange())){
             fsInquiryOrder.setPayTimeList(fsInquiryOrder.getPayTimeRange().split("--"));
         }
-        if (getUserId().equals(54L)||getUserId().equals(211L)){
-            fsInquiryOrder.setCompanyId(188L);
-        }
         List<FsInquiryOrderListVO> list = fsInquiryOrderService.selectFsInquiryOrderVOList(fsInquiryOrder);
         return getDataTable(list);
     }
@@ -197,6 +195,9 @@ public class FsInquiryOrderController extends BaseController
     public AjaxResult getInfo(@PathVariable("orderId") Long orderId)
     {
         FsInquiryOrderVO fsInquiryOrderVO = fsInquiryOrderService.selectFsInquiryOrderVOByOrderId(orderId);
+        if (fsInquiryOrderVO == null) {
+            return AjaxResult.error("订单不存在");
+        }
         String patientJson = fsInquiryOrderVO.getPatientJson();
         if (patientJson!=null&&patientJson!=""){
             Map<String,String> parse = (Map<String,String>) JSON.parse(patientJson);
@@ -288,6 +289,7 @@ public class FsInquiryOrderController extends BaseController
 
 
 
+    @PreAuthorize("@ss.hasPermi('his:inquiryOrder:query')")
     @GetMapping("/msgList")
     public TableDataInfo msgList(Long orderId)
     {
@@ -300,6 +302,7 @@ public class FsInquiryOrderController extends BaseController
     /**
      * 查询订单log列表
      */
+    @PreAuthorize("@ss.hasPermi('his:inquiryOrder:query')")
     @GetMapping("/logList/{orderId}")
     public TableDataInfo logList(@PathVariable("orderId") String orderId)
     {

fs-admin/src/main/java/com/fs/his/controller/FsStoreOrderController.java

@@ -136,6 +136,7 @@ public class FsStoreOrderController extends BaseController
     /**
      * 查询订单列表
      */
+    @PreAuthorize("@ss.hasPermi('his:storeOrder:list')")
     @PostMapping("/list")
     public FsStoreOrderListAndStatisticsVo list(@RequestBody FsStoreOrderParam fsStoreOrder)
     {
@@ -396,9 +397,13 @@ public class FsStoreOrderController extends BaseController
     /**
      * 获取订单详细信息
      */
+    @PreAuthorize("@ss.hasPermi('his:storeOrder:query')")
     @GetMapping(value = "/{orderId}")
     public R getInfo(@PathVariable("orderId") Long orderId) throws ParseException {
         FsStoreOrderVO order = fsStoreOrderService.selectFsStoreOrderByOrderIdVO(orderId);
+        if (order == null) {
+            return R.error("订单不存在");
+        }
         if (order.getPhone() != null && order.getPhone().length() > 11) {
             order.setPhone(decryptPhoneMk(order.getPhone()));
         } else {

fs-admin/src/main/java/com/fs/his/controller/FsUserController.java

@@ -249,6 +249,7 @@ public class FsUserController extends BaseController
     /**
      * 获取用户详细信息
      */
+    @PreAuthorize("@ss.hasPermi('his:user:query')")
     @GetMapping(value = "/{userId}")
     public AjaxResult getInfo(@PathVariable("userId") Long userId)
     {
@@ -257,6 +258,7 @@ public class FsUserController extends BaseController
         return AjaxResult.success(fsUser);
     }
 
+    @PreAuthorize("@ss.hasPermi('his:user:query')")
     @GetMapping(value = "/getUserAddr/{userId}")
     public AjaxResult getUserAddr(@PathVariable("userId") Long userId)
     {
@@ -334,6 +336,7 @@ public class FsUserController extends BaseController
         return getDataTable(list);
     }
 
+    @PreAuthorize("@ss.hasPermi('his:user:list')")
     @GetMapping("/listBySearch")
     public R listBySearch(FsUser user)
     {

fs-admin/src/main/java/com/fs/hisStore/controller/FsStoreOrderScrmController.java

@@ -970,6 +970,7 @@ public class FsStoreOrderScrmController extends BaseController {
      * @param phoneList
      * @return
      */
+    @PreAuthorize("@ss.hasPermi('store:storeOrder:erpphone')")
     @PostMapping(value = "/saveErpPhone")
     public AjaxResult saveErpPhone(@RequestBody List<String> phoneList)
     {
@@ -983,7 +984,7 @@ public class FsStoreOrderScrmController extends BaseController {
     /**
      * 批量设置erp手机号
      */
-    @PreAuthorize("@ss.hasPermi('his:storeOrder:createErpOrder')")
+    @PreAuthorize("@ss.hasPermi('store:storeOrder:erpphone')")
     @Log(title = "订单", businessType = BusinessType.UPDATE)
     @PostMapping("/editErpPhone")
     public AjaxResult editErpPhone(@RequestBody FsStoreOrderScrmSetErpPhoneParam param)
@@ -1012,7 +1013,7 @@ public class FsStoreOrderScrmController extends BaseController {
 
     @Log(title = "手动推管易", businessType = BusinessType.INSERT)
     @ApiOperation("批量创建ERP订单")
-    @PreAuthorize("@ss.hasPermi('his:storeOrder:createErpOrder')")
+    @PreAuthorize("@ss.hasPermi('store:storeOrder:createErpOrder')")
     @PostMapping(value = "/batchCreateErpOrder")
     public R batchCreateErpOrder(@RequestBody FsStoreOrderScrmSetErpPhoneParam param)
     {

fs-admin/src/main/java/com/fs/live/controller/LiveHealthOrderController.java

@@ -34,7 +34,7 @@ import org.springframework.web.multipart.MultipartFile;
 import java.math.BigDecimal;
 import java.util.*;
 
-/**`
+/**
  * 订单Controller
  *
  * @author fs

fs-admin/src/main/java/com/fs/live/controller/LiveWatchConfigController.java

@@ -11,6 +11,7 @@ import com.fs.framework.web.service.TokenService;
 import com.fs.live.domain.LiveWatchConfig;
 import com.fs.live.service.ILiveWatchConfigService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
@@ -33,7 +34,7 @@ public class LiveWatchConfigController extends BaseController
     /**
      * 查询直播观看奖励设置列表
      */
-//    @PreAuthorize("@ss.hasPermi('live:config:list')")
+    @PreAuthorize("@ss.hasPermi('live:config:list')")
     @GetMapping("/list")
     public TableDataInfo list(LiveWatchConfig liveWatchConfig)
     {
@@ -45,7 +46,7 @@ public class LiveWatchConfigController extends BaseController
     /**
      * 导出直播观看奖励设置列表
      */
-//    @PreAuthorize("@ss.hasPermi('live:config:export')")
+    @PreAuthorize("@ss.hasPermi('live:config:export')")
     @Log(title = "直播观看奖励设置", businessType = BusinessType.EXPORT)
     @GetMapping("/export")
     public AjaxResult export(LiveWatchConfig liveWatchConfig)
@@ -58,7 +59,7 @@ public class LiveWatchConfigController extends BaseController
     /**
      * 获取直播观看奖励设置详细信息
      */
-//    @PreAuthorize("@ss.hasPermi('live:config:query')")
+    @PreAuthorize("@ss.hasPermi('live:config:query')")
     @GetMapping(value = "/{id}")
     public AjaxResult getInfo(@PathVariable("id") Long id)
     {
@@ -68,7 +69,7 @@ public class LiveWatchConfigController extends BaseController
     /**
      * 新增直播观看奖励设置
      */
-//    @PreAuthorize("@ss.hasPermi('live:config:add')")
+    @PreAuthorize("@ss.hasPermi('live:config:add')")
     @Log(title = "直播观看奖励设置", businessType = BusinessType.INSERT)
     @PostMapping
     public AjaxResult add(@RequestBody String jsonConfig,@RequestParam(value = "liveId") Long liveId)
@@ -80,7 +81,7 @@ public class LiveWatchConfigController extends BaseController
     /**
      * 修改直播观看奖励设置
      */
-//    @PreAuthorize("@ss.hasPermi('live:config:edit')")
+    @PreAuthorize("@ss.hasPermi('live:config:edit')")
     @Log(title = "直播观看奖励设置", businessType = BusinessType.UPDATE)
     @PutMapping
     public AjaxResult edit(@RequestBody String jsonConfig,@RequestParam(value = "liveId") Long liveId)
@@ -91,7 +92,7 @@ public class LiveWatchConfigController extends BaseController
     /**
      * 删除直播观看奖励设置
      */
-//    @PreAuthorize("@ss.hasPermi('live:config:remove')")
+    @PreAuthorize("@ss.hasPermi('live:config:remove')")
     @Log(title = "直播观看奖励设置", businessType = BusinessType.DELETE)
 	@DeleteMapping("/{ids}")
     public AjaxResult remove(@PathVariable Long[] ids)

fs-common/src/main/java/com/fs/common/utils/OwnershipAssert.java

@@ -0,0 +1,30 @@
+package com.fs.common.utils;
+
+/**
+ * ×ÊÔ´¹éÊôУÑ鹤¾ß
+ */
+public final class OwnershipAssert {
+
+    private OwnershipAssert() {
+    }
+
+    public static boolean isSameUser(Long resourceUserId, Long currentUserId) {
+        return resourceUserId != null && currentUserId != null && resourceUserId.equals(currentUserId);
+    }
+
+    public static boolean isSameCompany(Long resourceCompanyId, Long currentCompanyId) {
+        if (currentCompanyId == null) {
+            return true;
+        }
+        return resourceCompanyId != null && resourceCompanyId.equals(currentCompanyId);
+    }
+
+    public static boolean isSameDoctor(Long resourceDoctorId, Long currentDoctorId) {
+        return resourceDoctorId != null && currentDoctorId != null && resourceDoctorId.equals(currentDoctorId);
+    }
+
+    public static boolean isSameCompanyUser(Long resourceCompanyUserId, Long currentCompanyUserId) {
+        return resourceCompanyUserId != null && currentCompanyUserId != null
+                && resourceCompanyUserId.equals(currentCompanyUserId);
+    }
+}

fs-company/src/main/java/com/fs/company/controller/store/FsUserController.java

@@ -89,9 +89,12 @@ public class FsUserController extends BaseController
         }
         return getDataTable(list);
     }
+    @PreAuthorize("@ss.hasPermi('his:user:list')")
     @GetMapping("/getUserList")
     public R getUserList( FsUser fsUser)
     {
+        LoginUser loginUser = SecurityUtils.getLoginUser();
+        fsUser.setCompanyId(loginUser.getCompany().getCompanyId());
         fsUser.setIsDel(0);
         List<FsUser> list=fsUserService.selectFsUserList(fsUser);
         if(list.isEmpty()){
@@ -109,7 +112,8 @@ public class FsUserController extends BaseController
     public TableDataInfo userList(FsUserParam fsUser)
     {
         startPage();
-
+        LoginUser loginUser = SecurityUtils.getLoginUser();
+        fsUser.setCompanyId(loginUser.getCompany().getCompanyId());
 
         fsUser.setPhone(encryptPhone(fsUser.getPhone()));
 

fs-company/src/main/java/com/fs/framework/config/SecurityConfig.java

@@ -100,7 +100,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
                 // 过滤请求
                 .authorizeRequests()
                 // 对于登录login 注册register 验证码captchaImage 允许匿名访问
-                .antMatchers("/chat/upload/**","/login", "/register", "/captchaImage","/checkIsNeedCheck","/getWechatQrCode","/checkWechatScan","/callback").anonymous()
+                .antMatchers("/login", "/register", "/captchaImage","/checkIsNeedCheck","/getWechatQrCode","/checkWechatScan","/callback").anonymous()
                 .antMatchers(
                         HttpMethod.GET,
                         "/",
@@ -110,29 +110,12 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
                         "/**/*.js",
                         "/profile/**"
                 ).permitAll()
-                .antMatchers("/test").anonymous()
                 .antMatchers("**/callerResult").anonymous()
                 .antMatchers("/qw/getJsapiTicket/**").anonymous()
                 .antMatchers("/msg/**").anonymous()
                 .antMatchers("/baiduBack/**").anonymous()
-                .antMatchers("/msg/**/**").anonymous()
-                .antMatchers("/msg").anonymous()
-                .antMatchers("/common/getId**").anonymous()
-                .antMatchers("/common/uploadOSS**").anonymous()
-                .antMatchers("/company/user/common/uploadOSS").anonymous()
                 .antMatchers("/pay/wxPay/payNotify**").anonymous()
-                .antMatchers("/common/uploadWang**").anonymous()
-                .antMatchers("/common/download**").anonymous()
-                .antMatchers("/common/test").anonymous()
-                .antMatchers("/common/download/resource**").anonymous()
-                .antMatchers("/swagger-ui.html").anonymous()
-                .antMatchers("/swagger-resources/**").anonymous()
-                .antMatchers("/webjars/**").anonymous()
-                .antMatchers("/*/api-docs").anonymous()
-                .antMatchers("/druid/**").anonymous()
                 .antMatchers("/qw/data/**").anonymous()
-                .antMatchers("/qw/user/selectCloudByCompany").anonymous()
-                .antMatchers("/live/LiveMixLiuTestOpen/**").anonymous()
                 .antMatchers("/app/common/callbackAfterSendSingleMsgCommand").anonymous()
                 // 除上面外的所有请求全部需要鉴权认证
                 .anyRequest().authenticated()

fs-company/src/main/java/com/fs/hisStore/controller/FsStoreOrderScrmController.java

@@ -11,6 +11,7 @@ import com.fs.common.core.domain.AjaxResult;
 import com.fs.common.core.domain.R;
 import com.fs.common.core.page.TableDataInfo;
 import com.fs.common.enums.BusinessType;
+import com.fs.common.utils.OwnershipAssert;
 import com.fs.common.utils.ParseUtils;
 import com.fs.common.utils.ServletUtils;
 import com.fs.common.utils.StringUtils;
@@ -107,9 +108,12 @@ public class FsStoreOrderScrmController extends BaseController
     }
 
 
+    @PreAuthorize("@ss.hasPermi('store:storeOrder:list')")
     @GetMapping("/allList")
     public TableDataInfo allList(FsStoreOrderParam param)
     {
+        LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
+        param.setCompanyId(loginUser.getCompany().getCompanyId());
         startPage();
         if(!StringUtils.isEmpty(param.getCreateTimeRange())){
             param.setCreateTimeList(param.getCreateTimeRange().split("--"));
@@ -216,6 +220,13 @@ public class FsStoreOrderScrmController extends BaseController
     public R getInfo(@PathVariable("id") Long id)
     {
         FsStoreOrderScrm order=fsStoreOrderService.selectFsStoreOrderById(id);
+        if (order == null) {
+            return R.error("订单不存在");
+        }
+        LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
+        if (!OwnershipAssert.isSameCompany(order.getCompanyId(), loginUser.getCompany().getCompanyId())) {
+            return R.error("无权访问");
+        }
         order.setUserPhone(ParseUtils.parsePhone(order.getUserPhone()));
         order.setUserAddress(ParseUtils.parseAddress(order.getUserAddress()));
         FsUser user=userService.selectFsUserById(order.getUserId());

fs-doctor-app/src/main/java/com/fs/app/config/WebMvcConfig.java

@@ -19,7 +19,8 @@ public class WebMvcConfig implements WebMvcConfigurer {
 
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
-        registry.addInterceptor(authorizationInterceptor).addPathPatterns("/app/**");
+        registry.addInterceptor(authorizationInterceptor)
+                .addPathPatterns("/app/**", "/user/**");
     }
 //
 //    @Override

fs-doctor-app/src/main/java/com/fs/app/controller/FsUserInformationCollectionController.java

@@ -1,6 +1,8 @@
 package com.fs.app.controller;
 
+import com.fs.app.annotation.Login;
 import com.fs.common.core.domain.R;
+import com.fs.common.utils.OwnershipAssert;
 import com.fs.his.domain.FsUserInformationCollection;
 import com.fs.his.param.UserInformationDoctorType2Param;
 import com.fs.his.service.IFsUserInformationCollectionService;
@@ -16,17 +18,36 @@ import java.util.List;
 public class FsUserInformationCollectionController extends  AppBaseController {
     @Autowired
     private IFsUserInformationCollectionService fsUserInformationCollectionService;
+
+    @Login
     @GetMapping("/getUserInformation")
     public R getUserInformation(@RequestParam("id") Long id) {
-
+        FsUserInformationCollection collection = fsUserInformationCollectionService.selectFsUserInformationCollectionById(id);
+        if (collection == null) {
+            return R.error("记录不存在");
+        }
+        Long doctorId = Long.parseLong(getDoctorId());
+        if (!OwnershipAssert.isSameDoctor(collection.getDoctorId(), doctorId)
+                && !OwnershipAssert.isSameDoctor(collection.getDoctorType2Id(), doctorId)) {
+            return R.error("无权查看该记录");
+        }
         return R.ok().put("data", fsUserInformationCollectionService.selectFsUserInformationCollectionVoById(id));
     }
-    //医生确认
+
+    @Login
     @PostMapping("/doctorConfirm")
     public R doctorConfirm(@RequestBody FsUserInformationCollection collection){
+        FsUserInformationCollection existing = fsUserInformationCollectionService.selectFsUserInformationCollectionById(collection.getId());
+        if (existing == null) {
+            return R.error("记录不存在");
+        }
+        if (!OwnershipAssert.isSameDoctor(existing.getDoctorId(), Long.parseLong(getDoctorId()))) {
+            return R.error("无权确认该记录");
+        }
         return fsUserInformationCollectionService.doctorConfirm(collection);
     }
 
+    @Login
     @GetMapping("/getCollectionList")
     private R getCollectionList(UserInformationDoctorType2Param userInformationDoctorType2Param) {
 
@@ -47,9 +68,16 @@ public class FsUserInformationCollectionController extends  AppBaseController {
     }
 
 
-    //药师确认
+    @Login
     @PostMapping("/doctorType2Confirm")
     public R doctorType2Confirm(@RequestBody FsUserInformationCollection collection){
+        FsUserInformationCollection existing = fsUserInformationCollectionService.selectFsUserInformationCollectionById(collection.getId());
+        if (existing == null) {
+            return R.error("记录不存在");
+        }
+        if (!OwnershipAssert.isSameDoctor(existing.getDoctorType2Id(), Long.parseLong(getDoctorId()))) {
+            return R.error("无权确认该记录");
+        }
         return fsUserInformationCollectionService.doctorType2Confirm(collection);
     }
 }

fs-doctor-app/src/main/java/com/fs/app/controller/InquiryOrderController.java

@@ -11,6 +11,7 @@ import com.fs.common.annotation.Log;
 import com.fs.common.core.domain.R;
 import com.fs.common.enums.BusinessType;
 import com.fs.common.enums.ImTypeEnum;
+import com.fs.common.utils.OwnershipAssert;
 import com.fs.common.utils.SecurityUtils;
 import com.fs.common.utils.StringUtils;
 import com.fs.company.service.ICompanyService;
@@ -225,9 +226,17 @@ public class InquiryOrderController extends  AppBaseController {
 
 
 
+    @Login
     @PutMapping("/updateRemark")
     public R edit(@RequestBody FsInquiryOrder fsInquiryOrder)
     {
+        FsInquiryOrder order = inquiryOrderService.selectFsInquiryOrderByOrderId(fsInquiryOrder.getOrderId());
+        if (order == null) {
+            return R.error("订单不存在");
+        }
+        if (!OwnershipAssert.isSameDoctor(order.getDoctorId(), Long.parseLong(getDoctorId()))) {
+            return R.error("无权操作该订单");
+        }
         FsInquiryOrder o = new FsInquiryOrder();
         o.setOrderId(fsInquiryOrder.getOrderId());
         o.setDoctorRemark(fsInquiryOrder.getDoctorRemark());
@@ -343,9 +352,21 @@ public class InquiryOrderController extends  AppBaseController {
         return R.ok("操作成功");
     }
 
+    @Login
     @GetMapping("/getInquiryOrderMsgList")
     public R getInquiryOrderMsgList(FsInquiryOrderMsgListDParam param)
     {
+        if (param.getOrderId() == null) {
+            return R.error("订单ID不能为空");
+        }
+        FsInquiryOrder order = inquiryOrderService.selectFsInquiryOrderByOrderId(param.getOrderId());
+        if (order == null) {
+            return R.error("订单不存在");
+        }
+        if (!OwnershipAssert.isSameDoctor(order.getDoctorId(), Long.parseLong(getDoctorId()))) {
+            return R.error("无权查看该订单消息");
+        }
+        param.setDoctorId(Long.parseLong(getDoctorId()));
         PageHelper.startPage(param.getPageNum(), param.getPageSize());
         List<FsInquiryOrderMsgListDVO> list = inquiryOrderMsgService.selectFsInquiryOrderMsgListDVO(param);
         PageInfo<FsInquiryOrderMsgListDVO> listPageInfo=new PageInfo<>(list);
@@ -353,11 +374,18 @@ public class InquiryOrderController extends  AppBaseController {
     }
 
 
+    @Login
     @GetMapping(value = "/queryPhone/{orderId}")
     @Log(title = "查看电话", businessType = BusinessType.GRANT)
     public R getPhone(@PathVariable("orderId") Long orderId)
     {
         FsInquiryOrder fsInquiryOrder = inquiryOrderService.selectFsInquiryOrderByOrderId(orderId);
+        if (fsInquiryOrder == null) {
+            return R.error("订单不存在");
+        }
+        if (!OwnershipAssert.isSameDoctor(fsInquiryOrder.getDoctorId(), Long.parseLong(getDoctorId()))) {
+            return R.error("无权查看该订单电话");
+        }
         String patientJson = fsInquiryOrder.getPatientJson();
         if (patientJson != null&&!"".equals(patientJson)) {
             FsInquiryOrderPatientDTO fsInquiryOrderPatientDTO = JSON.parseObject(patientJson, FsInquiryOrderPatientDTO.class);
@@ -371,8 +399,16 @@ public class InquiryOrderController extends  AppBaseController {
         return R.ok().put("data","");
     }
 
+    @Login
     @PostMapping("/closeOrder")
     public R closeOrder(@RequestBody Long orderId){
+        FsInquiryOrder order = inquiryOrderService.selectFsInquiryOrderByOrderId(orderId);
+        if (order == null) {
+            return R.error("订单不存在");
+        }
+        if (!OwnershipAssert.isSameDoctor(order.getDoctorId(), Long.parseLong(getDoctorId()))) {
+            return R.error("无权关闭该订单");
+        }
         inquiryOrderService.closeOrder(orderId);
         logger.info("closeOrder: {}", orderId);
         return R.ok();

fs-framework/src/main/java/com/fs/framework/config/SecurityConfig.java

@@ -98,7 +98,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
                 .authorizeRequests()
                 // 对于登录login 注册register 验证码captchaImage 允许匿名访问
                 .antMatchers("/login", "/register", "/captchaImage","/getWechatQrCode","/checkWechatScan","/callback","/checkIsNeedCheck","/api/open/kntAiExpress").anonymous()
-                .antMatchers("/app/common/test").anonymous()
                 .antMatchers("/ad/adDyApi/authorized").anonymous()
                 .antMatchers(
                         HttpMethod.GET,
@@ -111,15 +110,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
                 ).permitAll()
                 .antMatchers("/baidu/**").anonymous()
                 .antMatchers("/baiduBack/**").anonymous()
-                .antMatchers("/test/gtp/*").anonymous()
-                .antMatchers("common/getTask/*").anonymous()
-                .antMatchers("//his/data/endFollow/*").anonymous()
-                .antMatchers("//his/data/end/*").anonymous()
-                .antMatchers("//his/data/addCF/*").anonymous()
-                .antMatchers("//his/data/addCom/*").anonymous()
-                .antMatchers("//his/data/testSendSub/*").anonymous()
-                .antMatchers("//his/data/test/*").anonymous()
-                .antMatchers("//his/data/Follow/*").anonymous()
                 .antMatchers("/company/companyVoiceRobotic/callerResult").anonymous()
                 .antMatchers("/qw/data/*").anonymous()
                 .antMatchers("/app/common/expressNotify").anonymous()
@@ -131,18 +121,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
                 .antMatchers("/huFu/*").anonymous()
                 .antMatchers("/tzPay/*").anonymous()
                 .antMatchers("//his/pay/*").anonymous()
-                .antMatchers("/common/getId**").anonymous()
-                .antMatchers("/common/uploadOSS**").anonymous()
-                .antMatchers("/chat/upload/uploadFile**").anonymous()
-                .antMatchers("/common/uploadWang**").anonymous()
-                .antMatchers("/common/download**").anonymous()
-                .antMatchers("/common/download/resource**").anonymous()
-                .antMatchers("/common/unbindQwUserByServerIds").anonymous()
-                .antMatchers("/swagger-ui.html").anonymous()
-                .antMatchers("/swagger-resources/**").anonymous()
-                .antMatchers("/webjars/**").anonymous()
-                .antMatchers("/*/api-docs").anonymous()
-                .antMatchers("/druid/**").anonymous()
                 .antMatchers("/course/userVideo/videoTranscode").anonymous()
                 .antMatchers("/erp/call/**").anonymous()
                 // 除上面外的所有请求全部需要鉴权认证

fs-live-app/src/main/java/com/fs/live/controller/LiveRewardTaskController.java

@@ -0,0 +1,49 @@
+package com.fs.live.controller;
+
+import com.fs.common.core.domain.R;
+import com.fs.live.param.LiveCompletionCouponTriggerParam;
+import com.fs.live.param.LiveWatchRewardCouponTriggerParam;
+import com.fs.live.task.LiveCompletionPointsTask;
+import com.fs.live.task.Task;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import lombok.AllArgsConstructor;
+import org.springframework.web.bind.annotation.*;
+
+/**
+ * 直播奖励定时任务手动触发接口（测试/补发）
+ */
+@Api("直播奖励任务手动触发")
+@RestController
+@AllArgsConstructor
+@RequestMapping("/ws/app/live/reward/task")
+public class LiveRewardTaskController {
+
+    private final LiveCompletionPointsTask liveCompletionPointsTask;
+    private final Task liveTask;
+
+    /**
+     * 手动触发完课优惠券「今日问题」弹窗（等同 checkCompletionCouponStatus 单用户逻辑，强制 WebSocket 推送）
+     */
+    @ApiOperation("手动触发完课优惠券今日问题弹窗")
+    @GetMapping("/triggerCompletionCoupon")
+    public R triggerCompletionCoupon(LiveCompletionCouponTriggerParam param) {
+        if (param == null || param.getLiveId() == null || param.getUserId() == null) {
+            return R.error("liveId、userId 不能为空");
+        }
+        return liveCompletionPointsTask.triggerCompletionCouponQuestion(
+                param.getLiveId(), param.getUserId(), param.getWatchDuration());
+    }
+
+    /**
+     * 手动触发观看奖励优惠券发放（等同 autoUpdateWatchReward 优惠券分支单用户逻辑）
+     */
+    @ApiOperation("手动触发观看奖励优惠券发放")
+    @GetMapping("/triggerWatchRewardCoupon")
+    public R triggerWatchRewardCoupon(LiveWatchRewardCouponTriggerParam param) {
+        if (param == null || param.getLiveId() == null || param.getUserId() == null) {
+            return R.error("liveId、userId 不能为空");
+        }
+        return liveTask.triggerWatchRewardCoupon(param.getLiveId(), param.getUserId(), param.getCouponId());
+    }
+}

fs-live-app/src/main/java/com/fs/live/param/LiveCompletionCouponTriggerParam.java

@@ -0,0 +1,23 @@
+package com.fs.live.param;
+
+import lombok.Data;
+
+import java.io.Serializable;
+
+/**
+ * 手动触发完课优惠券「今日问题」弹窗参数
+ */
+@Data
+public class LiveCompletionCouponTriggerParam implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    /** 直播间ID */
+    private Long liveId;
+
+    /** 用户ID */
+    private Long userId;
+
+    /** 观看时长（秒），不传则按数据库累计观看时长校验 */
+    private Long watchDuration;
+}

fs-live-app/src/main/java/com/fs/live/param/LiveWatchRewardCouponTriggerParam.java

@@ -0,0 +1,23 @@
+package com.fs.live.param;
+
+import lombok.Data;
+
+import java.io.Serializable;
+
+/**
+ * 手动触发观看奖励优惠券发放参数
+ */
+@Data
+public class LiveWatchRewardCouponTriggerParam implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    /** 直播间ID */
+    private Long liveId;
+
+    /** 用户ID */
+    private Long userId;
+
+    /** 优惠券ID，不传则读取直播间观看奖励配置中的 actionCouponId */
+    private Long couponId;
+}

fs-live-app/src/main/java/com/fs/live/task/LiveCompletionPointsTask.java

@@ -1,6 +1,7 @@
 package com.fs.live.task;
 
 import com.alibaba.fastjson.JSONObject;
+import com.fs.common.core.domain.R;
 import com.fs.common.core.redis.RedisCache;
 import com.fs.live.domain.Live;
 import com.fs.live.service.ILiveCompletionCouponService;
@@ -93,13 +94,36 @@ public class LiveCompletionPointsTask {
         }
     }
 
+    /**
+     * 手动触发完课优惠券「今日问题」弹窗（单用户，供接口调用）
+     */
+    public R triggerCompletionCouponQuestion(Long liveId, Long userId, Long watchDuration) {
+        try {
+            LiveCompletionCouponNotifyResult notifyResult =
+                    completionCouponService.prepareCompletionCouponNotify(liveId, userId, watchDuration, true);
+            if (notifyResult == null || !notifyResult.isShouldNotify()) {
+                return R.ok("当前无需推送弹窗").put("data", notifyResult);
+            }
+            boolean pushed = pushCompletionCouponQuestion(liveId, userId, notifyResult);
+            if (pushed) {
+                completionCouponService.markCompletionCouponNotified(liveId, userId);
+            }
+            return pushed
+                    ? R.ok("今日问题弹窗 WebSocket 推送成功").put("data", notifyResult).put("pushed", true)
+                    : R.error("用户未在线，WebSocket 推送失败").put("data", notifyResult).put("pushed", false);
+        } catch (Exception e) {
+            log.error("手动触发完课优惠券弹窗失败, liveId={}, userId={}", liveId, userId, e);
+            return R.error("触发失败：" + e.getMessage());
+        }
+    }
+
     private boolean pushCompletionCouponQuestion(Long liveId, Long userId, LiveCompletionCouponNotifyResult notifyResult) {
         SendMsgVo sendMsgVo = new SendMsgVo();
         sendMsgVo.setLiveId(liveId);
         sendMsgVo.setUserId(userId);
         sendMsgVo.setCmd("completionCouponQuestion");
         sendMsgVo.setMsg("今日问题");
-        sendMsgVo.setData(JSONObject.toJSONString(notifyResult.getQuestions()));
+        sendMsgVo.setData(JSONObject.toJSONString(notifyResult));
         boolean pushed = webSocketServer.sendCompletionCouponQuestionMessage(liveId, userId, sendMsgVo);
         if (pushed) {
             log.info("[完课优惠券] 推送今日问题弹窗, liveId={}, userId={}", liveId, userId);

fs-live-app/src/main/java/com/fs/live/task/Task.java

@@ -504,15 +504,15 @@ public class Task {
                 return;
             }
 
-            // 查询优惠券领取信息
-            LiveCouponIssue couponIssue = liveCouponIssueService.selectLiveCouponIssueByCouponId(couponId);
+            // 查询当前直播间关联的优惠券领取信息
+            LiveCouponIssue couponIssue = liveCouponIssueService.selectIssueByLiveIdAndCouponId(live.getLiveId(), couponId);
             if (couponIssue == null) {
-                log.error("优惠券领取信息不存在，couponId={}", couponId);
+                log.error("优惠券领取信息不存在或未关联到直播间，liveId={}, couponId={}", live.getLiveId(), couponId);
                 return;
             }
 
             // 检查优惠券状态
-            if (couponIssue.getStatus() == null || couponIssue.getStatus() != 1) {
+            if ((couponIssue.getStatus() == null || couponIssue.getStatus() != 1)&&couponIssue.getCouponType()!=3) {
                 log.error("优惠券状态不正常，couponId={}, status={}", couponId, couponIssue.getStatus());
                 return;
             }
@@ -522,16 +522,6 @@ public class Task {
 
             for (Long userId : userIds) {
                 try {
-                    // 检查用户是否已领取过该优惠券
-                    LiveCouponUser query = new LiveCouponUser();
-                    query.setCouponId(couponId);
-                    query.setUserId(userId.intValue());
-                    List<LiveCouponUser> existingList = liveCouponUserService.selectLiveCouponUserList(query);
-                    if (existingList != null && !existingList.isEmpty()) {
-                        log.info("用户已领取过该优惠券，跳过，userId={}, couponId={}", userId, couponId);
-                        continue;
-                    }
-
                     // 创建用户优惠券记录
                     LiveCouponUser couponUser = new LiveCouponUser();
                     couponUser.setCouponId(couponId);
@@ -580,6 +570,48 @@ public class Task {
         }
     }
 
+    /**
+     * 手动触发观看奖励优惠券发放（单用户，供接口调用）
+     *
+     * @param liveId   直播间ID
+     * @param userId   用户ID
+     * @param couponId 优惠券ID，为空时从直播间观看奖励配置读取
+     */
+    public R triggerWatchRewardCoupon(Long liveId, Long userId, Long couponId) {
+        try {
+            Live live = liveService.selectLiveByLiveId(liveId);
+            if (live == null) {
+                return R.error("直播不存在");
+            }
+
+            Long targetCouponId = couponId;
+            if (targetCouponId == null) {
+                String configJson = live.getConfigJson();
+                if (StringUtils.isEmpty(configJson)) {
+                    return R.error("直播间未配置观看奖励");
+                }
+                LiveWatchConfig config = JSON.parseObject(configJson, LiveWatchConfig.class);
+                if (config == null || !Boolean.TRUE.equals(config.getEnabled())) {
+                    return R.error("观看奖励未开启");
+                }
+                if (config.getAction() == null || config.getAction().intValue() != 3) {
+                    return R.error("观看奖励类型不是优惠券，请传入 couponId");
+                }
+                String actionCouponIdStr = config.getActionCouponId();
+                if (StringUtils.isBlank(actionCouponIdStr)) {
+                    return R.error("观看奖励未配置优惠券ID");
+                }
+                targetCouponId = Long.parseLong(actionCouponIdStr);
+            }
+
+            bindCouponToUsers(live, Collections.singletonList(userId), targetCouponId);
+            return R.ok("观看奖励优惠券发放完成").put("couponId", targetCouponId);
+        } catch (Exception e) {
+            log.error("手动触发观看奖励优惠券失败, liveId={}, userId={}", liveId, userId, e);
+            return R.error("触发失败：" + e.getMessage());
+        }
+    }
+
     /**
      * 发送优惠券奖励消息给前端
      */

fs-live-app/src/main/java/com/fs/live/websocket/service/WebSocketServer.java

@@ -1309,7 +1309,11 @@ public class WebSocketServer {
                     log.error("优惠券状态已经关闭");
                     return;
                 }
-                LiveCouponIssue liveCouponIssue = liveCouponIssueService.selectLiveCouponIssueByCouponId(liveCoupon.getCouponId());
+                LiveCouponIssue liveCouponIssue = liveCouponIssueService.selectIssueByLiveIdAndCouponId(task.getLiveId(), liveCoupon.getCouponId());
+                if (liveCouponIssue == null) {
+                    log.error("优惠券未关联到直播间，liveId={}, couponId={}", task.getLiveId(), liveCoupon.getCouponId());
+                    return;
+                }
                 LiveCouponIssueRelation relation = liveCouponMapper.selectCouponRelation(task.getLiveId(), liveCouponIssue.getId());
                 if (liveCoupon != null) {
                     redisCache.setCacheObject(String.format(LiveKeysConstant.LIVE_COUPON_NUM , liveCouponIssue.getId()), liveCouponIssue.getRemainCount().intValue(), 30, TimeUnit.MINUTES);

fs-live-app/src/main/resources/application.yml

@@ -6,4 +6,4 @@ server:
 # Spring配置
 spring:
   profiles:
-    active: druid-bjzm-test
+    active: druid-tyt-test

fs-service/src/main/java/com/fs/course/mapper/FsUserVideoMapper.java

@@ -277,5 +277,10 @@ public interface FsUserVideoMapper
             "</if>" +
             "</script>"})
     List<FsUserVideoListUVO> selectFsUserVideoListUVOByUser(@Param("talentId") Long talentId, @Param("oneSelf") boolean oneSelf);
+
+    // 评论数加一
+    int addCommentCount(Long videoId);
+
+    int delCommentCount(Long videoId);
 }
 

fs-service/src/main/java/com/fs/course/param/FsUserVideoCommentDelUParam.java

@@ -20,7 +20,7 @@ public class FsUserVideoCommentDelUParam implements Serializable
     private Long commentId;
 
 //    @NotNull(message = "视频ID不能为空")
-//    private Long videoId;
+    private Long videoId;
 
     private String parentId;
 }

fs-service/src/main/java/com/fs/course/service/impl/FsUserVideoCommentServiceImpl.java

@@ -7,6 +7,7 @@ import java.util.stream.Collectors;
 import com.fs.common.core.domain.R;
 import com.fs.common.utils.DateUtils;
 import com.fs.course.mapper.FsUserVideoCommentLikeMapper;
+import com.fs.course.mapper.FsUserVideoMapper;
 import com.fs.course.param.FsUserVideoCommentAddUParam;
 import com.fs.course.param.FsUserVideoCommentDelUParam;
 import com.fs.course.param.FsUserVideoCommentUParam;
@@ -48,6 +49,9 @@ public class FsUserVideoCommentServiceImpl implements IFsUserVideoCommentService
     @Autowired
     private FsUserMapper fsUserMapper;
 
+    @Autowired
+    private FsUserVideoMapper fsUserVideoMapper;
+
     private static final String COMMENT_LIST_KEY_PREFIX = "comment:list:video:";
     private static final String COMMENT_HASH_KEY_PREFIX = "comment:hash:video:";
     private static final String REPLY_LIST_KEY_PREFIX = "reply:list:comment:";
@@ -191,6 +195,8 @@ public class FsUserVideoCommentServiceImpl implements IFsUserVideoCommentService
             comment.setParentId(param.getParentId());
         }
         if (fsUserVideoCommentMapper.insertFsUserVideoComment(comment)>0){
+            // 更新对应的评论数
+            fsUserVideoMapper.addCommentCount(comment.getVideoId());
             return R.ok().put("data",comment);
         };
         return R.error("新增评论失败");
@@ -485,12 +491,15 @@ public class FsUserVideoCommentServiceImpl implements IFsUserVideoCommentService
     @Override
     @Transactional
     public R delComment(FsUserVideoCommentDelUParam param) {
-        // 更新评论数
-        if (param.getParentId() == null) {
-            //除数据库中的回复
-            fsUserVideoCommentMapper.deleteByParentId(param.getCommentId().toString());
-        }
+        // 只删除自己的评论，回复保留
+//        if (param.getParentId() == null) {
+//            //除数据库中的回复
+//            fsUserVideoCommentMapper.deleteByParentId(param.getCommentId().toString());
+//        }
+
         fsUserVideoCommentMapper.deleteByCommentId(param.getCommentId());
+        // 评论数减一
+        fsUserVideoMapper.delCommentCount(param.getVideoId());
         return R.ok();
     }
 

fs-service/src/main/java/com/fs/live/mapper/LiveCouponIssueMapper.java

@@ -76,6 +76,12 @@ public interface LiveCouponIssueMapper
     @Insert("insert into live_coupon_issue_relation(live_id,coupon_issue_id,is_show,goods_id) values(#{liveId},#{couponIssueId},#{isShow},#{goodsId})")
     void insertLiveCouponIssueRelation(LiveCouponIssueRelation liveCouponIssueRelation);
 
-    @Select("select * from live_coupon_issue where coupon_id= #{couponId}")
+    @Select("select * from live_coupon_issue where coupon_id = #{couponId} order by id desc limit 1")
     LiveCouponIssue selectLiveCouponIssueByCouponId(@Param("couponId") Long couponId);
+
+    @Select("select lci.* from live_coupon_issue lci " +
+            "inner join live_coupon_issue_relation lcir on lci.id = lcir.coupon_issue_id " +
+            "where lcir.live_id = #{liveId} and lci.coupon_id = #{couponId} " +
+            "order by lci.id desc limit 1")
+    LiveCouponIssue selectIssueByLiveIdAndCouponId(@Param("liveId") Long liveId, @Param("couponId") Long couponId);
 }

fs-service/src/main/java/com/fs/live/service/ILiveCompletionCouponService.java

@@ -24,6 +24,13 @@ public interface ILiveCompletionCouponService {
      */
     LiveCompletionCouponNotifyResult prepareCompletionCouponNotify(Long liveId, Long userId, Long watchDuration);
 
+    /**
+     * 预检查完课弹窗
+     *
+     * @param forcePush true 时跳过「今日已推送」校验，供手动触发接口强制 WebSocket 推送
+     */
+    LiveCompletionCouponNotifyResult prepareCompletionCouponNotify(Long liveId, Long userId, Long watchDuration, boolean forcePush);
+
     /**
      * 标记今日已推送完课优惠券弹窗
      */

fs-service/src/main/java/com/fs/live/service/ILiveCouponIssueService.java

@@ -65,4 +65,6 @@ public interface ILiveCouponIssueService
     List<LiveCouponIssue> curCoupon(CouponPO coupon);
 
     LiveCouponIssue selectLiveCouponIssueByCouponId(Long id);
+
+    LiveCouponIssue selectIssueByLiveIdAndCouponId(Long liveId, Long couponId);
 }

fs-service/src/main/java/com/fs/live/service/impl/LiveAutoTaskServiceImpl.java

@@ -147,8 +147,8 @@ public class LiveAutoTaskServiceImpl implements ILiveAutoTaskService {
             // 自动优惠券
             LiveCoupon liveCoupon = liveCouponMapper.selectLiveCouponById(Long.valueOf(liveAutoTask.getContent()));
             if(liveCoupon == null) return R.error("优惠券不存在");
-            LiveCouponIssue liveCouponIssue = liveCouponIssueMapper.selectLiveCouponIssueByCouponId(liveCoupon.getCouponId());
-            if(liveCouponIssue == null)return R.error("优惠券未发布");
+            LiveCouponIssue liveCouponIssue = liveCouponIssueMapper.selectIssueByLiveIdAndCouponId(liveAutoTask.getLiveId(), liveCoupon.getCouponId());
+            if(liveCouponIssue == null)return R.error("优惠券未发布或未关联到直播间");
             LiveCouponIssueRelation liveCouponIssueRelation = liveCouponMapper.selectCouponRelation(liveAutoTask.getLiveId(),liveCouponIssue.getId());
             if(liveCouponIssueRelation == null) return R.error("优惠券尚未添加在直播间");
             if(ObjectUtil.isEmpty(liveCouponIssueRelation.getGoodsId())) return R.error("未绑定商品，无法制定自动化任务！");
@@ -321,8 +321,8 @@ public class LiveAutoTaskServiceImpl implements ILiveAutoTaskService {
             // 自动优惠券
             LiveCoupon liveCoupon = liveCouponMapper.selectLiveCouponById(Long.valueOf(liveAutoTask.getContent()));
             if(liveCoupon == null) return R.error("优惠券不存在！");
-            LiveCouponIssue liveCouponIssue = liveCouponIssueMapper.selectLiveCouponIssueByCouponId(liveCoupon.getCouponId());
-            if(liveCouponIssue == null)return R.error("未发布优惠券！");
+            LiveCouponIssue liveCouponIssue = liveCouponIssueMapper.selectIssueByLiveIdAndCouponId(liveAutoTask.getLiveId(), liveCoupon.getCouponId());
+            if(liveCouponIssue == null)return R.error("未发布优惠券或未关联到直播间！");
             LiveCouponIssueRelation liveCouponIssueRelation = liveCouponMapper.selectCouponRelation(liveAutoTask.getLiveId(),liveCouponIssue.getId());
             if(liveCouponIssueRelation == null) return R.error("未绑定商品，无法发布！");
             if(ObjectUtil.isEmpty(liveCouponIssueRelation.getGoodsId())) return R.error("未绑定商品，无法发布！");

fs-service/src/main/java/com/fs/live/service/impl/LiveCompletionCouponServiceImpl.java

@@ -10,6 +10,7 @@ import com.fs.live.mapper.LiveQuestionBankMapper;
 import com.fs.live.param.LiveCompletionCouponAnswerParam;
 import com.fs.live.service.*;
 import com.fs.live.vo.LiveCompletionCouponConfigVO;
+import com.fs.live.vo.LiveCompletionCouponInfoVO;
 import com.fs.live.vo.LiveCompletionCouponNotifyResult;
 import com.fs.live.vo.LiveCompletionCouponStatusVO;
 import com.fs.live.vo.LiveCompletionQuestionVO;
@@ -82,6 +83,11 @@ public class LiveCompletionCouponServiceImpl implements ILiveCompletionCouponSer
 
     @Override
     public LiveCompletionCouponNotifyResult prepareCompletionCouponNotify(Long liveId, Long userId, Long watchDuration) {
+        return prepareCompletionCouponNotify(liveId, userId, watchDuration, false);
+    }
+
+    @Override
+    public LiveCompletionCouponNotifyResult prepareCompletionCouponNotify(Long liveId, Long userId, Long watchDuration, boolean forcePush) {
         LiveCompletionCouponNotifyResult result = new LiveCompletionCouponNotifyResult();
         result.setShouldNotify(false);
         result.setEligible(false);
@@ -93,6 +99,8 @@ public class LiveCompletionCouponServiceImpl implements ILiveCompletionCouponSer
                 return result;
             }
 
+            result.setCoupon(loadCouponInfo(config.getCouponId()));
+
             if (!isWatchRateEligible(liveId, userId, watchDuration, config)) {
                 return result;
             }
@@ -108,7 +116,7 @@ public class LiveCompletionCouponServiceImpl implements ILiveCompletionCouponSer
                 return result;
             }
 
-            if (hasNotifiedToday(liveId, userId)) {
+            if (!forcePush && hasNotifiedToday(liveId, userId)) {
                 result.setQuestions(questions);
                 return result;
             }
@@ -296,7 +304,7 @@ public class LiveCompletionCouponServiceImpl implements ILiveCompletionCouponSer
             throw new BaseException("优惠券不存在");
         }
 
-        LiveCouponIssue couponIssue = liveCouponIssueService.selectLiveCouponIssueByCouponId(couponId);
+        LiveCouponIssue couponIssue = liveCouponIssueService.selectIssueByLiveIdAndCouponId(live.getLiveId(), couponId);
         if (couponIssue == null || couponIssue.getStatus() == null || couponIssue.getStatus() != 1) {
             throw new BaseException("优惠券领取配置不可用");
         }
@@ -355,6 +363,23 @@ public class LiveCompletionCouponServiceImpl implements ILiveCompletionCouponSer
                         && item.getCreateTime().toInstant().atZone(ZoneId.systemDefault()).toLocalDate().equals(today));
     }
 
+    private LiveCompletionCouponInfoVO loadCouponInfo(Long couponId) {
+        if (couponId == null) {
+            return null;
+        }
+        LiveCoupon coupon = liveCouponService.selectLiveCouponById(couponId);
+        if (coupon == null) {
+            return null;
+        }
+        LiveCompletionCouponInfoVO vo = new LiveCompletionCouponInfoVO();
+        vo.setCouponId(coupon.getCouponId());
+        vo.setTitle(coupon.getTitle());
+        vo.setCouponPrice(coupon.getCouponPrice());
+        vo.setUseMinPrice(coupon.getUseMinPrice());
+        vo.setCouponTime(coupon.getCouponTime());
+        return vo;
+    }
+
     private List<LiveCompletionQuestionVO> loadQuestions(String finishQuestionIds) {
         List<Long> questionIds = parseQuestionIds(finishQuestionIds);
         if (questionIds.isEmpty()) {

fs-service/src/main/java/com/fs/live/service/impl/LiveCouponIssueServiceImpl.java

@@ -162,4 +162,9 @@ public class LiveCouponIssueServiceImpl implements ILiveCouponIssueService
     public LiveCouponIssue selectLiveCouponIssueByCouponId(Long couponId) {
         return liveCouponIssueMapper.selectLiveCouponIssueByCouponId(couponId);
     }
+
+    @Override
+    public LiveCouponIssue selectIssueByLiveIdAndCouponId(Long liveId, Long couponId) {
+        return liveCouponIssueMapper.selectIssueByLiveIdAndCouponId(liveId, couponId);
+    }
 }

fs-service/src/main/java/com/fs/live/vo/LiveCompletionCouponInfoVO.java

@@ -0,0 +1,22 @@
+package com.fs.live.vo;
+
+import lombok.Data;
+
+import java.math.BigDecimal;
+
+/**
+ * Íê¿ÎÓÅ»ÝȯÐÅÏ¢
+ */
+@Data
+public class LiveCompletionCouponInfoVO {
+
+    private Long couponId;
+
+    private String title;
+
+    private BigDecimal couponPrice;
+
+    private BigDecimal useMinPrice;
+
+    private Long couponTime;
+}

fs-service/src/main/java/com/fs/live/vo/LiveCompletionCouponNotifyResult.java

@@ -18,4 +18,7 @@ public class LiveCompletionCouponNotifyResult {
 
     /** 今日问题（不含答案） */
     private List<LiveCompletionQuestionVO> questions;
+
+    /** 完课奖励优惠券信息 */
+    private LiveCompletionCouponInfoVO coupon;
 }

fs-service/src/main/java/com/fs/utils/SensitiveDataUtils.java

@@ -1,6 +1,5 @@
 package com.fs.utils;
 
-import java.util.Random;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -8,10 +7,8 @@ public class SensitiveDataUtils {
 
     private static final Pattern MOBILE_PATTERN = Pattern.compile("(?<!\\d)1[3-9]\\d{9}(?!\\d)");
 
-
-
     /**
-     * 对文本中的手机号进行脱敏处理，保留前3位，后8位随机替换
+     * 对文本中的手机号进行脱敏处理，保留前3后4
      */
     public static String maskMobileNumbers(String content) {
         try {
@@ -23,7 +20,8 @@ public class SensitiveDataUtils {
             StringBuffer sb = new StringBuffer();
 
             while (matcher.find()) {
-                String maskedMobile = getPhoneNumber();
+                String mobile = matcher.group();
+                String maskedMobile = mobile.substring(0, 3) + "****" + mobile.substring(7);
                 matcher.appendReplacement(sb, maskedMobile);
             }
 
@@ -33,13 +31,4 @@ public class SensitiveDataUtils {
             return content;
         }
     }
-
-    private static String getPhoneNumber() {
-        String phoneNumbers = "16623962137,15523238506,17749925835,15923875456,18305948549,13883332012,15057469844,13618796139,18620430041,18584668114,18580017521,15111845257,15275039316,18201444980,18813118010,17726645677,15223482407,17623042467,15123822149,18623062201,17749925836,18323465069,18580176027,13452385636,13608870842,17685274759,15315437944,15998971322,18623079553,15025306414,18623592546,17264203997,18983650852,19823410818,15528133197,18987692003,15364612795,15364612795,17782358851,13452011251,13527318467,13637935049,15123970077,18166348566,13668096347,18883781302,18780014073,18602325964,15086929910,15320525962,15210865639,13671138824,19936630315,18223553039,18290561680,18883557568,18280114551,15086823485,18280406822,15084440304,18680821042,19115284897,15823539658,13718194200,13521390467,18253105683,15866702785,18697568671,13435694935,17347643607,15002351429,13640582745,18716432052,13167916563,15523238507,14678903116,18324157410,18121887854,19923671431,17388206297,18225226941,15111111111,18324199200,15223337413,13633333333,15523524367,15376779826,18580137367,13983381612,15523004683,18996016507,15683164217,19946754704,13983370856,15870485887,18280237531,15223298047,18580466998,15923377066,17353257273,18067773557,18103269005,17775537029,15730089438,13668480682,13183501165,13101083915,19102330681,15084400940";
-        String[] split = phoneNumbers.split(",");
-        return split[new Random().nextInt(split.length)];
-    }
-
-
-
-}
+}

fs-service/src/main/resources/mapper/course/FsUserVideoMapper.xml

@@ -156,6 +156,19 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
         </trim>
     </insert>
 
+    <insert id="addCommentCount">
+        update fs_user_video
+        set comments = comments + 1
+        where video_id = #{videoId}
+    </insert>
+
+    <insert id="delCommentCount">
+        update fs_user_video
+        set comments = comments - 1
+        where video_id = #{videoId}
+    </insert>
+
+
     <update id="updateFsUserVideo" parameterType="FsUserVideo">
         update fs_user_video
         <trim prefix="SET" suffixOverrides=",">

fs-service/src/main/resources/mapper/live/LiveCouponUserMapper.xml

@@ -69,20 +69,20 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
          left join fs_user u on cou.user_id=u.user_id
 
         <where>
-            <if test="couponId != null "> and coupon_id = #{couponId}</if>
-            <if test="userId != null "> and user_id = #{userId}</if>
-            <if test="couponTitle != null  and couponTitle != ''"> and coupon_title = #{couponTitle}</if>
-            <if test="couponPrice != null "> and coupon_price = #{couponPrice}</if>
-            <if test="useMinPrice != null "> and use_min_price = #{useMinPrice}</if>
-            <if test="limitTime != null "> and limit_time = #{limitTime}</if>
-            <if test="useTime != null "> and use_time = #{useTime}</if>
-            <if test="type != null  and type != ''"> and type = #{type}</if>
-            <if test="status != null "> and status = #{status}</if>
-            <if test="isFail != null "> and is_fail = #{isFail}</if>
-            <if test="isDel != null "> and is_del = #{isDel}</if>
-            <if test="goodsId != null "> and goods_id = #{goodsId}</if>
-            <if test="verifyCode != null and verifyCode != ''"> and verify_code = #{verifyCode}</if>
-            <if test="verifyUserId != null "> and verify_user_id = #{verifyUserId}</if>
+            <if test="couponId != null "> and cou.coupon_id = #{couponId}</if>
+            <if test="userId != null "> and cou.user_id = #{userId}</if>
+            <if test="couponTitle != null  and couponTitle != ''"> and cou.coupon_title = #{couponTitle}</if>
+            <if test="couponPrice != null "> and cou.coupon_price = #{couponPrice}</if>
+            <if test="useMinPrice != null "> and cou.use_min_price = #{useMinPrice}</if>
+            <if test="limitTime != null "> and cou.limit_time = #{limitTime}</if>
+            <if test="useTime != null "> and cou.use_time = #{useTime}</if>
+            <if test="type != null  and type != ''"> and cou.type = #{type}</if>
+            <if test="status != null "> and cou.status = #{status}</if>
+            <if test="isFail != null "> and cou.is_fail = #{isFail}</if>
+            <if test="isDel != null "> and cou.is_del = #{isDel}</if>
+            <if test="goodsId != null "> and cou.goods_id = #{goodsId}</if>
+            <if test="verifyCode != null and verifyCode != ''"> and cou.verify_code = #{verifyCode}</if>
+            <if test="verifyUserId != null "> and cou.verify_user_id = #{verifyUserId}</if>
         </where>
     </select>
 

fs-user-app/src/main/java/com/fs/app/config/WebMvcConfig.java

@@ -19,7 +19,8 @@ public class WebMvcConfig implements WebMvcConfigurer {
 
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
-        registry.addInterceptor(authorizationInterceptor).addPathPatterns("/app/**").addPathPatterns("/store/app/**");
+        registry.addInterceptor(authorizationInterceptor)
+                .addPathPatterns("/app/**", "/store/app/**", "/user/**", "/live/**");
     }
 //
 //    @Override

fs-user-app/src/main/java/com/fs/app/controller/InquiryOrderController.java

@@ -704,9 +704,6 @@ public class InquiryOrderController extends  AppBaseController {
     public R getInquiryOrderById(@RequestParam("orderId")Long orderId)
     {
         FsInquiryOrder order=inquiryOrderService.selectFsInquiryOrderByOrderId(orderId);
-//        if(!order.getUserId().equals(Long.parseLong(getUserId()))){
-//            return R.error("非法操作");
-//        }
         if(order!=null&&StringUtils.isNotEmpty(order.getPatientJson())){
             FsInquiryOrderPatientDTO dto=JSONUtil.toBean(order.getPatientJson(),FsInquiryOrderPatientDTO.class);
             dto.setMobile(ParseUtils.parsePhone(dto.getMobile()));
@@ -723,9 +720,12 @@ public class InquiryOrderController extends  AppBaseController {
     {
         Map<String,Object> maps=new HashMap<>();
         FsInquiryOrder order=inquiryOrderService.selectFsInquiryOrderByOrderId(orderId);
-//        if(!order.getUserId().equals(Long.parseLong(getUserId()))){
-//            return R.error("非法操作");
-//        }
+        if (order == null) {
+            return R.error("订单不存在");
+        }
+        if (!com.fs.common.utils.OwnershipAssert.isSameUser(order.getUserId(), Long.parseLong(getUserId()))) {
+            return R.error("非法操作");
+        }
         if(order!=null&&StringUtils.isNotEmpty(order.getPatientJson())){
             FsInquiryOrderPatientDTO dto=JSONUtil.toBean(order.getPatientJson(),FsInquiryOrderPatientDTO.class);
             dto.setMobile(ParseUtils.parsePhone(dto.getMobile()));
@@ -798,9 +798,6 @@ public class InquiryOrderController extends  AppBaseController {
     public R getInquiryOrderReport(@RequestParam("orderId")Long orderId)
     {
         FsInquiryOrderReportUVO report=orderReportService.selectFsInquiryOrderReportUVOByOrderId(orderId);
-//        if(!report.getUserId().equals(Long.parseLong(getUserId()))){
-//            return R.error("非法操作");
-//        }
         if(report!=null&&StringUtils.isNotEmpty(report.getPatientJson())){
             FsInquiryOrderPatientDTO dto=JSONUtil.toBean(report.getPatientJson(),FsInquiryOrderPatientDTO.class);
             dto.setMobile(ParseUtils.parsePhone(dto.getMobile()));
@@ -840,9 +837,6 @@ public class InquiryOrderController extends  AppBaseController {
     public R getCompanyUserInquiryOrderById(@RequestParam("orderId")Long orderId)
     {
         FsInquiryOrder order=inquiryOrderService.selectFsInquiryOrderByOrderId(orderId);
-//        if(!order.getCompanyUserId().equals(getCompanyUserId())){
-//            return R.error("非法操作");
-//        }
         if(order!=null&&StringUtils.isNotEmpty(order.getPatientJson())){
             FsInquiryOrderPatientDTO dto=JSONUtil.toBean(order.getPatientJson(),FsInquiryOrderPatientDTO.class);
             dto.setMobile(ParseUtils.parsePhone(dto.getMobile()));

fs-user-app/src/main/java/com/fs/app/controller/PackageOrderController.java

@@ -137,9 +137,6 @@ public class PackageOrderController extends  AppBaseController {
     @GetMapping("/getPackageOrderById")
     public R getPackageOrderById(@RequestParam("orderId") Long orderId, HttpServletRequest request){
         FsPackageOrder order=packageOrderService.selectFsPackageOrderByOrderId(orderId);
-//        if(!order.getUserId().equals(Long.parseLong(getUserId()))){
-//            return R.error("非法操作");
-//        }
 
         if(order!=null&& StringUtils.isNotEmpty(order.getPatientJson())){
             FsPatient dto= JSONUtil.toBean(order.getPatientJson(),FsPatient.class);
@@ -171,9 +168,6 @@ public class PackageOrderController extends  AppBaseController {
     @GetMapping("/getCompanyUserPackageOrderById")
     public R getCompanyUserPackageOrderById(@RequestParam("orderId") Long orderId, HttpServletRequest request){
         FsPackageOrder order=packageOrderService.selectFsPackageOrderByOrderId(orderId);
-//        if(!order.getCompanyUserId().equals(getCompanyUserId())){
-//            return R.error("非法操作");
-//        }
         if(order!=null&& StringUtils.isNotEmpty(order.getPatientJson())){
             FsPatient dto= JSONUtil.toBean(order.getPatientJson(),FsPatient.class);
             dto.setMobile(ParseUtils.parsePhone(dto.getMobile()));

fs-user-app/src/main/java/com/fs/app/controller/StoreOrderController.java

@@ -12,6 +12,7 @@ import com.fs.his.vo.FsStoreOrderBillLogVo;
 import com.fs.common.core.domain.R;
 import com.fs.common.exception.CustomException;
 
+import com.fs.common.utils.OwnershipAssert;
 import com.fs.common.utils.ParseUtils;
 import com.fs.his.domain.*;
 import com.fs.his.param.*;
@@ -76,6 +77,12 @@ public class StoreOrderController extends  AppBaseController {
     @GetMapping("/getMyStoreOrderById")
     public R getMyStoreOrderById(@RequestParam("orderId") Long orderId, HttpServletRequest request){
         FsStoreOrder order=orderService.selectFsStoreOrderByOrderId(orderId);
+        if (order == null) {
+            return R.error("订单不存在");
+        }
+        if (!OwnershipAssert.isSameUser(order.getUserId(), Long.parseLong(getUserId()))) {
+            return R.error("非法操作");
+        }
         order.setUserPhone(ParseUtils.parsePhone(order.getUserPhone()));
         order.setUserAddress(ParseUtils.parseIdCard(order.getUserAddress()));
         List<FsStoreOrderItemListUVO> list=orderItemService.selectFsStoreOrderItemListUVOByOrderId(orderId);
@@ -114,9 +121,6 @@ public class StoreOrderController extends  AppBaseController {
     @GetMapping("/getStoreOrderById")
     public R getStoreOrderById(@RequestParam("orderId") Long orderId, HttpServletRequest request){
         FsStoreOrder order=orderService.selectFsStoreOrderByOrderId(orderId);
-//        if(!order.getUserId().equals(Long.parseLong(getUserId()))){
-//            return R.error("非法操作");
-//        }
         order.setUserPhone(ParseUtils.parsePhone(order.getUserPhone()));
         order.setUserAddress(ParseUtils.parseIdCard(order.getUserAddress()));
         List<FsStoreOrderItemListUVO> list=orderItemService.selectFsStoreOrderItemListUVOByOrderId(orderId);
@@ -177,6 +181,9 @@ public class StoreOrderController extends  AppBaseController {
         if (ObjectUtil.isNull(order)) {
             throw new CustomException("订单不存在");
         }
+        if (!OwnershipAssert.isSameUser(order.getUserId(), Long.parseLong(getUserId()))) {
+            throw new CustomException("非法操作");
+        }
         return orderService.cancelOrder(param.getOrderId());
 
     }
@@ -188,6 +195,9 @@ public class StoreOrderController extends  AppBaseController {
         if (ObjectUtil.isNull(order)) {
             throw new CustomException("订单不存在");
         }
+        if (!OwnershipAssert.isSameUser(order.getUserId(), Long.parseLong(getUserId()))) {
+            throw new CustomException("非法操作");
+        }
         if (order.getStatus() <3) {
             throw new CustomException("未发货订单不能查询");
         }
@@ -209,6 +219,13 @@ public class StoreOrderController extends  AppBaseController {
     @ApiOperation("完成订单")
     @PostMapping("/finishOrder")
     public R finishOrder(@Validated @RequestBody FsStoreOrderFinishParam param, HttpServletRequest request){
+        FsStoreOrder order = orderService.selectFsStoreOrderByOrderId(param.getOrderId());
+        if (order == null) {
+            return R.error("订单不存在");
+        }
+        if (!OwnershipAssert.isSameUser(order.getUserId(), Long.parseLong(getUserId()))) {
+            return R.error("非法操作");
+        }
         return orderService.finishOrder(param.getOrderId());
     }
 
@@ -230,9 +247,6 @@ public class StoreOrderController extends  AppBaseController {
     @GetMapping("/getCompanyUserStoreOrderById")
     public R getCompanyUserStoreOrderById(@RequestParam("orderId") Long orderId, HttpServletRequest request){
         FsStoreOrder order=orderService.selectFsStoreOrderByOrderId(orderId);
-//        if(!order.getCompanyUserId().equals(getCompanyUserId())){
-//            return R.error("非法操作");
-//        }
         order.setUserPhone(ParseUtils.parsePhone(order.getUserPhone()));
         order.setUserAddress(ParseUtils.parseIdCard(order.getUserAddress()));
         List<FsStoreOrderItemListUVO> list=orderItemService.selectFsStoreOrderItemListUVOByOrderId(orderId);
@@ -272,13 +286,27 @@ public class StoreOrderController extends  AppBaseController {
     @GetMapping("/billInfo")
     @ApiResponse(code = 200, message = "", response = FsStoreOrderBillLog.class)
     public R billList(Long id){
-        return R.ok().put("data", orderBillLogService.getById(id));
+        FsStoreOrderBillLog billLog = orderBillLogService.getById(id);
+        if (billLog != null) {
+            FsStoreOrder order = orderService.selectFsStoreOrderByOrderId(billLog.getOrderId());
+            if (order != null && !OwnershipAssert.isSameUser(order.getUserId(), Long.parseLong(getUserId()))) {
+                return R.error("非法操作");
+            }
+        }
+        return R.ok().put("data", billLog);
     }
 
     @Login
     @ApiOperation("开票冲红")
     @GetMapping("/billBack")
     public R billBack(Long id){
+        FsStoreOrderBillLog billLog = orderBillLogService.getById(id);
+        if (billLog != null) {
+            FsStoreOrder order = orderService.selectFsStoreOrderByOrderId(billLog.getOrderId());
+            if (order != null && !OwnershipAssert.isSameUser(order.getUserId(), Long.parseLong(getUserId()))) {
+                return R.error("非法操作");
+            }
+        }
         return orderBillLogService.billBack(id);
     }
 

fs-user-app/src/main/java/com/fs/app/controller/UserVipController.java

@@ -120,7 +120,6 @@ public class UserVipController extends  AppBaseController{
                 userMap.setIsVip(0);
                 userMap.setVipStatus(2);
                 fsUserMapper.updateFsUser(userMap);
-                // 添加日志记录
                 logger.info("User ID: " + user.getUserId() + " VIP status updated.");
             }
         }

fs-user-app/src/main/java/com/fs/app/controller/live/LiveOrderController.java

@@ -190,6 +190,12 @@ public class LiveOrderController extends AppBaseController
     @GetMapping("/getMyStoreOrderById")
     public R getMyStoreOrderById(@RequestParam("orderId") Long orderId, HttpServletRequest request){
         LiveOrder order=orderService.selectLiveOrderByOrderId(String.valueOf(orderId));
+        if (order == null) {
+            return R.error("订单不存在");
+        }
+        if (order.getUserId() == null || !order.getUserId().equals(getUserId())) {
+            return R.error("非法操作");
+        }
         order.setUserPhone(ParseUtils.parsePhone(order.getUserPhone()));
         order.setUserAddress(ParseUtils.parseIdCard(order.getUserAddress()));
         List<LiveOrderItemListUVO> list = liveOrderItemService.selectLiveOrderItemListUVOByOrderId(orderId);

fs-user-app/src/main/java/com/fs/app/controller/store/StoreOrderScrmController.java

@@ -123,6 +123,12 @@ public class StoreOrderScrmController extends AppBaseController {
     @GetMapping("/getMyStoreOrderById")
     public R getMyStoreOrderById(@RequestParam("orderId") Long orderId, HttpServletRequest request){
         FsStoreOrderScrm order=orderService.selectFsStoreOrderById(orderId);
+        if (order == null) {
+            return R.error("订单不存在");
+        }
+        if (!com.fs.common.utils.OwnershipAssert.isSameUser(order.getUserId(), Long.parseLong(getUserId()))) {
+            return R.error("非法操作");
+        }
         order.setUserPhone(ParseUtils.parsePhone(order.getUserPhone()));
         order.setUserAddress(ParseUtils.parseIdCard(order.getUserAddress()));
         List<FsStoreOrderItemVO> list=itemService.selectFsStoreOrderItemListByOrderId(orderId);