优化

fs-admin/src/main/java/com/fs/his/controller/LifeSaluteOrderController.java

@@ -9,12 +9,14 @@ import com.fs.common.enums.BusinessType;
 import com.fs.common.exception.base.BaseException;
 import com.fs.common.utils.poi.ExcelUtil;
 import com.fs.company.domain.CompanyUser;
+import com.fs.company.mapper.CompanyMapper;
 import com.fs.company.mapper.CompanyUserMapper;
 import com.fs.core.utils.OrderCodeUtils;
 import com.fs.his.domain.LifeSaluteOrder;
 import com.fs.his.dto.LifeSaluteOrderImportDTO;
 import com.fs.his.param.LifeSaluteOrderCreateParam;
 import com.fs.his.service.ILifeSaluteOrderService;
+import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
@@ -26,6 +28,7 @@ import java.util.List;
 /**
  * 生命礼赞订单Controller
  */
+@Slf4j
 @RestController
 @RequestMapping("/his/lifeSaluteOrder")
 public class LifeSaluteOrderController extends BaseController {
@@ -36,6 +39,9 @@ public class LifeSaluteOrderController extends BaseController {
     @Autowired
     private CompanyUserMapper companyUserMapper;
 
+    @Autowired
+    private CompanyMapper companyMapper;
+
     /**
      * 分页查询生命礼赞订单列表
      *
@@ -132,18 +138,20 @@ public class LifeSaluteOrderController extends BaseController {
         }
         int successCount = 0;
         int failCount = 0;
-        for (LifeSaluteOrderImportDTO orderDTO : orderList)
+        for (int i = 0; i < orderList.size(); i++)
         {
+            LifeSaluteOrderImportDTO orderDTO = orderList.get(i);
+            String orderNo = orderDTO.getOrderNo();
             try
             {
-                LifeSaluteOrder existing = lifeSaluteOrderService.selectLifeSaluteOrderByOrderNo(orderDTO.getOrderNo());
+                LifeSaluteOrder existing = lifeSaluteOrderService.selectLifeSaluteOrderByOrderNo(orderNo);
                 if (existing != null)
                 {
                     if (updateSupport)
                     {
                         existing = copyImportDtoToOrder(orderDTO, existing);
                         existing.setId(existing.getId());
-                        existing.setSenderAddress("西藏自治区昌都市丁青县协雄乡达恩仓藏医门诊");
+                        existing.setSenderAddress("西藏自治区昌都市卡若镇经开区加卡尼伟藏医院");
                         fillCompanyInfo(existing);
                         lifeSaluteOrderService.updateLifeSaluteOrder(existing);
                         if (StringUtils.isNotEmpty(existing.getWaybillNo()) && StringUtils.isNotEmpty(existing.getDeliveryCode()))
@@ -154,6 +162,8 @@ public class LifeSaluteOrderController extends BaseController {
                     }
                     else
                     {
+                        log.warn("第{}行订单已存在且不允许更新, orderNo={}, receiverName={}, receiverMobile={}",
+                                i + 2, orderNo, orderDTO.getReceiverName(), orderDTO.getReceiverMobile());
                         failCount++;
                     }
                 }
@@ -173,7 +183,7 @@ public class LifeSaluteOrderController extends BaseController {
                         throw new BaseException("订单号创建失败");
                     }
                     order.setOrderNo(orderSn);
-                    order.setSenderAddress("西藏自治区昌都市丁青县协雄乡达恩仓藏医门诊");
+                    order.setSenderAddress("西藏自治区昌都市卡若镇经开区加卡尼伟藏医院");
                     fillCompanyInfo(order);
                     lifeSaluteOrderService.insertLifeSaluteOrder(order);
                     if (StringUtils.isNotEmpty(order.getWaybillNo()) && StringUtils.isNotEmpty(order.getDeliveryCode()))
@@ -185,6 +195,8 @@ public class LifeSaluteOrderController extends BaseController {
             }
             catch (Exception e)
             {
+                log.error("第{}行导入失败, orderNo={}, receiverName={}, receiverMobile={}",
+                        i + 2, orderNo, orderDTO.getReceiverName(), orderDTO.getReceiverMobile(), e);
                 failCount++;
             }
         }
@@ -211,7 +223,6 @@ public class LifeSaluteOrderController extends BaseController {
         order.setSenderProvince(dto.getSenderProvince());
         order.setSenderCity(dto.getSenderCity());
         order.setSenderDistrict(dto.getSenderDistrict());
-        order.setSenderAddress(dto.getSenderAddress());
         order.setReceiverName(dto.getReceiverName());
         order.setReceiverMobile(dto.getReceiverMobile());
         order.setReceiverTel(dto.getReceiverTel());
@@ -261,8 +272,8 @@ public class LifeSaluteOrderController extends BaseController {
         if (StringUtils.isNotEmpty(order.getCompanyUserPhone())) {
             CompanyUser companyUser = companyUserMapper.selectCompanyUserByPhone(order.getCompanyUserPhone());
             if (companyUser != null) {
-                order.setCompanyId(companyUser.getCompanyId());
                 order.setCompanyUserId(companyUser.getUserId());
+                order.setCompanyId(companyUser.getCompanyId());
             }
         }
     }

fs-user-app/src/main/java/com/fs/app/controller/InquiryOrderController.java

@@ -629,9 +629,12 @@ public class InquiryOrderController extends  AppBaseController {
     public R getInquiryOrderById(@RequestParam("orderId")Long orderId)
     {
         FsInquiryOrder order=inquiryOrderService.selectFsInquiryOrderByOrderId(orderId);
-//        if(!order.getUserId().equals(Long.parseLong(getUserId()))){
-//            return R.error("非法操作");
-//        }
+        if(order==null){
+            return R.error("订单不存在");
+        }
+        if(!order.getUserId().equals(Long.parseLong(getUserId()))){
+            return R.error("非法操作");
+        }
         if(order!=null&&StringUtils.isNotEmpty(order.getPatientJson())){
             FsInquiryOrderPatientDTO dto=JSONUtil.toBean(order.getPatientJson(),FsInquiryOrderPatientDTO.class);
             dto.setMobile(ParseUtils.parsePhone(dto.getMobile()));
@@ -648,9 +651,12 @@ public class InquiryOrderController extends  AppBaseController {
     {
         Map<String,Object> maps=new HashMap<>();
         FsInquiryOrder order=inquiryOrderService.selectFsInquiryOrderByOrderId(orderId);
-//        if(!order.getUserId().equals(Long.parseLong(getUserId()))){
-//            return R.error("非法操作");
-//        }
+        if(order==null){
+            return R.error("订单不存在");
+        }
+        if(!order.getUserId().equals(Long.parseLong(getUserId()))){
+            return R.error("非法操作");
+        }
         if(order!=null&&StringUtils.isNotEmpty(order.getPatientJson())){
             FsInquiryOrderPatientDTO dto=JSONUtil.toBean(order.getPatientJson(),FsInquiryOrderPatientDTO.class);
             dto.setMobile(ParseUtils.parsePhone(dto.getMobile()));
@@ -723,9 +729,12 @@ public class InquiryOrderController extends  AppBaseController {
     public R getInquiryOrderReport(@RequestParam("orderId")Long orderId)
     {
         FsInquiryOrderReportUVO report=orderReportService.selectFsInquiryOrderReportUVOByOrderId(orderId);
-//        if(!report.getUserId().equals(Long.parseLong(getUserId()))){
-//            return R.error("非法操作");
-//        }
+        if(report==null){
+            return R.error("报告不存在");
+        }
+        if(!report.getUserId().equals(Long.parseLong(getUserId()))){
+            return R.error("非法操作");
+        }
         if(report!=null&&StringUtils.isNotEmpty(report.getPatientJson())){
             FsInquiryOrderPatientDTO dto=JSONUtil.toBean(report.getPatientJson(),FsInquiryOrderPatientDTO.class);
             dto.setMobile(ParseUtils.parsePhone(dto.getMobile()));
@@ -753,9 +762,12 @@ public class InquiryOrderController extends  AppBaseController {
     public R getCompanyUserInquiryOrderById(@RequestParam("orderId")Long orderId)
     {
         FsInquiryOrder order=inquiryOrderService.selectFsInquiryOrderByOrderId(orderId);
-//        if(!order.getCompanyUserId().equals(getCompanyUserId())){
-//            return R.error("非法操作");
-//        }
+        if(order==null){
+            return R.error("订单不存在");
+        }
+        if(order.getCompanyUserId()==null || !order.getCompanyUserId().equals(getCompanyUserId())){
+            return R.error("非法操作");
+        }
         if(order!=null&&StringUtils.isNotEmpty(order.getPatientJson())){
             FsInquiryOrderPatientDTO dto=JSONUtil.toBean(order.getPatientJson(),FsInquiryOrderPatientDTO.class);
             dto.setMobile(ParseUtils.parsePhone(dto.getMobile()));

fs-user-app/src/main/java/com/fs/app/controller/PatientController.java

@@ -72,12 +72,15 @@ public class PatientController extends  AppBaseController {
     @GetMapping("/getPatientById")
     public R getPatientById(@RequestParam("patientId")Long patientId, HttpServletRequest request){
         FsPatient data=patientService.selectFsPatientByPatientId(patientId);
-        if (data.getMobile()!=null&&data.getMobile().length()>11&&!data.getMobile().matches("\\d+")){
-            data.setMobile(decryptPhone(data.getMobile()));
+        if(data==null){
+            return R.error("就诊人不存在");
         }
         if(!data.getUserId().equals(Long.parseLong(getUserId()))){
             return R.error("非法操作");
         }
+        if (data.getMobile()!=null&&data.getMobile().length()>11&&!data.getMobile().matches("\\d+")){
+            data.setMobile(decryptPhone(data.getMobile()));
+        }
         return R.ok().put("data",data);
     }
     @Login
@@ -278,6 +281,13 @@ public class PatientController extends  AppBaseController {
     @ApiOperation("删除病人")
     @PostMapping("/delPatient")
     public R delPatient(@RequestBody FsPatientAddEditParam param, HttpServletRequest request){
+        FsPatient patient=patientService.selectFsPatientByPatientId(param.getPatientId());
+        if(patient==null){
+            return R.error("就诊人不存在");
+        }
+        if(!patient.getUserId().equals(Long.parseLong(getUserId()))){
+            return R.error("非法操作");
+        }
         patientService.deleteFsPatientByPatientId(param.getPatientId());
         return R.ok("操作成功");
     }

fs-user-app/src/main/java/com/fs/app/controller/UserController.java

@@ -172,6 +172,9 @@ public class UserController extends  AppBaseController {
             @ApiParam(required = true, name = "userId", value = "用户ID") @RequestParam(value = "userId", required = false) Long userId,
             HttpServletRequest request){
         try {
+            if(userId==null || !userId.equals(Long.parseLong(getUserId()))){
+                return R.error("非法操作");
+            }
             FsUser user=userService.selectFsUserByUserId(userId);
             if (user.getPhone()!=null&&user.getPhone().length()>11&&!user.getPhone().matches("\\d+")){
                 user.setPhone(decryptPhoneMk(user.getPhone()));
@@ -392,6 +395,7 @@ public class UserController extends  AppBaseController {
     /**
      * 查询用户
      */
+    @Login
     @GetMapping("/user/list/{name}")
     public TableDataInfo userlist(@PathVariable("name")String name)
     {
@@ -456,6 +460,7 @@ public class UserController extends  AppBaseController {
      *            - duration: 使用时长，单位秒（切后台时必填）
      * @return 操作结果
      */
+    @Login
     @ApiOperation("单条埋点上报")
     @PostMapping("/report")
     public AjaxResult report(@RequestBody UserBehaviorReportDTO dto) {