diff --git a/cash-api/account-server/src/main/java/com/czg/controller/admin/HandoverRecordController.java b/cash-api/account-server/src/main/java/com/czg/controller/admin/HandoverRecordController.java index b702cd88..cd4156d7 100644 --- a/cash-api/account-server/src/main/java/com/czg/controller/admin/HandoverRecordController.java +++ b/cash-api/account-server/src/main/java/com/czg/controller/admin/HandoverRecordController.java @@ -6,6 +6,7 @@ import com.czg.account.entity.HandoverRecord; import com.czg.account.service.HandoverRecordService; import com.czg.account.vo.HandoverProductListVo; import com.czg.account.vo.HandoverTotalVo; +import com.czg.annotation.SaStaffCheckPermission; import com.czg.enums.YesNoEnum; import com.czg.log.annotation.OperationLog; import com.czg.resp.CzgResult; @@ -37,6 +38,7 @@ public class HandoverRecordController { */ @GetMapping("page") @OperationLog("交班记录-分页") + @SaStaffCheckPermission("yun_xu_cha_kan_suo_you_jiao_ban_ji_lu") //@SaAdminCheckPermission("handoverRecord:page") public CzgResult> page(@RequestParam(required = false) String beginDate, @RequestParam(required = false) String endDate) { Page page = handoverRecordService.getHandoverRecordPage(beginDate, endDate); @@ -50,6 +52,7 @@ public class HandoverRecordController { */ @GetMapping("{id}") @OperationLog("交班记录-查看") + @SaStaffCheckPermission("yun_xu_cha_kan_suo_you_jiao_ban_ji_lu") //@SaAdminCheckPermission("handoverRecord:info") public CzgResult> info(@PathVariable Long id) { List data = handoverRecordService.getHandoverProductListById(id); @@ -64,6 +67,7 @@ public class HandoverRecordController { @ResponseExcel(name = "交班售出商品明细") @GetMapping("/export/{id}") @OperationLog("交班记录-导出") + @SaStaffCheckPermission("yun_xu_cha_kan_suo_you_jiao_ban_ji_lu") //@SaAdminCheckPermission("handoverRecord:export") public List export(@PathVariable Long id) { return handoverRecordService.getHandoverProductListById(id); @@ -74,6 +78,7 @@ public class HandoverRecordController { */ @GetMapping("total") @OperationLog("收银机-交班数据统计") + @SaStaffCheckPermission("yun_xu_cha_kan_suo_you_jiao_ban_ji_lu") //@SaAdminCheckPermission("handoverRecord:total") public CzgResult total() { HandoverTotalVo data = handoverRecordService.totalHandoverData(); @@ -87,6 +92,7 @@ public class HandoverRecordController { */ @PostMapping("handover") @OperationLog("收银机-交班/关班") + @SaStaffCheckPermission("yun_xu_jiao_ban") //@SaAdminCheckPermission("handoverRecord:handover") public CzgResult handover(@RequestParam Integer isPrint) { Long id = handoverRecordService.handover(); @@ -101,6 +107,7 @@ public class HandoverRecordController { */ @PostMapping("/network/print/{id}") @OperationLog("收银机-交班/关班") + @SaStaffCheckPermission("yun_xu_cha_kan_suo_you_jiao_ban_ji_lu") //@SaAdminCheckPermission("handoverRecord:networkPrint") public CzgResult handover(@PathVariable Long id) { handoverRecordService.printHandoverReceipt(id, YesNoEnum.YES.value()); @@ -122,4 +129,4 @@ public class HandoverRecordController { return CzgResult.success(data); } -} \ No newline at end of file +} diff --git a/cash-api/account-server/src/main/java/com/czg/controller/admin/ShopUserController.java b/cash-api/account-server/src/main/java/com/czg/controller/admin/ShopUserController.java index 7131d375..c8ed3634 100644 --- a/cash-api/account-server/src/main/java/com/czg/controller/admin/ShopUserController.java +++ b/cash-api/account-server/src/main/java/com/czg/controller/admin/ShopUserController.java @@ -43,6 +43,7 @@ public class ShopUserController { */ @SaAdminCheckPermission("shopUser:summary") @GetMapping("/summary") + @SaStaffCheckPermission("yun_xu_guan_li_hui_yuan_xin_xi") public CzgResult summary(Integer isVip) { return CzgResult.success(shopUserService.getSummary(StpKit.USER.getShopId(), isVip)); } @@ -64,6 +65,7 @@ public class ShopUserController { */ @SaAdminCheckPermission("shopUser:flow") @GetMapping("/flow") + @SaStaffCheckPermission("yun_xu_guan_li_hui_yuan_xin_xi") public CzgResult> flow(@RequestParam Integer userId, String bizCode) { QueryWrapper queryWrapper = new QueryWrapper().eq(ShopUserFlow::getShopId, StpKit.USER.getShopId()) .eq(ShopUserFlow::getUserId, userId); @@ -80,6 +82,7 @@ public class ShopUserController { * @param isVip 0 非vip 1 vip * @return 用户列表 */ + @SaStaffCheckPermission("yun_xu_guan_li_hui_yuan_xin_xi") @SaAdminCheckPermission("shopUser:list") @GetMapping public CzgResult> list(String key, Integer isVip) { @@ -92,6 +95,7 @@ public class ShopUserController { * @param userId 用户id * @return 用户详情 */ + @SaStaffCheckPermission("yun_xu_guan_li_hui_yuan_xin_xi") @SaAdminCheckPermission("shopUser:detail") @GetMapping("/detail") public CzgResult detail(Integer id, Integer userId) { @@ -106,6 +110,7 @@ public class ShopUserController { * * @return 是否成功 */ + @SaStaffCheckPermission("yun_xu_guan_li_hui_yuan_xin_xi") @SaAdminCheckPermission("shopUser:add") @PostMapping public CzgResult add(@RequestBody @Validated ShopUserAddDTO shopUserAddDTO) { @@ -117,6 +122,7 @@ public class ShopUserController { * * @return 是否成功 */ + @SaStaffCheckPermission("yun_xu_guan_li_hui_yuan_xin_xi") @SaAdminCheckPermission("shopUser:edit") @PutMapping public CzgResult edit(@RequestBody @Validated ShopUserEditDTO shopUserEditDTO) { diff --git a/cash-api/order-server/src/main/java/com/czg/controller/VipPayController.java b/cash-api/order-server/src/main/java/com/czg/controller/VipPayController.java index 601d6523..0aa6a651 100644 --- a/cash-api/order-server/src/main/java/com/czg/controller/VipPayController.java +++ b/cash-api/order-server/src/main/java/com/czg/controller/VipPayController.java @@ -1,5 +1,6 @@ package com.czg.controller; +import com.czg.annotation.SaStaffCheckPermission; import com.czg.resp.CzgResult; import com.czg.service.order.dto.VipPayParamDTO; import com.czg.service.order.dto.VipRefundDTO; @@ -33,6 +34,7 @@ public class VipPayController { * 现金充值 * 如果shop_info的 is_member_in_pwd=1 则pwd必填 店铺操作密码 */ + @SaStaffCheckPermission("yun_xu_shou_kuan") @PostMapping("/cashPayVip") public CzgResult cashPayVip(@Validated @RequestBody VipPayParamDTO payParam) { AssertUtil.isNull(payParam.getShopUserId(), "充值失败 未指定店铺用户Id"); @@ -67,6 +69,7 @@ public class VipPayController { /** * 正扫 */ + @SaStaffCheckPermission("yun_xu_shou_kuan") @PostMapping("/scanPayVip") public CzgResult> scanPayVip(HttpServletRequest request, @Validated @RequestBody VipPayParamDTO payParam) { AssertUtil.isNull(payParam.getShopUserId(), "充值失败 未指定店铺用户Id"); @@ -78,6 +81,7 @@ public class VipPayController { * 反扫 * authCode 必填 扫描码 */ + @SaStaffCheckPermission("yun_xu_shou_kuan") @PostMapping("/microPayVip") public CzgResult> microPayVip(@Validated @RequestBody VipPayParamDTO payParam) { AssertUtil.isNull(payParam.getShopUserId(), "充值失败 未指定店铺用户Id"); @@ -89,6 +93,7 @@ public class VipPayController { * 退款前置 * 最大退款金额 为 充值金额 inAmount */ + @SaStaffCheckPermission("yun_xu_tui_kuan") @PostMapping("/refundVipBefore") public CzgResult> refundVipBefore(@Validated @RequestBody VipRefundDTO payParam) { return payService.refundVipBefore(payParam); @@ -103,6 +108,7 @@ public class VipPayController { * 实际可退最大金额为 充值金额 * 如果实际 大于 理论 则 需要勾选 outOfRange 超额退款 为true 默认为false */ + @SaStaffCheckPermission("yun_xu_tui_kuan") @PostMapping("/refundVip") public CzgResult refundVip(HttpServletRequest request, @Validated @RequestBody VipRefundDTO payParam) { AssertUtil.isNull(payParam.getRefAmount(), "退款金额不能为空"); diff --git a/cash-api/order-server/src/main/java/com/czg/controller/admin/AdminOrderController.java b/cash-api/order-server/src/main/java/com/czg/controller/admin/AdminOrderController.java index f8f3de0e..8e1877bb 100644 --- a/cash-api/order-server/src/main/java/com/czg/controller/admin/AdminOrderController.java +++ b/cash-api/order-server/src/main/java/com/czg/controller/admin/AdminOrderController.java @@ -1,5 +1,6 @@ package com.czg.controller.admin; +import com.czg.annotation.SaStaffCheckPermission; import com.czg.order.dto.OrderInfoAddDTO; import com.czg.order.dto.OrderInfoPrintDTO; import com.czg.order.dto.OrderInfoQueryDTO; @@ -62,6 +63,7 @@ public class AdminOrderController { return CzgResult.success(orderInfoService.historyOrder(orderId, tableCode)); } + @SaStaffCheckPermission("yun_xu_xia_dan") @PostMapping("/createOrder") public CzgResult createOrder(@Validated @RequestBody OrderInfoAddDTO addDto) { addDto.setPlatformType(ServletUtil.getHeaderIgnoreCase(ServletUtil.getRequest(), "platformType")); @@ -85,6 +87,7 @@ public class AdminOrderController { * 订单全额退款 只传订单id * 部分退款 传参refundDetail */ + @SaStaffCheckPermission("yun_xu_tui_kuan") @PostMapping("/refundOrder") public CzgResult refundOrder(@Validated @RequestBody OrderInfoRefundDTO refundDTO) { return payService.refundOrderBefore(refundDTO); diff --git a/cash-api/product-server/src/main/java/com/czg/controller/admin/ProductController.java b/cash-api/product-server/src/main/java/com/czg/controller/admin/ProductController.java index bc47fd0f..6c0cd0a1 100644 --- a/cash-api/product-server/src/main/java/com/czg/controller/admin/ProductController.java +++ b/cash-api/product-server/src/main/java/com/czg/controller/admin/ProductController.java @@ -2,6 +2,7 @@ package com.czg.controller.admin; import cn.hutool.core.convert.Convert; import cn.hutool.core.thread.ThreadUtil; +import com.czg.annotation.SaStaffCheckPermission; import com.czg.config.RabbitPublisher; import com.czg.exception.CzgException; import com.czg.log.annotation.OperationLog; @@ -87,8 +88,20 @@ public class ProductController { @PutMapping @OperationLog("商品-修改") + @SaStaffCheckPermission("yun_xu_xiu_gai_shang_pin") //@SaAdminCheckPermission("product:update") public CzgResult updateProduct(@RequestBody @Validated({UpdateGroup.class, DefaultGroup.class}) ProductDTO dto) { + if (dto.getCategoryId() != null) { + StpKit.USER.checkStaffPermission("yun_xu_xiu_gai_fen_lei"); + } + + if (dto.getGroupCategoryId() != null) { + StpKit.USER.checkStaffPermission("yun_xu_xiu_gai_fen_zu"); + } + + if (dto.getStockNumber() != null) { + StpKit.USER.checkStaffPermission("yun_xu_xiu_gai_shang_pin_ku_cun"); + } Long shopId = StpKit.USER.getShopId(0L); dto.setShopId(shopId); productService.updateProduct(dto); @@ -100,6 +113,7 @@ public class ProductController { @DeleteMapping("{id}") @OperationLog("商品-删除") + @SaStaffCheckPermission("yun_xu_xiu_gai_shang_pin") //@SaAdminCheckPermission("product:delete") public CzgResult deleteProduct(@PathVariable("id") Long id) { //效验数据 @@ -117,6 +131,7 @@ public class ProductController { */ @PostMapping("onOff") @OperationLog("商品-上下架") + @SaStaffCheckPermission("yun_xu_shang_xia_jia_shang_pin") //@SaAdminCheckPermission("product:on-off") public CzgResult onOffProduct(@RequestBody @Validated({DefaultGroup.class}) ProductIsSaleParam param) { Long shopId = StpKit.USER.getShopId(0L); @@ -133,6 +148,7 @@ public class ProductController { */ @PostMapping("markIsSoldOut") @OperationLog("商品-标记售罄") + @SaStaffCheckPermission("yun_xu_shou_qing_shang_pin") //@SaAdminCheckPermission("product:markIsSoldOut") public CzgResult markIsSoldOutProduct(@RequestBody @Validated({DefaultGroup.class}) ProductIsSoldOutParam param) { Long shopId = StpKit.USER.getShopId(0L); @@ -193,4 +209,4 @@ public class ProductController { return CzgResult.success(); } -} \ No newline at end of file +} diff --git a/cash-common/cash-common-sa-token/src/main/java/com/czg/sa/MyStpLogic.java b/cash-common/cash-common-sa-token/src/main/java/com/czg/sa/MyStpLogic.java index 423b77e3..63b33b2f 100644 --- a/cash-common/cash-common-sa-token/src/main/java/com/czg/sa/MyStpLogic.java +++ b/cash-common/cash-common-sa-token/src/main/java/com/czg/sa/MyStpLogic.java @@ -40,6 +40,16 @@ public class MyStpLogic { return ADMIN_LOGIC; } + /** + * 校验员工权限 + * @param code 权限码 + */ + public void checkStaffPermission(String code) { + if (this.isStaff()) { + StpKit.USER.checkPermission(code); + } + } + /** * @param id 登录账号id * @param shopId 店铺id @@ -152,6 +162,10 @@ public class MyStpLogic { */ public boolean isStaff() { StpLogic logic = getLogic(); + Object loginIdDefaultNull = logic.getLoginIdDefaultNull(); + if (loginIdDefaultNull == null) { + return false; + } Object object = logic.getSession().get("loginType"); return object instanceof LoginType t && t.equals(LoginType.STAFF); }