员工权限完善

cash-api/account-server/src/main/java/com/czg/controller/admin/HandoverRecordController.java

@@ -6,6 +6,7 @@ import com.czg.account.entity.HandoverRecord;
 import com.czg.account.service.HandoverRecordService;
 import com.czg.account.vo.HandoverProductListVo;
 import com.czg.account.vo.HandoverTotalVo;
+import com.czg.annotation.SaStaffCheckPermission;
 import com.czg.enums.YesNoEnum;
 import com.czg.log.annotation.OperationLog;
 import com.czg.resp.CzgResult;
@@ -37,6 +38,7 @@ public class HandoverRecordController {
      */
     @GetMapping("page")
     @OperationLog("交班记录-分页")
+    @SaStaffCheckPermission("yun_xu_cha_kan_suo_you_jiao_ban_ji_lu")
     //@SaAdminCheckPermission("handoverRecord:page")
     public CzgResult<Page<HandoverRecordDTO>> page(@RequestParam(required = false) String beginDate, @RequestParam(required = false) String endDate) {
         Page<HandoverRecordDTO> page = handoverRecordService.getHandoverRecordPage(beginDate, endDate);
@@ -50,6 +52,7 @@ public class HandoverRecordController {
      */
     @GetMapping("{id}")
     @OperationLog("交班记录-查看")
+    @SaStaffCheckPermission("yun_xu_cha_kan_suo_you_jiao_ban_ji_lu")
     //@SaAdminCheckPermission("handoverRecord:info")
     public CzgResult<List<HandoverProductListVo>> info(@PathVariable Long id) {
         List<HandoverProductListVo> data = handoverRecordService.getHandoverProductListById(id);
@@ -64,6 +67,7 @@ public class HandoverRecordController {
     @ResponseExcel(name = "交班售出商品明细")
     @GetMapping("/export/{id}")
     @OperationLog("交班记录-导出")
+    @SaStaffCheckPermission("yun_xu_cha_kan_suo_you_jiao_ban_ji_lu")
     //@SaAdminCheckPermission("handoverRecord:export")
     public List<HandoverProductListVo> export(@PathVariable Long id) {
         return handoverRecordService.getHandoverProductListById(id);
@@ -74,6 +78,7 @@ public class HandoverRecordController {
      */
     @GetMapping("total")
     @OperationLog("收银机-交班数据统计")
+    @SaStaffCheckPermission("yun_xu_cha_kan_suo_you_jiao_ban_ji_lu")
     //@SaAdminCheckPermission("handoverRecord:total")
     public CzgResult<HandoverTotalVo> total() {
         HandoverTotalVo data = handoverRecordService.totalHandoverData();
@@ -87,6 +92,7 @@ public class HandoverRecordController {
      */
     @PostMapping("handover")
     @OperationLog("收银机-交班/关班")
+    @SaStaffCheckPermission("yun_xu_jiao_ban")
     //@SaAdminCheckPermission("handoverRecord:handover")
     public CzgResult<Long> handover(@RequestParam Integer isPrint) {
         Long id = handoverRecordService.handover();
@@ -101,6 +107,7 @@ public class HandoverRecordController {
      */
     @PostMapping("/network/print/{id}")
     @OperationLog("收银机-交班/关班")
+    @SaStaffCheckPermission("yun_xu_cha_kan_suo_you_jiao_ban_ji_lu")
     //@SaAdminCheckPermission("handoverRecord:networkPrint")
     public CzgResult<Void> handover(@PathVariable Long id) {
         handoverRecordService.printHandoverReceipt(id, YesNoEnum.YES.value());
@@ -122,4 +129,4 @@ public class HandoverRecordController {
         return CzgResult.success(data);
     }
 
-}
+}

cash-api/account-server/src/main/java/com/czg/controller/admin/ShopUserController.java

@@ -43,6 +43,7 @@ public class ShopUserController {
      */
     @SaAdminCheckPermission("shopUser:summary")
     @GetMapping("/summary")
+    @SaStaffCheckPermission("yun_xu_guan_li_hui_yuan_xin_xi")
     public CzgResult<ShopUserSummaryDTO> summary(Integer isVip) {
         return CzgResult.success(shopUserService.getSummary(StpKit.USER.getShopId(), isVip));
     }
@@ -64,6 +65,7 @@ public class ShopUserController {
      */
     @SaAdminCheckPermission("shopUser:flow")
     @GetMapping("/flow")
+    @SaStaffCheckPermission("yun_xu_guan_li_hui_yuan_xin_xi")
     public CzgResult<Page<ShopUserFlow>> flow(@RequestParam Integer userId, String bizCode) {
         QueryWrapper queryWrapper = new QueryWrapper().eq(ShopUserFlow::getShopId, StpKit.USER.getShopId())
                 .eq(ShopUserFlow::getUserId, userId);
@@ -80,6 +82,7 @@ public class ShopUserController {
      * @param isVip 0 非vip 1 vip
      * @return 用户列表
      */
+    @SaStaffCheckPermission("yun_xu_guan_li_hui_yuan_xin_xi")
     @SaAdminCheckPermission("shopUser:list")
     @GetMapping
     public CzgResult<Page<ShopUser>> list(String key, Integer isVip) {
@@ -92,6 +95,7 @@ public class ShopUserController {
      * @param userId 用户id
      * @return 用户详情
      */
+    @SaStaffCheckPermission("yun_xu_guan_li_hui_yuan_xin_xi")
     @SaAdminCheckPermission("shopUser:detail")
     @GetMapping("/detail")
     public CzgResult<ShopUser> detail(Integer id, Integer userId) {
@@ -106,6 +110,7 @@ public class ShopUserController {
      *
      * @return 是否成功
      */
+    @SaStaffCheckPermission("yun_xu_guan_li_hui_yuan_xin_xi")
     @SaAdminCheckPermission("shopUser:add")
     @PostMapping
     public CzgResult<Boolean> add(@RequestBody @Validated ShopUserAddDTO shopUserAddDTO) {
@@ -117,6 +122,7 @@ public class ShopUserController {
      *
      * @return 是否成功
      */
+    @SaStaffCheckPermission("yun_xu_guan_li_hui_yuan_xin_xi")
     @SaAdminCheckPermission("shopUser:edit")
     @PutMapping
     public CzgResult<Boolean> edit(@RequestBody @Validated ShopUserEditDTO shopUserEditDTO) {

cash-api/order-server/src/main/java/com/czg/controller/VipPayController.java

@@ -1,5 +1,6 @@
 package com.czg.controller;
 
+import com.czg.annotation.SaStaffCheckPermission;
 import com.czg.resp.CzgResult;
 import com.czg.service.order.dto.VipPayParamDTO;
 import com.czg.service.order.dto.VipRefundDTO;
@@ -33,6 +34,7 @@ public class VipPayController {
      * 现金充值
      * 如果shop_info的 is_member_in_pwd=1 则pwd必填 店铺操作密码
      */
+    @SaStaffCheckPermission("yun_xu_shou_kuan")
     @PostMapping("/cashPayVip")
     public CzgResult<Object> cashPayVip(@Validated @RequestBody VipPayParamDTO payParam) {
         AssertUtil.isNull(payParam.getShopUserId(), "充值失败 未指定店铺用户Id");
@@ -67,6 +69,7 @@ public class VipPayController {
     /**
      * 正扫
      */
+    @SaStaffCheckPermission("yun_xu_shou_kuan")
     @PostMapping("/scanPayVip")
     public CzgResult<Map<String, Object>> scanPayVip(HttpServletRequest request, @Validated @RequestBody VipPayParamDTO payParam) {
         AssertUtil.isNull(payParam.getShopUserId(), "充值失败 未指定店铺用户Id");
@@ -78,6 +81,7 @@ public class VipPayController {
      * 反扫
      * authCode 必填 扫描码
      */
+    @SaStaffCheckPermission("yun_xu_shou_kuan")
     @PostMapping("/microPayVip")
     public CzgResult<Map<String, Object>> microPayVip(@Validated @RequestBody VipPayParamDTO payParam) {
         AssertUtil.isNull(payParam.getShopUserId(), "充值失败 未指定店铺用户Id");
@@ -89,6 +93,7 @@ public class VipPayController {
      * 退款前置
      * 最大退款金额 为 充值金额 inAmount
      */
+    @SaStaffCheckPermission("yun_xu_tui_kuan")
     @PostMapping("/refundVipBefore")
     public CzgResult<Map<String, BigDecimal>> refundVipBefore(@Validated @RequestBody VipRefundDTO payParam) {
         return payService.refundVipBefore(payParam);
@@ -103,6 +108,7 @@ public class VipPayController {
      * 实际可退最大金额为 充值金额
      * 如果实际 大于 理论 则 需要勾选 outOfRange 超额退款 为true 默认为false
      */
+    @SaStaffCheckPermission("yun_xu_tui_kuan")
     @PostMapping("/refundVip")
     public CzgResult<Object> refundVip(HttpServletRequest request, @Validated @RequestBody VipRefundDTO payParam) {
         AssertUtil.isNull(payParam.getRefAmount(), "退款金额不能为空");

cash-api/order-server/src/main/java/com/czg/controller/admin/AdminOrderController.java

@@ -1,5 +1,6 @@
 package com.czg.controller.admin;
 
+import com.czg.annotation.SaStaffCheckPermission;
 import com.czg.order.dto.OrderInfoAddDTO;
 import com.czg.order.dto.OrderInfoPrintDTO;
 import com.czg.order.dto.OrderInfoQueryDTO;
@@ -62,6 +63,7 @@ public class AdminOrderController {
         return CzgResult.success(orderInfoService.historyOrder(orderId, tableCode));
     }
 
+    @SaStaffCheckPermission("yun_xu_xia_dan")
     @PostMapping("/createOrder")
     public CzgResult<OrderInfo> createOrder(@Validated @RequestBody OrderInfoAddDTO addDto) {
         addDto.setPlatformType(ServletUtil.getHeaderIgnoreCase(ServletUtil.getRequest(), "platformType"));
@@ -85,6 +87,7 @@ public class AdminOrderController {
      * 订单全额退款 只传订单id
      * 部分退款 传参refundDetail
      */
+    @SaStaffCheckPermission("yun_xu_tui_kuan")
     @PostMapping("/refundOrder")
     public CzgResult<Object> refundOrder(@Validated @RequestBody OrderInfoRefundDTO refundDTO) {
         return payService.refundOrderBefore(refundDTO);

cash-api/product-server/src/main/java/com/czg/controller/admin/ProductController.java

@@ -2,6 +2,7 @@ package com.czg.controller.admin;
 
 import cn.hutool.core.convert.Convert;
 import cn.hutool.core.thread.ThreadUtil;
+import com.czg.annotation.SaStaffCheckPermission;
 import com.czg.config.RabbitPublisher;
 import com.czg.exception.CzgException;
 import com.czg.log.annotation.OperationLog;
@@ -87,8 +88,20 @@ public class ProductController {
 
     @PutMapping
     @OperationLog("商品-修改")
+    @SaStaffCheckPermission("yun_xu_xiu_gai_shang_pin")
     //@SaAdminCheckPermission("product:update")
     public CzgResult<Void> updateProduct(@RequestBody @Validated({UpdateGroup.class, DefaultGroup.class}) ProductDTO dto) {
+        if (dto.getCategoryId() != null) {
+            StpKit.USER.checkStaffPermission("yun_xu_xiu_gai_fen_lei");
+        }
+
+        if (dto.getGroupCategoryId() != null) {
+            StpKit.USER.checkStaffPermission("yun_xu_xiu_gai_fen_zu");
+        }
+
+        if (dto.getStockNumber() != null) {
+            StpKit.USER.checkStaffPermission("yun_xu_xiu_gai_shang_pin_ku_cun");
+        }
         Long shopId = StpKit.USER.getShopId(0L);
         dto.setShopId(shopId);
         productService.updateProduct(dto);
@@ -100,6 +113,7 @@ public class ProductController {
 
     @DeleteMapping("{id}")
     @OperationLog("商品-删除")
+    @SaStaffCheckPermission("yun_xu_xiu_gai_shang_pin")
     //@SaAdminCheckPermission("product:delete")
     public CzgResult<Void> deleteProduct(@PathVariable("id") Long id) {
         //效验数据
@@ -117,6 +131,7 @@ public class ProductController {
      */
     @PostMapping("onOff")
     @OperationLog("商品-上下架")
+    @SaStaffCheckPermission("yun_xu_shang_xia_jia_shang_pin")
     //@SaAdminCheckPermission("product:on-off")
     public CzgResult<Void> onOffProduct(@RequestBody @Validated({DefaultGroup.class}) ProductIsSaleParam param) {
         Long shopId = StpKit.USER.getShopId(0L);
@@ -133,6 +148,7 @@ public class ProductController {
      */
     @PostMapping("markIsSoldOut")
     @OperationLog("商品-标记售罄")
+    @SaStaffCheckPermission("yun_xu_shou_qing_shang_pin")
     //@SaAdminCheckPermission("product:markIsSoldOut")
     public CzgResult<Void> markIsSoldOutProduct(@RequestBody @Validated({DefaultGroup.class}) ProductIsSoldOutParam param) {
         Long shopId = StpKit.USER.getShopId(0L);
@@ -193,4 +209,4 @@ public class ProductController {
         return CzgResult.success();
     }
 
-}
+}

cash-common/cash-common-sa-token/src/main/java/com/czg/sa/MyStpLogic.java

@@ -40,6 +40,16 @@ public class MyStpLogic {
         return ADMIN_LOGIC;
     }
 
+    /**
+     * 校验员工权限
+     * @param code 权限码
+     */
+    public void checkStaffPermission(String code) {
+        if (this.isStaff()) {
+            StpKit.USER.checkPermission(code);
+        }
+    }
+
     /**
      * @param id        登录账号id
      * @param shopId    店铺id
@@ -152,6 +162,10 @@ public class MyStpLogic {
      */
     public boolean isStaff() {
         StpLogic logic = getLogic();
+        Object loginIdDefaultNull = logic.getLoginIdDefaultNull();
+        if (loginIdDefaultNull == null) {
+            return false;
+        }
         Object object = logic.getSession().get("loginType");
         return object instanceof LoginType t && t.equals(LoginType.STAFF);
     }