feat: 添加顾客权限控制和订单时间限制

2026-03-24 00:40:15 +00:00
parent 8e47a764b3
commit 3d84686fcf
9 changed files with 222 additions and 13 deletions
--- a/src/main/java/com/example/building/controller/OrderController.java
+++ b/src/main/java/com/example/building/controller/OrderController.java
@@ -5,9 +5,12 @@ import com.example.building.common.Result;
 import com.example.building.dto.CreateOrderRequest;
 import com.example.building.entity.Order;
 import com.example.building.service.OrderService;
+import com.example.building.service.SystemConfigService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;

+import static java.lang.String.defaultString;
+
 import java.util.Map;

 /**
@@ -16,6 +19,7 @@ import java.util.Map;
 * - 订单创建：计算原价(total_amount)、优惠金额(discount_amount)、实付金额(actual_amount)
 * - 订单原价 = 商品标价 × 数量之和
 * - 实付金额 = 原价 - 优惠金额
+ * - 顾客角色：只能查看半年内的订单（可配置）
 */
@RestController
@RequestMapping("/api/v1/orders")
@@ -24,22 +28,28 @@ public class OrderController {
    @Autowired
    private OrderService orderService;

+    @Autowired
+    private SystemConfigService systemConfigService;
+
    /**
     * 创建订单
-     * 核心逻辑：
-     * 1. 计算订单原价(total_amount) = Σ(item.price × item.quantity)
-     * 2. 计算优惠金额(discount_amount) = total_amount × (100 - discount_rate) / 100
-     * 3. 计算实付金额(actual_amount) = total_amount - discount_amount
+     * 顾客角色不允许创建订单
     */
    @PostMapping
    public Result<Order> createOrder(@RequestBody CreateOrderRequest request,
                                     @RequestHeader("X-User-Id") String operatorId,
-                                     @RequestHeader("X-Username") String operatorName) {
+                                     @RequestHeader("X-Username") String operatorName,
+                                     @RequestHeader(value = "X-User-Role", required = defaultString) String role) {
+        // 顾客角色不允许创建订单
+        if ("customer".equals(role)) {
+            return Result.error("顾客账号不允许创建订单，请联系销售人员");
+        }
        return Result.success(orderService.createOrder(request, operatorId, operatorName));
    }

    /**
     * 获取订单列表
+     * 顾客角色只能看到半年内的订单（可配置）
     */
    @GetMapping
    public Result<Page<Order>> getOrders(
@@ -48,16 +58,26 @@ public class OrderController {
            @RequestParam(required = false) String startDate,
            @RequestParam(required = false) String endDate,
            @RequestParam(defaultValue = "1") Integer page,
-            @RequestParam(defaultValue = "20") Integer pageSize) {
+            @RequestParam(defaultValue = "20") Integer pageSize,
+            @RequestHeader(value = "X-User-Role", required = defaultString) String role) {
+        
+        // 顾客角色：限制时间范围
+        if ("customer".equals(role) && startDate == null) {
+            startDate = systemConfigService.getCustomerOrderStartDate().toString();
+        }
+        
        return Result.success(orderService.getOrders(customerId, status, startDate, endDate, page, pageSize));
    }

    /**
     * 获取订单详情
+     * 顾客只能查看自己的订单
     */
    @GetMapping("/{id}")
-    public Result<Map<String, Object>> getOrderDetail(@PathVariable String id) {
-        return Result.success(orderService.getOrderDetail(id));
+    public Result<Map<String, Object>> getOrderDetail(@PathVariable String id,
+                                                       @RequestHeader("X-User-Id") String userId,
+                                                       @RequestHeader(value = "X-User-Role", required = defaultString) String role) {
+        return Result.success(orderService.getOrderDetail(id, userId, role));
    }

    /**
@@ -65,7 +85,12 @@ public class OrderController {
     */
    @PutMapping("/{id}/cancel")
    public Result<Void> cancelOrder(@PathVariable String id,
-                                    @RequestHeader("X-User-Id") String operatorId) {
+                                    @RequestHeader("X-User-Id") String operatorId,
+                                    @RequestHeader(value = "X-User-Role", required = defaultString) String role) {
+        // 顾客不能取消订单
+        if ("customer".equals(role)) {
+            return Result.error("顾客账号不允许取消订单");
+        }
        orderService.cancelOrder(id, operatorId);
        return Result.success();
    }
@@ -75,7 +100,12 @@ public class OrderController {
     */
    @PutMapping("/{id}/refund")
    public Result<Void> refundOrder(@PathVariable String id,
-                                   @RequestHeader("X-User-Id") String operatorId) {
+                                   @RequestHeader("X-User-Id") String operatorId,
+                                   @RequestHeader(value = "X-User-Role", required = defaultString) String role) {
+        // 顾客不能退款
+        if ("customer".equals(role)) {
+            return Result.error("顾客账号不允许退款操作");
+        }
        orderService.refundOrder(id, operatorId);
        return Result.success();
    }
@@ -86,7 +116,12 @@ public class OrderController {
    @GetMapping("/statistics")
    public Result<Map<String, Object>> getStatistics(
            @RequestParam(required = false) String startDate,
-            @RequestParam(required = false) String endDate) {
+            @RequestParam(required = false) String endDate,
+            @RequestHeader(value = "X-User-Role", required = defaultString) String role) {
+        // 顾客不能查看统计
+        if ("customer".equals(role)) {
+            return Result.error("顾客账号不允许查看统计");
+        }
        return Result.success(orderService.getStatistics(startDate, endDate));
    }
 }
--- a/src/main/java/com/example/building/controller/SystemConfigController.java
+++ b/src/main/java/com/example/building/controller/SystemConfigController.java
@@ -0,0 +1,57 @@
+package com.example.building.controller;
+
+import com.example.building.common.Result;
+import com.example.building.entity.SystemConfig;
+import com.example.building.mapper.SystemConfigMapper;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * 系统配置控制器
+ */
+@RestController
+@RequestMapping("/api/v1/system-config")
+public class SystemConfigController {
+
+    @Autowired
+    private SystemConfigMapper systemConfigMapper;
+
+    /**
+     * 获取所有配置
+     */
+    @GetMapping
+    public Result<Map<String, String>> getAllConfig() {
+        List<SystemConfig> configs = systemConfigMapper.selectList(null);
+        Map<String, String> result = new HashMap<>();
+        for (SystemConfig config : configs) {
+            result.put(config.getConfigKey(), config.getConfigValue());
+        }
+        return Result.success(result);
+    }
+
+    /**
+     * 更新配置
+     */
+    @PutMapping
+    public Result<Void> updateConfig(@RequestBody SystemConfig config) {
+        // 检查是否存在
+        SystemConfig existing = systemConfigMapper.selectOne(
+            new com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper<SystemConfig>()
+                .eq(SystemConfig::getConfigKey, config.getConfigKey())
+        );
+        
+        if (existing != null) {
+            existing.setConfigValue(config.getConfigValue());
+            existing.setRemark(config.getRemark());
+            systemConfigMapper.updateById(existing);
+        } else {
+            config.setConfigId(java.util.UUID.randomUUID().toString());
+            systemConfigMapper.insert(config);
+        }
+        return Result.success();
+    }
+}