缓存、权限

src/main/java/com/izouma/nineth/service/CacheService.java

@@ -34,6 +34,10 @@ public class CacheService {
     public void clearUserInfo(Long id) {
     }
 
+    @CacheEvict(value = "myUserInfo", key = "#id")
+    public void clearUserMy(Long id) {
+    }
+
     @CacheEvict(value = "recommend", allEntries = true)
     public void clearRecommend() {
     }

src/main/java/com/izouma/nineth/service/OrderService.java

@@ -813,19 +813,6 @@ public class OrderService {
         }
     }
 
-    public void refund(Long id) throws WxPayException {
-        Order order = orderRepo.findById(id).orElseThrow(new BusinessException("无记录"));
-        if (order.getStatus() != OrderStatus.FINISH) {
-            throw new BusinessException("订单未付款");
-        }
-        WxPayRefundRequest request = new WxPayRefundRequest();
-        request.setTransactionId(order.getTransactionId());
-        request.setTotalFee(order.getTotalPrice().multiply(BigDecimal.valueOf(100)).intValue());
-        request.setRefundFee(order.getTotalPrice().multiply(BigDecimal.valueOf(100)).intValue());
-        request.setOutRefundNo(String.valueOf(snowflakeIdWorker.nextId()));
-        wxPayService.refund(request);
-    }
-
     public Object queryCreateOrder(String id) {
         Object res = redisTemplate.opsForValue().get(RedisKeys.CREATE_ORDER + id);
         if (res != null) {

src/main/java/com/izouma/nineth/service/UserService.java

@@ -77,6 +77,11 @@ public class UserService {
     private CollectionService     collectionService;
 
     public User update(User user) {
+        if (!SecurityUtils.hasRole(AuthorityName.ROLE_ADMIN)) {
+            if (!SecurityUtils.getAuthenticatedUser().getId().equals(user.getId())) {
+                throw new BusinessException("无权限");
+            }
+        }
         User orig = userRepo.findById(user.getId()).orElseThrow(new BusinessException("无记录"));
         ObjUtils.merge(orig, user);
         orig = save(orig);
@@ -88,6 +93,7 @@ public class UserService {
         userRepo.updateHistoryFromUser(orig.getId());
         userRepo.updateHistoryToUser(orig.getId());
         cacheService.clearCollection();
+        cacheService.clearUserMy(user.getId());
         return orig;
     }
 

src/main/java/com/izouma/nineth/web/AssetController.java

@@ -10,7 +10,6 @@ import com.izouma.nineth.repo.AssetRepo;
 import com.izouma.nineth.repo.OrderRepo;
 import com.izouma.nineth.service.AssetService;
 import com.izouma.nineth.service.GiftOrderService;
-import com.izouma.nineth.utils.ObjUtils;
 import com.izouma.nineth.utils.SecurityUtils;
 import com.izouma.nineth.utils.excel.ExcelUtils;
 import io.swagger.annotations.ApiOperation;
@@ -37,15 +36,15 @@ public class AssetController extends BaseController {
     private OrderRepo        orderRepo;
 
     //@PreAuthorize("hasRole('ADMIN')")
-    @PostMapping("/save")
-    public Asset save(@RequestBody Asset record) {
-        if (record.getId() != null) {
-            Asset orig = assetRepo.findById(record.getId()).orElseThrow(new BusinessException("无记录"));
-            ObjUtils.merge(orig, record);
-            return assetRepo.save(orig);
-        }
-        return assetRepo.save(record);
-    }
+//    @PostMapping("/save")
+//    public Asset save(@RequestBody Asset record) {
+//        if (record.getId() != null) {
+//            Asset orig = assetRepo.findById(record.getId()).orElseThrow(new BusinessException("无记录"));
+//            ObjUtils.merge(orig, record);
+//            return assetRepo.save(orig);
+//        }
+//        return assetRepo.save(record);
+//    }
 
 
     //@PreAuthorize("hasRole('ADMIN')")
@@ -61,10 +60,10 @@ public class AssetController extends BaseController {
         return asset;
     }
 
-    @PostMapping("/del/{id}")
-    public void del(@PathVariable Long id) {
-        assetRepo.softDelete(id);
-    }
+//    @PostMapping("/del/{id}")
+//    public void del(@PathVariable Long id) {
+//        assetRepo.softDelete(id);
+//    }
 
     @GetMapping("/excel")
     @ResponseBody

src/main/java/com/izouma/nineth/web/BannerController.java

@@ -10,6 +10,7 @@ import com.izouma.nineth.utils.ObjUtils;
 import com.izouma.nineth.utils.excel.ExcelUtils;
 import lombok.AllArgsConstructor;
 import org.springframework.data.domain.Page;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.servlet.http.HttpServletResponse;
@@ -24,7 +25,7 @@ public class BannerController extends BaseController {
     private BannerRepo    bannerRepo;
     private CacheService  cacheService;
 
-    //@PreAuthorize("hasRole('ADMIN')")
+    @PreAuthorize("hasRole('ADMIN')")
     @PostMapping("/save")
     public Banner save(@RequestBody Banner record) {
         if (record.getId() != null) {
@@ -52,6 +53,7 @@ public class BannerController extends BaseController {
         return bannerRepo.findById(id).orElseThrow(new BusinessException("无记录"));
     }
 
+    @PreAuthorize("hasRole('ADMIN')")
     @PostMapping("/del/{id}")
     public void del(@PathVariable Long id) {
         bannerRepo.softDelete(id);

src/main/java/com/izouma/nineth/web/CollectionController.java

@@ -2,7 +2,10 @@ package com.izouma.nineth.web;
 
 import com.izouma.nineth.domain.Collection;
 import com.izouma.nineth.domain.FileObject;
-import com.izouma.nineth.dto.*;
+import com.izouma.nineth.dto.CollectionDTO;
+import com.izouma.nineth.dto.CreateBlindBox;
+import com.izouma.nineth.dto.PageQuery;
+import com.izouma.nineth.dto.RecommendDTO;
 import com.izouma.nineth.exception.BusinessException;
 import com.izouma.nineth.repo.CollectionRepo;
 import com.izouma.nineth.repo.NewsRepo;
@@ -16,16 +19,18 @@ import lombok.AllArgsConstructor;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.BeanUtils;
 import org.springframework.cache.annotation.CacheEvict;
+import org.springframework.cache.annotation.Cacheable;
 import org.springframework.data.domain.Page;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
 import java.util.stream.Collectors;
 
-import org.springframework.cache.annotation.Cacheable;
-
 @RestController
 @RequestMapping("/collection")
 @AllArgsConstructor
@@ -36,12 +41,13 @@ public class CollectionController extends BaseController {
     private NewsRepo          newsRepo;
     private CacheService      cacheService;
 
-    //@PreAuthorize("hasRole('ADMIN')")
+    @PreAuthorize("hasRole('ADMIN')")
     @PostMapping("/save")
     public Collection save(@RequestBody Collection record) {
         return collectionService.update(record);
     }
 
+    @PreAuthorize("hasRole('ADMIN')")
     @PostMapping("/create")
     public Collection create(@RequestBody Collection record) {
         return collectionService.create(record);
@@ -59,10 +65,11 @@ public class CollectionController extends BaseController {
                 .orElseThrow(new BusinessException("无记录")), true, true);
     }
 
-    @PostMapping("/del/{id}")
-    public void del(@PathVariable Long id) {
-        collectionRepo.softDelete(id);
-    }
+//    @PreAuthorize("hasRole('ADMIN')")
+//    @PostMapping("/del/{id}")
+//    public void del(@PathVariable Long id) {
+//        collectionRepo.softDelete(id);
+//    }
 
     @GetMapping("/excel")
     @ResponseBody
@@ -91,6 +98,7 @@ public class CollectionController extends BaseController {
         return collectionService.toDTO(collectionRepo.userLikes(SecurityUtils.getAuthenticatedUser().getId()));
     }
 
+    @PreAuthorize("hasRole('ADMIN')")
     @PostMapping("/createBlindBox")
     public Collection createBlindBox(@RequestBody CreateBlindBox createBlindBox) {
         return collectionService.createBlindBox(createBlindBox);
@@ -149,6 +157,7 @@ public class CollectionController extends BaseController {
         return recommedDTOS;
     }
 
+    @PreAuthorize("hasRole('ADMIN')")
     @GetMapping("/clearRecommend")
     public String clearRecommend() {
         cacheService.clearRecommend();

src/main/java/com/izouma/nineth/web/OrderController.java

@@ -1,6 +1,5 @@
 package com.izouma.nineth.web;
 
-import com.github.binarywang.wxpay.exception.WxPayException;
 import com.izouma.nineth.domain.Order;
 import com.izouma.nineth.domain.User;
 import com.izouma.nineth.dto.OrderDTO;
@@ -12,7 +11,6 @@ import com.izouma.nineth.exception.BusinessException;
 import com.izouma.nineth.repo.OrderRepo;
 import com.izouma.nineth.repo.UserRepo;
 import com.izouma.nineth.service.OrderService;
-import com.izouma.nineth.utils.ObjUtils;
 import com.izouma.nineth.utils.SecurityUtils;
 import com.izouma.nineth.utils.SnowflakeIdWorker;
 import com.izouma.nineth.utils.excel.ExcelUtils;
@@ -39,15 +37,15 @@ public class OrderController extends BaseController {
     private UserRepo     userRepo;
 
     //@PreAuthorize("hasRole('ADMIN')")
-    @PostMapping("/save")
-    public Order save(@RequestBody Order record) {
-        if (record.getId() != null) {
-            Order orig = orderRepo.findById(record.getId()).orElseThrow(new BusinessException("无记录"));
-            ObjUtils.merge(orig, record);
-            return orderRepo.save(orig);
-        }
-        return orderRepo.save(record);
-    }
+//    @PostMapping("/save")
+//    public Order save(@RequestBody Order record) {
+//        if (record.getId() != null) {
+//            Order orig = orderRepo.findById(record.getId()).orElseThrow(new BusinessException("无记录"));
+//            ObjUtils.merge(orig, record);
+//            return orderRepo.save(orig);
+//        }
+//        return orderRepo.save(record);
+//    }
 
 
     //@PreAuthorize("hasRole('ADMIN')")
@@ -74,10 +72,10 @@ public class OrderController extends BaseController {
         return orderRepo.findById(id).orElseThrow(new BusinessException("无记录"));
     }
 
-    @PostMapping("/del/{id}")
-    public void del(@PathVariable Long id) {
-        orderRepo.softDelete(id);
-    }
+//    @PostMapping("/del/{id}")
+//    public void del(@PathVariable Long id) {
+//        orderRepo.softDelete(id);
+//    }
 
     @PostMapping("/excel")
     @ResponseBody
@@ -123,11 +121,6 @@ public class OrderController extends BaseController {
         orderRepo.save(order);
     }
 
-    @PostMapping("/refund")
-    public void refund(@RequestParam Long id) throws WxPayException {
-        orderService.refund(id);
-    }
-
     @GetMapping("/{id}/status")
     public Object status(@PathVariable Long id) {
         Order order = orderRepo.findById(id).orElseThrow(new BusinessException("订单不存在"));