分享订单权限控制

src/main/java/com/caimei365/order/controller/OrderClubApi.java

@@ -214,20 +214,19 @@ public class OrderClubApi {
     }
 
     /**
-     * 分享订单，校验分享码
+     * 分享订单，用户身份
      */
-    @ApiOperation("分享订单，校验分享码（旧：/order/shareCode）")
+    @ApiOperation("分享订单，用户身份（旧：/order/shareCode）")
     @ApiImplicitParams({
             @ApiImplicitParam(required = true, name = "orderId", value = "订单Id"),
             @ApiImplicitParam(required = false, name = "userId", value = "用户Id"),
             @ApiImplicitParam(required = false, name = "serviceProviderId", value = "协销Id"),
-            @ApiImplicitParam(required = false, name = "shareCode", value = "分享码"),
             @ApiImplicitParam(required = false, name = "code", value = "微信code"),
             @ApiImplicitParam(required = false, name = "encryptedData", value = "微信加密数据"),
             @ApiImplicitParam(required = false, name = "iv", value = "微信加密算法的初始向量")
     })
-    @GetMapping("/share/code/check")
-    public ResponseJson<String> checkOrderShareCode( Integer orderId, Integer userId, Integer serviceProviderId, String shareCode, String code, String encryptedData, String iv, @RequestHeader HttpHeaders headers) {
+    @GetMapping("/share/code/identity")
+    public ResponseJson<String> identityOrderShareCode( Integer orderId, Integer userId, Integer serviceProviderId, String code, String encryptedData, String iv, @RequestHeader HttpHeaders headers) {
         //head可能报错，不确定原因，版本回退
 
         if (null == userId) {
@@ -239,7 +238,32 @@ public class OrderClubApi {
         if (StringUtils.isEmpty(code)) {
             return ResponseJson.error("微信code不能为空！", null);
         }
-        return orderClubService.checkOrderShareCode(orderId, userId, serviceProviderId, shareCode, code, encryptedData, iv, headers);
+        return orderClubService.identityOrderShareCode(orderId, userId, serviceProviderId, code, encryptedData, iv, headers);
+    }
+
+    /**
+     * 分享订单，校验分享码
+     */
+    @ApiOperation("分享订单，校验分享码（旧：/order/shareCode）")
+    @ApiImplicitParams({
+            @ApiImplicitParam(required = true, name = "orderId", value = "订单Id"),
+            @ApiImplicitParam(required = false, name = "shareCode", value = "分享码"),
+            @ApiImplicitParam(required = false, name = "code", value = "微信code"),
+            @ApiImplicitParam(required = false, name = "encryptedData", value = "微信加密数据"),
+            @ApiImplicitParam(required = false, name = "iv", value = "微信加密算法的初始向量")
+    })
+    @GetMapping("/share/code/check")
+    public ResponseJson<String> checkOrderShareCode( Integer orderId, String shareCode, String code, String encryptedData, String iv, @RequestHeader HttpHeaders headers) {
+        if (null == orderId) {
+            return ResponseJson.error("订单Id不能为空！", null);
+        }
+        if (StringUtils.isEmpty(shareCode)) {
+            return ResponseJson.error("分享码不能为空！", null);
+        }
+        if (StringUtils.isEmpty(code)) {
+            return ResponseJson.error("微信code不能为空！", null);
+        }
+        return orderClubService.checkOrderShareCode(orderId, shareCode, code, encryptedData, iv, headers);
     }
 
 

src/main/java/com/caimei365/order/service/OrderClubService.java

@@ -83,17 +83,26 @@ public interface OrderClubService {
      */
     ResponseJson<String> getOrderShareCode(Integer orderId);
     /**
-     * 分享订单，校验分享码
+     * 分享订单，用户身份
      * @param orderId 订单Id
      * @param userId 用户Id
      * @param serviceProviderId 协销Id
+     * @param code 微信code
+     * @param encryptedData 微信加密数据
+     * @param iv 微信加密算法的初始向量
+     * @param headers HttpHeaders
+     */
+    ResponseJson<String> identityOrderShareCode(Integer orderId, Integer userId, Integer serviceProviderId, String code, String encryptedData, String iv, HttpHeaders headers);
+    /**
+     * 分享订单，校验分享码
+     * @param orderId 订单Id
      * @param shareCode 分享码
      * @param code 微信code
      * @param encryptedData 微信加密数据
      * @param iv 微信加密算法的初始向量
      * @param headers HttpHeaders
      */
-    ResponseJson<String> checkOrderShareCode(Integer orderId, Integer userId, Integer serviceProviderId, String shareCode, String code, String encryptedData, String iv, HttpHeaders headers);
+    ResponseJson<String> checkOrderShareCode(Integer orderId, String shareCode, String code, String encryptedData, String iv, HttpHeaders headers);
     /**
      * 分享订单，初始商品数据
      * @param orderId 订单Id

src/main/java/com/caimei365/order/service/impl/OrderClubServiceImpl.java

@@ -566,19 +566,18 @@ public class OrderClubServiceImpl implements OrderClubService {
     }
 
     /**
-     * 分享订单，校验分享码
+     * 分享订单，用户身份
      *
      * @param orderId           订单Id
      * @param userId            用户Id
      * @param serviceProviderId 协销Id
-     * @param shareCode         分享码
      * @param code              微信code
      * @param encryptedData     微信加密数据
      * @param iv                微信加密算法的初始向量
      * @param headers           HttpHeaders
      */
     @Override
-    public ResponseJson<String> checkOrderShareCode(Integer orderId, Integer userId, Integer serviceProviderId, String shareCode, String code, String encryptedData, String iv, HttpHeaders headers) {
+    public ResponseJson<String> identityOrderShareCode(Integer orderId, Integer userId, Integer serviceProviderId, String code, String encryptedData, String iv, HttpHeaders headers) {
         int orderCount = orderClubMapper.countMainOrderByOrderId(orderId);
         if (0 == orderCount) {
             return ResponseJson.error("订单不存在！", null);
@@ -608,20 +607,50 @@ public class OrderClubServiceImpl implements OrderClubService {
                 return ResponseJson.success(2, "该机构的协销查看分享订单!", loginData);
             } else {
                 // 非该机构协销（游客）
-                return ResponseJson.success(0,"非该机构协销查看分享订单！", null);
+                return ResponseJson.success(3,"非该机构协销查看分享订单！", null);
             }
         } else if (clubFlag && userId.equals(loginUserId)) {
             // 该机构的运营人员, 旧接口返回  0,true
             return ResponseJson.success(1, "该机构的运营人员查看分享订单!", loginData);
         }
-        /*
-         * 其他按游客权限处理
-         */
         // 根据openId统计数据库内是否有有效分享码
         int codeCount = orderClubMapper.countShareCodeRecord(orderId, openId);
         if (codeCount > 0) {
             // 游客权限
-            return ResponseJson.success(0,"游客权限查看分享订单！", null);
+            return ResponseJson.success(3,"游客权限查看分享订单！", null);
+        }
+        /*
+         * 默认数据按游客权限处理
+         */
+        return ResponseJson.success(0,"默认游客分享订单商品数据！", null);
+    }
+
+    /**
+     * 分享订单，校验分享码
+     *
+     * @param orderId           订单Id
+     * @param shareCode         分享码
+     * @param code              微信code
+     * @param encryptedData     微信加密数据
+     * @param iv                微信加密算法的初始向量
+     * @param headers           HttpHeaders
+     */
+    @Override
+    public ResponseJson<String> checkOrderShareCode(Integer orderId, String shareCode, String code, String encryptedData, String iv, HttpHeaders headers) {
+        int orderCount = orderClubMapper.countMainOrderByOrderId(orderId);
+        if (0 == orderCount) {
+            return ResponseJson.error("订单不存在！", null);
+        }
+        // 微信小程序授权登录（调用user服务，发送服务间调用POST请求）
+        String loginData = remoteCallService.appletsAuthorization(code, encryptedData, iv, headers);
+        if (StringUtils.isEmpty(loginData)){
+            return ResponseJson.error("微信授权登录异常！", null);
+        }
+        // 解析登录后得到 userIdentity,  openId等
+        JSONObject userInfo = JSONObject.parseObject(loginData);
+        String openId = userInfo.getString("openId");
+        if (StringUtils.isEmpty(openId)) {
+            return ResponseJson.error("微信授权登录异常！", null);
         }
         // 根据订单Id获取分享码
         OrderShareCodeVo orderCodeVo = orderClubMapper.getOrderCodeById(orderId);

src/main/java/com/caimei365/order/service/impl/RemoteCallServiceImpl.java

@@ -112,8 +112,8 @@ public class RemoteCallServiceImpl implements RemoteCallService {
             // 调用 UserFeign 获取物流
             String jsonStr = userFeign.appletsAuthorization(code, encryptedData, iv, referer);
             JSONObject parseObject = JSONObject.parseObject(jsonStr);
-            if (0 == parseObject.getInteger("code")){
-                // 授权登录成功
+            if (0 == parseObject.getInteger("code") || -4 == parseObject.getInteger("code")){
+                // 授权登录成功（游客-4）
                 resultData.set(parseObject.getString("data"));
             }
         } catch (Exception e) {