申请开具发票添加权限验证

2025-04-10 15:55:15 +08:00 · 2025-04-10 15:55:15 +08:00 · 52957a38be
commit 52957a38be
parent 8f6cfa6008
1 changed files with 14 additions and 1 deletions
--- a/src/main/java/com/xkrs/allinpay/SybPayController.java
+++ b/src/main/java/com/xkrs/allinpay/SybPayController.java
@ -407,11 +407,24 @@ public class SybPayController {
     * 申请开具发票
     */
    @PostMapping("/apply_invoice")
-    public String applyInvoice(@RequestBody ApplyInvoiceQo applyInvoiceQo) {
+    public String applyInvoice(@RequestHeader(value = "Authorization") String token, @RequestBody ApplyInvoiceQo applyInvoiceQo) {
        try {
+            // 验证token
+            String tokenUserName = TokenUtil.getTokenUserName(token);
+            SysUserEntity sysUserEntity = sysUserDao.selectByUserName(tokenUserName);
+            if (sysUserEntity == null) {
+                return outputEncapsulationObject(PromptMessageEnum.USER_LOGIN_ERROR, "您还没有注册登录，请先注册登录", locale);
+            }
+
            Long id = applyInvoiceQo.getId();
            TranQueryEntity tranQueryEntity = tranQueryDao.findById(id).get();

+            Long orderid = tranQueryEntity.getOrderid();
+            Integer userId = unitOrderPayDao.findById(orderid).get().getUserId();
+            if (!sysUserEntity.getId().equals(userId)) {
+                return outputEncapsulationObject(PromptMessageEnum.PROCESS_FAIL, "您无权限对此订单开具发票", locale);
+            }
+
            tranQueryEntity.setInvoiceStatus(InvoiceStatus.inInvoicing.getValue());
            tranQueryDao.saveAndFlush(tranQueryEntity);