From f300723fc0b832a993ce9eb756b82a784e4d8023 Mon Sep 17 00:00:00 2001 From: irving Date: Wed, 24 Dec 2025 16:20:37 -0500 Subject: [PATCH] fix: anonymize clerk random order views --- .../impl/PlayOrderInfoServiceImpl.java | 29 ++++++- .../api/WxOrderInfoControllerApiTest.java | 76 +++++++++++++++++++ 2 files changed, 101 insertions(+), 4 deletions(-) diff --git a/play-admin/src/main/java/com/starry/admin/modules/order/service/impl/PlayOrderInfoServiceImpl.java b/play-admin/src/main/java/com/starry/admin/modules/order/service/impl/PlayOrderInfoServiceImpl.java index 50d559a..7b04405 100644 --- a/play-admin/src/main/java/com/starry/admin/modules/order/service/impl/PlayOrderInfoServiceImpl.java +++ b/play-admin/src/main/java/com/starry/admin/modules/order/service/impl/PlayOrderInfoServiceImpl.java @@ -44,11 +44,9 @@ import com.starry.admin.modules.order.service.support.ClerkRevenueCalculator; import com.starry.admin.modules.personnel.module.entity.PlayPersonnelGroupInfoEntity; import com.starry.admin.modules.personnel.service.IPlayPersonnelGroupInfoService; import com.starry.admin.modules.shop.module.constant.CouponUseState; -import com.starry.admin.modules.shop.module.vo.PlayCouponDetailsReturnVo; import com.starry.admin.modules.shop.service.IPlayCouponDetailsService; import com.starry.admin.modules.weichat.entity.order.*; import com.starry.admin.modules.weichat.service.NotificationSender; -import com.starry.admin.modules.withdraw.service.IEarningsService; import com.starry.admin.utils.DateRangeUtils; import com.starry.admin.utils.SecurityUtils; import com.starry.common.utils.ConvertUtil; @@ -478,6 +476,16 @@ public class PlayOrderInfoServiceImpl extends ServiceImpl(vo.getPageNum(), vo.getPageSize()), - PlayClerkOrderListReturnVo.class, lambdaQueryWrapper); + IPage page = this.baseMapper.selectJoinPage( + new Page<>(vo.getPageNum(), vo.getPageSize()), + PlayClerkOrderListReturnVo.class, + lambdaQueryWrapper); + + for (PlayClerkOrderListReturnVo record : page.getRecords()) { + if (OrderConstant.PlaceType.RANDOM.getCode().equals(record.getPlaceType()) + && OrderStatus.PENDING.getCode().equals(record.getOrderStatus())) { + record.setCustomNickname("匿名用户"); + record.setCustomAvatar(""); + record.setCustomId(""); + } + } + + return page; } @Override diff --git a/play-admin/src/test/java/com/starry/admin/api/WxOrderInfoControllerApiTest.java b/play-admin/src/test/java/com/starry/admin/api/WxOrderInfoControllerApiTest.java index 7907813..f63728d 100644 --- a/play-admin/src/test/java/com/starry/admin/api/WxOrderInfoControllerApiTest.java +++ b/play-admin/src/test/java/com/starry/admin/api/WxOrderInfoControllerApiTest.java @@ -181,6 +181,82 @@ class WxOrderInfoControllerApiTest extends WxCustomOrderApiTestSupport { assertThat(data.path("customAvatar").asText()).isEmpty(); } + @Test + void queryByIdFromClerkControllerHidesCustomerInfoForPendingRandomOrders() throws Exception { + String marker = "privacy-leak-" + LocalDateTime.now().toString(); + String orderId = createRandomOrder(marker); + + // Access via the generic Clerk Order Detail endpoint (which the notification likely links to) + MvcResult result = mockMvc.perform(get("/wx/clerk/order/queryById") + .param("id", orderId) + .header(USER_HEADER, DEFAULT_USER) + .header(TENANT_HEADER, DEFAULT_TENANT) + .header(Constants.CLERK_USER_LOGIN_TOKEN, Constants.TOKEN_PREFIX + clerkToken)) + .andExpect(status().isOk()) + .andExpect(jsonPath("$.code").value(200)) + .andReturn(); + + JsonNode data = mapper.readTree(result.getResponse().getContentAsString()).path("data"); + + assertThat(data.path("weiChatCode").asText()).isEmpty(); + assertThat(data.path("placeType").asText()).isEqualTo(OrderConstant.PlaceType.RANDOM.getCode()); + assertThat(data.path("orderStatus").asText()).isEqualTo(OrderConstant.OrderStatus.PENDING.getCode()); + + String nickname = data.path("customNickname").asText(); + assertThat(nickname.equals("匿名用户") || "匿名用户".equals(nickname)).isTrue(); + assertThat(data.path("customAvatar").asText()).isEmpty(); + } + + @Test + void clerkOrderListHidesCustomerInfoForPendingRandomOrders() throws Exception { + String marker = "privacy-list-" + LocalDateTime.now().toString(); + String orderId = createRandomOrder(marker); + + // Ensure the created pending random order appears in the clerk's own order list + ensureTenantContext(); + playOrderInfoService.lambdaUpdate() + .eq(PlayOrderInfoEntity::getId, orderId) + .set(PlayOrderInfoEntity::getAcceptBy, ApiTestDataSeeder.DEFAULT_CLERK_ID) + .update(); + + ObjectNode payload = mapper.createObjectNode(); + payload.put("pageNum", 1); + payload.put("pageSize", 10); + payload.put("orderStatus", OrderConstant.OrderStatus.PENDING.getCode()); + payload.put("placeType", OrderConstant.PlaceType.RANDOM.getCode()); + + MvcResult result = mockMvc.perform(post("/wx/clerk/order/queryByPage") + .contentType(MediaType.APPLICATION_JSON) + .header(USER_HEADER, DEFAULT_USER) + .header(TENANT_HEADER, DEFAULT_TENANT) + .header(Constants.CLERK_USER_LOGIN_TOKEN, Constants.TOKEN_PREFIX + clerkToken) + .content(payload.toString())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$.code").value(200)) + .andReturn(); + + JsonNode root = mapper.readTree(result.getResponse().getContentAsString()); + JsonNode data = root.path("data"); + JsonNode records = data.isArray() ? data : data.path("records"); + assertThat(records.isArray()).isTrue(); + assertThat(records.size()).isGreaterThan(0); + + boolean found = false; + for (JsonNode node : records) { + assertThat(node.path("placeType").asText()).isEqualTo(OrderConstant.PlaceType.RANDOM.getCode()); + assertThat(node.path("orderStatus").asText()).isEqualTo(OrderConstant.OrderStatus.PENDING.getCode()); + if (orderId.equals(node.path("id").asText())) { + found = true; + String nickname = node.path("customNickname").asText(); + assertThat(nickname.equals("匿名用户") || "匿名用户".equals(nickname)).isTrue(); + assertThat(node.path("customAvatar").asText()).isEmpty(); + assertThat(node.path("customId").asText()).isEmpty(); + } + } + + assertThat(found).as("Pending random order should appear in clerk list response").isTrue(); + } + private String createRandomOrder(String remark) throws Exception { ensureTenantContext(); resetCustomerBalance();