irving/peipei-backend
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

fix: anonymize clerk random order views

Browse Source
This commit is contained in:
irving
2025-12-24 16:20:37 -05:00
parent 8dee4839e8
commit f300723fc0
2 changed files with 101 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
play-admin/src/test/java/com/starry/admin/api/WxOrderInfoControllerApiTest.java
View File

@@ -181,6 +181,82 @@ class WxOrderInfoControllerApiTest extends WxCustomOrderApiTestSupport {
assertThat(data.path("customAvatar").asText()).isEmpty();
}
@Test
void queryByIdFromClerkControllerHidesCustomerInfoForPendingRandomOrders() throws Exception {
String marker = "privacy-leak-" + LocalDateTime.now().toString();
String orderId = createRandomOrder(marker);
// Access via the generic Clerk Order Detail endpoint (which the notification likely links to)
MvcResult result = mockMvc.perform(get("/wx/clerk/order/queryById")
.param("id", orderId)
.header(USER_HEADER, DEFAULT_USER)
.header(TENANT_HEADER, DEFAULT_TENANT)
.header(Constants.CLERK_USER_LOGIN_TOKEN, Constants.TOKEN_PREFIX + clerkToken))
.andExpect(status().isOk())
.andExpect(jsonPath("$.code").value(200))
.andReturn();
JsonNode data = mapper.readTree(result.getResponse().getContentAsString()).path("data");
assertThat(data.path("weiChatCode").asText()).isEmpty();
assertThat(data.path("placeType").asText()).isEqualTo(OrderConstant.PlaceType.RANDOM.getCode());
assertThat(data.path("orderStatus").asText()).isEqualTo(OrderConstant.OrderStatus.PENDING.getCode());
String nickname = data.path("customNickname").asText();
assertThat(nickname.equals("匿名用户") || "匿名用户".equals(nickname)).isTrue();
assertThat(data.path("customAvatar").asText()).isEmpty();
}
@Test
void clerkOrderListHidesCustomerInfoForPendingRandomOrders() throws Exception {
String marker = "privacy-list-" + LocalDateTime.now().toString();
String orderId = createRandomOrder(marker);
// Ensure the created pending random order appears in the clerk's own order list
ensureTenantContext();
playOrderInfoService.lambdaUpdate()
.eq(PlayOrderInfoEntity::getId, orderId)
.set(PlayOrderInfoEntity::getAcceptBy, ApiTestDataSeeder.DEFAULT_CLERK_ID)
.update();
ObjectNode payload = mapper.createObjectNode();
payload.put("pageNum", 1);
payload.put("pageSize", 10);
payload.put("orderStatus", OrderConstant.OrderStatus.PENDING.getCode());
payload.put("placeType", OrderConstant.PlaceType.RANDOM.getCode());
MvcResult result = mockMvc.perform(post("/wx/clerk/order/queryByPage")
.contentType(MediaType.APPLICATION_JSON)
.header(USER_HEADER, DEFAULT_USER)
.header(TENANT_HEADER, DEFAULT_TENANT)
.header(Constants.CLERK_USER_LOGIN_TOKEN, Constants.TOKEN_PREFIX + clerkToken)
.content(payload.toString()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.code").value(200))
.andReturn();
JsonNode root = mapper.readTree(result.getResponse().getContentAsString());
JsonNode data = root.path("data");
JsonNode records = data.isArray() ? data : data.path("records");
assertThat(records.isArray()).isTrue();
assertThat(records.size()).isGreaterThan(0);
boolean found = false;
for (JsonNode node : records) {
assertThat(node.path("placeType").asText()).isEqualTo(OrderConstant.PlaceType.RANDOM.getCode());
assertThat(node.path("orderStatus").asText()).isEqualTo(OrderConstant.OrderStatus.PENDING.getCode());
if (orderId.equals(node.path("id").asText())) {
found = true;
String nickname = node.path("customNickname").asText();
assertThat(nickname.equals("匿名用户") || "匿名用户".equals(nickname)).isTrue();
assertThat(node.path("customAvatar").asText()).isEmpty();
assertThat(node.path("customId").asText()).isEmpty();
}
}
assertThat(found).as("Pending random order should appear in clerk list response").isTrue();
}
private String createRandomOrder(String remark) throws Exception {
ensureTenantContext();
resetCustomerBalance();