diff --git a/src/main/java/com/campus/water/controller/WorkOrderController.java b/src/main/java/com/campus/water/controller/WorkOrderController.java index 6059738..5ab54b8 100644 --- a/src/main/java/com/campus/water/controller/WorkOrderController.java +++ b/src/main/java/com/campus/water/controller/WorkOrderController.java @@ -5,6 +5,8 @@ import com.campus.water.service.WorkOrderService; import com.campus.water.util.ResultVO; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.web.bind.annotation.*; import java.util.List; @@ -86,9 +88,36 @@ public class WorkOrderController { // 获取可抢工单列表 - 维修人员和管理员可访问 @GetMapping("/available") @PreAuthorize("hasAnyRole('REPAIRMAN','SUPER_ADMIN', 'AREA_ADMIN')") - public ResultVO> getAvailableOrders(@RequestParam String areaId) { + public ResultVO> getAvailableOrders( + @RequestParam(required = false) String areaId, // 改为非必填 + Authentication authentication) { // 获取当前登录用户的认证信息 try { - List orders = workOrderService.getAvailableOrders(areaId); + // 1. 判断当前用户角色 + boolean isRepairman = authentication.getAuthorities().contains( + new SimpleGrantedAuthority("ROLE_REPAIRMAN") + ); + boolean isAdmin = authentication.getAuthorities().stream() + .anyMatch(auth -> auth.getAuthority().equals("ROLE_SUPER_ADMIN") + || auth.getAuthority().equals("ROLE_AREA_ADMIN")); + + // 2. 角色逻辑校验 + List orders; + if (isRepairman) { + // 维修人员:必须传areaId,否则抛异常 + if (areaId == null || areaId.trim().isEmpty()) { + return ResultVO.error(400, "维修人员查询可抢工单必须传入区域ID"); + } + // 维修人员:查指定区域的可抢工单 + orders = workOrderService.getAvailableOrders(areaId); + } else if (isAdmin) { + // 管理员:无需传areaId,查所有区域的可抢工单 + // 给service层传null,让service层识别为"查所有" + orders = workOrderService.getAvailableOrders(null); + } else { + // 非授权角色(理论上被@PreAuthorize拦截,不会走到这) + return ResultVO.error(403, "无权限访问"); + } + return ResultVO.success(orders); } catch (Exception e) { return ResultVO.error(500, "获取工单列表失败:" + e.getMessage()); diff --git a/src/main/java/com/campus/water/service/WorkOrderServiceImpl.java b/src/main/java/com/campus/water/service/WorkOrderServiceImpl.java index 9b13760..07fddd1 100644 --- a/src/main/java/com/campus/water/service/WorkOrderServiceImpl.java +++ b/src/main/java/com/campus/water/service/WorkOrderServiceImpl.java @@ -18,6 +18,7 @@ public class WorkOrderServiceImpl implements WorkOrderService { private final WorkOrderRepository workOrderRepository; private final RepairmanRepository repairmanRepository; + /** * 维修人员抢单功能 * 业务规则:仅允许抢"待处理"状态的工单,且维修人员需处于"空闲"状态 @@ -181,7 +182,13 @@ public class WorkOrderServiceImpl implements WorkOrderService { */ @Override public List getAvailableOrders(String areaId) { - return workOrderRepository.findByAreaIdAndStatus(areaId, WorkOrder.OrderStatus.pending); + if (areaId == null || areaId.trim().isEmpty()) { + // 管理员:查所有区域的待处理工单 + return workOrderRepository.findByStatus(WorkOrder.OrderStatus.pending); + } else { + // 维修人员:查指定区域的待处理工单 + return workOrderRepository.findByAreaIdAndStatus(areaId, WorkOrder.OrderStatus.pending); + } } /**