From 14108985abb03709e62f4e2f7f4f2031bc8a45b6 Mon Sep 17 00:00:00 2001 From: wanglei <3085637232@qq.com> Date: Wed, 10 Dec 2025 17:30:39 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E7=BB=B4=E4=BF=AE=E5=B7=A5?= =?UTF-8?q?=E3=80=81=E7=AE=A1=E7=90=86=E5=91=98=E8=8E=B7=E5=8F=96=E5=B7=A5?= =?UTF-8?q?=E5=8D=95=E5=8A=9F=E8=83=BD=E7=9B=B8=E5=85=B3=E4=BB=A3=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../water/controller/WorkOrderController.java | 33 +++++++++++++++++-- .../water/service/WorkOrderServiceImpl.java | 9 ++++- 2 files changed, 39 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/campus/water/controller/WorkOrderController.java b/src/main/java/com/campus/water/controller/WorkOrderController.java index 6059738..5ab54b8 100644 --- a/src/main/java/com/campus/water/controller/WorkOrderController.java +++ b/src/main/java/com/campus/water/controller/WorkOrderController.java @@ -5,6 +5,8 @@ import com.campus.water.service.WorkOrderService; import com.campus.water.util.ResultVO; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.web.bind.annotation.*; import java.util.List; @@ -86,9 +88,36 @@ public class WorkOrderController { // 获取可抢工单列表 - 维修人员和管理员可访问 @GetMapping("/available") @PreAuthorize("hasAnyRole('REPAIRMAN','SUPER_ADMIN', 'AREA_ADMIN')") - public ResultVO> getAvailableOrders(@RequestParam String areaId) { + public ResultVO> getAvailableOrders( + @RequestParam(required = false) String areaId, // 改为非必填 + Authentication authentication) { // 获取当前登录用户的认证信息 try { - List orders = workOrderService.getAvailableOrders(areaId); + // 1. 判断当前用户角色 + boolean isRepairman = authentication.getAuthorities().contains( + new SimpleGrantedAuthority("ROLE_REPAIRMAN") + ); + boolean isAdmin = authentication.getAuthorities().stream() + .anyMatch(auth -> auth.getAuthority().equals("ROLE_SUPER_ADMIN") + || auth.getAuthority().equals("ROLE_AREA_ADMIN")); + + // 2. 角色逻辑校验 + List orders; + if (isRepairman) { + // 维修人员:必须传areaId,否则抛异常 + if (areaId == null || areaId.trim().isEmpty()) { + return ResultVO.error(400, "维修人员查询可抢工单必须传入区域ID"); + } + // 维修人员:查指定区域的可抢工单 + orders = workOrderService.getAvailableOrders(areaId); + } else if (isAdmin) { + // 管理员:无需传areaId,查所有区域的可抢工单 + // 给service层传null,让service层识别为"查所有" + orders = workOrderService.getAvailableOrders(null); + } else { + // 非授权角色(理论上被@PreAuthorize拦截,不会走到这) + return ResultVO.error(403, "无权限访问"); + } + return ResultVO.success(orders); } catch (Exception e) { return ResultVO.error(500, "获取工单列表失败:" + e.getMessage()); diff --git a/src/main/java/com/campus/water/service/WorkOrderServiceImpl.java b/src/main/java/com/campus/water/service/WorkOrderServiceImpl.java index 9b13760..07fddd1 100644 --- a/src/main/java/com/campus/water/service/WorkOrderServiceImpl.java +++ b/src/main/java/com/campus/water/service/WorkOrderServiceImpl.java @@ -18,6 +18,7 @@ public class WorkOrderServiceImpl implements WorkOrderService { private final WorkOrderRepository workOrderRepository; private final RepairmanRepository repairmanRepository; + /** * 维修人员抢单功能 * 业务规则:仅允许抢"待处理"状态的工单,且维修人员需处于"空闲"状态 @@ -181,7 +182,13 @@ public class WorkOrderServiceImpl implements WorkOrderService { */ @Override public List getAvailableOrders(String areaId) { - return workOrderRepository.findByAreaIdAndStatus(areaId, WorkOrder.OrderStatus.pending); + if (areaId == null || areaId.trim().isEmpty()) { + // 管理员:查所有区域的待处理工单 + return workOrderRepository.findByStatus(WorkOrder.OrderStatus.pending); + } else { + // 维修人员:查指定区域的待处理工单 + return workOrderRepository.findByAreaIdAndStatus(areaId, WorkOrder.OrderStatus.pending); + } } /** -- 2.34.1