fix: #341

Author: linlinjava

litemall-db/src/main/java/org/linlinjava/litemall/db/service/LitemallAddressService.java

@@ -39,10 +39,8 @@ public int update(LitemallAddress address) {
         return addressMapper.updateByPrimaryKeySelective(address);
     }
 
-    public void delete(Integer userId, Integer id) {
-        LitemallAddressExample example = new LitemallAddressExample();
-        example.or().andUserIdEqualTo(userId).andIdEqualTo(id).andDeletedEqualTo(false);
-        addressMapper.logicalDeleteByExample(example);
+    public void delete(Integer id) {
+        addressMapper.logicalDeleteByPrimaryKey(id);
     }
 
     public LitemallAddress findDefault(Integer userId) {

litemall-db/src/main/java/org/linlinjava/litemall/db/service/LitemallAftersaleService.java

@@ -23,6 +23,12 @@ public LitemallAftersale findById(Integer id) {
         return aftersaleMapper.selectByPrimaryKey(id);
     }
 
+    public LitemallAftersale findById(Integer userId, Integer id) {
+        LitemallAftersaleExample example = new LitemallAftersaleExample();
+        example.or().andIdEqualTo(id).andUserIdEqualTo(userId).andDeletedEqualTo(false);
+        return aftersaleMapper.selectOneByExample(example);
+    }
+
     public List<LitemallAftersale> queryList(Integer userId, Short status, Integer page, Integer limit, String sort, String order) {
         LitemallAftersaleExample example = new LitemallAftersaleExample();
         LitemallAftersaleExample.Criteria criteria = example.or();

litemall-db/src/main/java/org/linlinjava/litemall/db/service/LitemallCartService.java

@@ -57,6 +57,12 @@ public LitemallCart findById(Integer id) {
         return cartMapper.selectByPrimaryKey(id);
     }
 
+    public LitemallCart findById(Integer userId, Integer id) {
+        LitemallCartExample example = new LitemallCartExample();
+        example.or().andUserIdEqualTo(userId).andIdEqualTo(id).andDeletedEqualTo(false);
+        return cartMapper.selectOneByExample(example);
+    }
+
     public int updateCheck(Integer userId, List<Integer> idsList, Boolean checked) {
         LitemallCartExample example = new LitemallCartExample();
         example.or().andUserIdEqualTo(userId).andProductIdIn(idsList).andDeletedEqualTo(false);

litemall-db/src/main/java/org/linlinjava/litemall/db/service/LitemallFootprintService.java

@@ -28,6 +28,12 @@ public LitemallFootprint findById(Integer id) {
         return footprintMapper.selectByPrimaryKey(id);
     }
 
+    public LitemallFootprint findById(Integer userId, Integer id) {
+        LitemallFootprintExample example = new LitemallFootprintExample();
+        example.or().andIdEqualTo(id).andUserIdEqualTo(userId).andDeletedEqualTo(false);
+        return footprintMapper.selectOneByExample(example);
+    }
+
     public void deleteById(Integer id) {
         footprintMapper.logicalDeleteByPrimaryKey(id);
     }

litemall-db/src/main/java/org/linlinjava/litemall/db/service/LitemallGrouponService.java

@@ -80,6 +80,19 @@ public LitemallGroupon queryById(Integer id) {
         return mapper.selectOneByExample(example);
     }
 
+    /**
+     * 根据ID查询记录
+     *
+     * @param userId
+     * @param id
+     * @return
+     */
+    public LitemallGroupon queryById(Integer userId, Integer id) {
+        LitemallGrouponExample example = new LitemallGrouponExample();
+        example.or().andIdEqualTo(id).andUserIdEqualTo(id).andDeletedEqualTo(false);
+        return mapper.selectOneByExample(example);
+    }
+
     /**
      * 返回某个发起的团购参与人数
      *

litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/service/WxOrderService.java

@@ -289,7 +289,7 @@ public Object submit(Integer userId, String body) {
                     return ResponseUtil.fail(GROUPON_JOIN, "团购活动已经参加!");
                 }
                 // （2）不允许参加自己开团的团购
-                LitemallGroupon groupon = grouponService.queryById(grouponLinkId);
+                LitemallGroupon groupon = grouponService.queryById(userId, grouponLinkId);
                 if(groupon.getCreatorUserId().equals(userId)){
                     return ResponseUtil.fail(GROUPON_JOIN, "团购活动已经参加!");
                 }
@@ -912,6 +912,10 @@ public Object goods(Integer userId, Integer orderId, Integer goodsId) {
         if (userId == null) {
             return ResponseUtil.unlogin();
         }
+        LitemallOrder order = orderService.findById(userId, orderId);
+        if (order == null) {
+            return ResponseUtil.badArgument();
+        }
 
         List<LitemallOrderGoods> orderGoodsList = orderGoodsService.findByOidAndGid(orderId, goodsId);
         int size = orderGoodsList.size();

litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxAddressController.java

@@ -133,20 +133,28 @@ public Object save(@LoginUser Integer userId, @RequestBody LitemallAddress addre
 			return error;
 		}
 
-		if (address.getIsDefault()) {
-			// 重置其他收货地址的默认选项
-			addressService.resetDefault(userId);
-		}
-
 		if (address.getId() == null || address.getId().equals(0)) {
+			if (address.getIsDefault()) {
+				// 重置其他收货地址的默认选项
+				addressService.resetDefault(userId);
+			}
+
 			address.setId(null);
 			address.setUserId(userId);
 			addressService.add(address);
 		} else {
-			address.setUserId(userId);
-			if (addressService.update(address) == 0) {
-				return ResponseUtil.updatedDataFailed();
+			LitemallAddress litemallAddress = addressService.query(userId, address.getId());
+			if (litemallAddress == null) {
+				return ResponseUtil.badArgumentValue();
 			}
+
+			if (address.getIsDefault()) {
+				// 重置其他收货地址的默认选项
+				addressService.resetDefault(userId);
+			}
+
+			address.setUserId(userId);
+			addressService.update(address);
 		}
 		return ResponseUtil.ok(address.getId());
 	}
@@ -167,8 +175,12 @@ public Object delete(@LoginUser Integer userId, @RequestBody LitemallAddress add
 		if (id == null) {
 			return ResponseUtil.badArgument();
 		}
+		LitemallAddress litemallAddress = addressService.query(userId, id);
+		if (litemallAddress == null) {
+			return ResponseUtil.badArgumentValue();
+		}
 
-		addressService.delete(userId, id);
+		addressService.delete(id);
 		return ResponseUtil.ok();
 	}
 }

litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxAftersaleController.java

@@ -94,6 +94,9 @@ public Object detail(@LoginUser Integer userId, @NotNull Integer orderId) {
         }
 
         LitemallOrder order = orderService.findById(userId, orderId);
+        if (order == null){
+            return ResponseUtil.badArgumentValue();
+        }
         List<LitemallOrderGoods> orderGoodsList = orderGoodsService.queryByOid(orderId);
         LitemallAftersale aftersale = aftersaleService.findByOrderId(userId, orderId);
 
@@ -129,9 +132,6 @@ public Object submit(@LoginUser Integer userId, @RequestBody LitemallAftersale a
         if(order == null){
             return ResponseUtil.badArgumentValue();
         }
-        if(!order.getUserId().equals(userId)){
-            return ResponseUtil.badArgumentValue();
-        }
 
         // 订单必须完成才能进入售后流程。
         if(!OrderUtil.isConfirmStatus(order) && !OrderUtil.isAutoConfirmStatus(order)){
@@ -177,7 +177,7 @@ public Object cancel(@LoginUser Integer userId, @RequestBody LitemallAftersale a
         if(id == null){
             return ResponseUtil.badArgument();
         }
-        LitemallAftersale aftersaleOne = aftersaleService.findById(id);
+        LitemallAftersale aftersaleOne = aftersaleService.findById(userId, id);
         if(aftersaleOne == null){
             return ResponseUtil.badArgument();
         }

litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxCartController.java

@@ -258,9 +258,6 @@ public Object update(@LoginUser Integer userId, @RequestBody LitemallCart cart)
         if (userId == null) {
             return ResponseUtil.unlogin();
         }
-        if (cart == null) {
-            return ResponseUtil.badArgument();
-        }
         Integer productId = cart.getProductId();
         Integer number = cart.getNumber().intValue();
         Integer goodsId = cart.getGoodsId();
@@ -274,7 +271,7 @@ public Object update(@LoginUser Integer userId, @RequestBody LitemallCart cart)
 
         //判断是否存在该订单
         // 如果不存在，直接返回错误
-        LitemallCart existCart = cartService.findById(id);
+        LitemallCart existCart = cartService.findById(userId, id);
         if (existCart == null) {
             return ResponseUtil.badArgumentValue();
         }
@@ -448,7 +445,7 @@ public Object checkout(@LoginUser Integer userId, Integer cartId, Integer addres
         if (cartId == null || cartId.equals(0)) {
             checkedGoodsList = cartService.queryByUidAndChecked(userId);
         } else {
-            LitemallCart cart = cartService.findById(cartId);
+            LitemallCart cart = cartService.findById(userId, cartId);
             if (cart == null) {
                 return ResponseUtil.badArgumentValue();
             }

litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxCouponController.java

@@ -139,7 +139,7 @@ public Object selectlist(@LoginUser Integer userId, Integer cartId, Integer grou
         if (cartId == null || cartId.equals(0)) {
             checkedGoodsList = cartService.queryByUidAndChecked(userId);
         } else {
-            LitemallCart cart = cartService.findById(cartId);
+            LitemallCart cart = cartService.findById(userId, cartId);
             if (cart == null) {
                 return ResponseUtil.badArgumentValue();
             }

litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxFootprintController.java

@@ -54,7 +54,7 @@ public Object delete(@LoginUser Integer userId, @RequestBody String body) {
         if (footprintId == null) {
             return ResponseUtil.badArgument();
         }
-        LitemallFootprint footprint = footprintService.findById(footprintId);
+        LitemallFootprint footprint = footprintService.findById(userId, footprintId);
 
         if (footprint == null) {
             return ResponseUtil.badArgumentValue();

litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGrouponController.java

@@ -87,7 +87,7 @@ public Object detail(@LoginUser Integer userId, @NotNull Integer grouponId) {
             return ResponseUtil.unlogin();
         }
 
-        LitemallGroupon groupon = grouponService.queryById(grouponId);
+        LitemallGroupon groupon = grouponService.queryById(userId, grouponId);
         if (groupon == null) {
             return ResponseUtil.badArgumentValue();
         }