debug：订单权限

smart-switch-service/src/main/java/com/ruoyi/ss/transactionBill/service/TransactionBillValidator.java

@@ -71,4 +71,9 @@ public interface TransactionBillValidator {
      * 是否允许操作订单
      */
     boolean canOperaOrder(TransactionBillVO bill, Long userId);
+
+    /**
+     * 是否允许查看订单
+     */
+    boolean canViewOrder(TransactionBillVO bill, Long userId);
 }

smart-switch-service/src/main/java/com/ruoyi/ss/transactionBill/service/impl/TransactionBillServiceImpl.java

@@ -2027,7 +2027,7 @@ public class TransactionBillServiceImpl implements TransactionBillService, After
 
         if (open) {
             if (SuitFeeType.timingList().contains(bill.getSuitFeeType())) {
-                return iotService.open(device.getMac(), device.getModelProductId()) ? 1 : 0;
+                return iotService.open(device) ? 1 : 0;
             } else {
                 // 计算设备剩余时长
                 LocalDateTime expireTime = device.getExpireTime();

smart-switch-service/src/main/java/com/ruoyi/ss/transactionBill/service/impl/TransactionBillValidatorImpl.java

@@ -246,9 +246,6 @@ public class TransactionBillValidatorImpl extends BaseValidator implements Trans
             return error("参数错误：billId与userId不允许为空");
         }
 
-        if (!this.allowGet(billId, userId)) {
-            return error("您不允许访问该订单");
-        }
 
         return success();
     }
@@ -379,6 +376,15 @@ public class TransactionBillValidatorImpl extends BaseValidator implements Trans
             return false;
         }
         return this.isMch(bill, userId)
+                || this.isAgent(bill, userId)
+                || storeStaffValidator.hasStorePermission(bill.getStoreId(), userId, StoreStaffPermissions.ORDER_OPERA);
+    }
+
+    @Override
+    public boolean canViewOrder(TransactionBillVO bill, Long userId) {
+        return this.isMch(bill, userId)
+                || this.isUser(bill, userId)
+                || this.isAgent(bill, userId)
                 || storeStaffValidator.hasStorePermission(bill.getStoreId(), userId, StoreStaffPermissions.ORDER_OPERA);
     }
 }

smart-switch-web/src/main/java/com/ruoyi/web/controller/app/AppTransactionBillController.java

@@ -143,6 +143,9 @@ public class AppTransactionBillController extends BaseController
     public AjaxResult detail(@PathVariable Long billId) {
         ServiceUtil.assertion(transactionBillValidator.preGetDetailByApp(billId, getUserId()));
         TransactionBillVO bill = transactionBillService.selectSmTransactionBillByBillId(billId);
+        if (!transactionBillValidator.canViewOrder(bill, getUserId())) {
+            return error("您不允许查看该订单");
+        }
         List<TransactionBillVO> list = Collections.singletonList(bill);
         transactionAssembler.assembleChannelName(Collections.singletonList(bill));
         transactionAssembler.handleMchUserMobile(list);
@@ -155,8 +158,8 @@ public class AppTransactionBillController extends BaseController
     @JsonView(JsonViewProfile.AppUser.class)
     public AjaxResult detail(@PathVariable String billNo) {
         TransactionBillVO bill = transactionBillService.selectSmTransactionBillByBillNo(billNo);
-        if (!transactionBillValidator.isUser(bill, getUserId()) && !transactionBillValidator.isMch(bill, getUserId())) {
+        if (!transactionBillValidator.canViewOrder(bill, getUserId())) {
-            return success();
+            return error("您不允许查看该订单");
         }
         transactionAssembler.assembleChannelName(Collections.singletonList(bill));
         return success(bill);