权限控制

@@ -15,6 +15,8 @@ public interface RefundRecordMapper {
 
     RefundRecord selectByPrimaryKey(Integer id);
 
+    List<RefundRecord> selectByIds(@Param("idList") List<Integer> idList);
+
     int updateByPrimaryKeySelective(RefundRecord record);
 
     int updateByPrimaryKey(RefundRecord record);

@@ -33,6 +33,17 @@
     from refund_record
     where id = #{id,jdbcType=INTEGER}
   </select>
+
+  <select id="selectByIds" resultMap="BaseResultMap">
+    select
+    <include refid="Base_Column_List" />
+    from refund_record
+    where id in
+    <foreach collection="idList" item="id" open="(" close=")" separator=",">
+      #{id}
+    </foreach>
+  </select>
+
   <delete id="deleteByPrimaryKey" parameterType="java.lang.Integer" >
     delete from refund_record
     where id = #{id,jdbcType=INTEGER}

@@ -55,6 +55,8 @@ public class RefundRecordController {
         try {
             int deletedCount = refundRecordService.softDelete(req.getIds());
             return new ApiResponse.ApiResponseBuilder().code(200).message("删除成功").data(deletedCount).build();
+        } catch (PlatformException e)  {
+            return new ApiResponse.ApiResponseBuilder().code(e.getCode()).message(e.getMessage()).data(null).build();
         } catch (NumberFormatException e)  {
             return new ApiResponse.ApiResponseBuilder().code(400).message("记录id格式有误").data(null).build();
         }
@@ -112,11 +114,15 @@ public class RefundRecordController {
     @RequestMapping(value = "/update")
     public ApiResponse update(RefundRecordReq req) {
         LOGGER.info("update in. param is {}", req);
-        int num = refundRecordService.update(req);
-        if(num > 0) {
-        	return new ApiResponse.ApiResponseBuilder().code(200).message("更新成功").build();
-        }else {
-        	return new ApiResponse.ApiResponseBuilder().code(400).message("更新失败").build();
+        try {
+            int num = refundRecordService.update(req);
+            if(num > 0) {
+                return new ApiResponse.ApiResponseBuilder().code(200).message("更新成功").build();
+            }else {
+                return new ApiResponse.ApiResponseBuilder().code(400).message("更新失败").build();
+            }
+        } catch (PlatformException e)  {
+            return new ApiResponse.ApiResponseBuilder().code(e.getCode()).message(e.getMessage()).data(null).build();
         }
     }
     

@@ -3,13 +3,14 @@ import java.text.ParseException;
 
 import com.yoho.order.model.RefundRecordBo;
 import com.yoho.order.model.RefundRecordReq;
+import com.yoho.ufo.exception.PlatformException;
 import com.yoho.ufo.service.model.PageResponseBO;
 
 public interface IRefundRecordService {
 
     PageResponseBO<RefundRecordBo> getList(RefundRecordReq req) throws ParseException;
 
-    int softDelete(String ids);
+    int softDelete(String ids) throws PlatformException;
 
     int makePaid(String ids);
 
@@ -17,7 +18,7 @@ public interface IRefundRecordService {
 
     int add(RefundRecordReq req);
     
-    int update(RefundRecordReq req);
+    int update(RefundRecordReq req) throws PlatformException;
 
     int reject(String ids, String remark);
 }
\ No newline at end of file

@@ -8,6 +8,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.stream.Collectors;
 
+import com.yoho.ufo.exception.PlatformException;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
@@ -77,9 +78,18 @@ public class RefundRecordServiceImpl implements IRefundRecordService, IBusinessE
     }
 
     @Override
-    public int softDelete(String ids) {
+    public int softDelete(String ids) throws PlatformException {
         String opName = new UserHelper().getUserName();
         List<Integer> idList = exchangeIntegerArray(ids);
+        List<RefundRecord> records = refundRecordMapper.selectByIds(idList);
+        if (records.isEmpty()) {
+            throw new PlatformException("记录不存在!", 400);
+        }
+        for (RefundRecord r : records) {
+            if (!StringUtils.equals(r.getSponsorName(), opName)) {
+                throw new PlatformException("不能删除其他人发起的退款!", 400);
+            }
+        }
         return refundRecordMapper.softDelete(idList, opName);
     }
 
@@ -125,12 +135,15 @@ public class RefundRecordServiceImpl implements IRefundRecordService, IBusinessE
     }
     
     @Override
-    public int update(RefundRecordReq req) {
+    public int update(RefundRecordReq req) throws PlatformException {
     	RefundRecord oldRecord = refundRecordMapper.selectByPrimaryKey(req.getId());
     	if(null == oldRecord) {
     		return 0;
     	}
         String opName = new UserHelper().getUserName();
+        if (!StringUtils.equals(oldRecord.getSponsorName(), opName)) {
+            throw new PlatformException("不能更新其他人发起的退款!", 400);
+        }
         RefundRecord record = new RefundRecord();
         record.setId(req.getId());
         record.setCreateDate(StringUtils.isEmpty(req.getCreateDate()) ? null : DateUtil.getTimeSecondsFromStr(req.getCreateDate() + " 00:00:00", "yyyy/MM/dd HH:mm:ss"));