před 6 měsíci · 1e80f55867
--- a/menduner/menduner-system-biz/src/main/java/com/citu/module/menduner/system/controller/admin/order/TradeOrderController.java
+++ b/menduner/menduner-system-biz/src/main/java/com/citu/module/menduner/system/controller/admin/order/TradeOrderController.java
@@ -1,7 +1,6 @@
 
				 package com.citu.module.menduner.system.controller.admin.order;
			
 
				 
			
 
				 import com.citu.framework.common.pojo.CommonResult;
			
 
				-import com.citu.framework.common.pojo.PageParam;
			
 
				 import com.citu.framework.common.pojo.PageResult;
			
 
				 import com.citu.module.menduner.system.controller.base.order.TradeOrderCreateReqVO;
			
 
				 import com.citu.module.menduner.system.controller.base.order.TradeOrderPageReqVO;
			
@@ -19,7 +18,7 @@ import org.springframework.validation.annotation.Validated;
 
				 import org.springframework.web.bind.annotation.*;
			
 
				 
			
 
				 import javax.annotation.Resource;
			
 
				-import com.citu.framework.security.core.annotations.PreAuthenticated;
			
 
				+import javax.annotation.security.PermitAll;
			
 
				 import javax.validation.Valid;
			
 
				 
			
 
				 import static com.citu.framework.common.pojo.CommonResult.success;
			
@@ -38,7 +37,7 @@ public class TradeOrderController {
 
				     @Operation(summary = "创建订单")
			
 
				     @PreAuthorize("@ss.hasPermission('menduner:system:trade-order:create')")
			
 
				     public CommonResult<Long> createOrder(@Valid @RequestBody TradeOrderCreateReqVO createReqVO) {
			
 
				-        return success(tradeOrderService.createOrder(createReqVO,null));
			
 
				+        return success(tradeOrderService.createOrder(createReqVO, null));
			
 
				     }
			
 
				 
			
 
				     @GetMapping("/page")
			
@@ -51,7 +50,7 @@ public class TradeOrderController {
 
				 
			
 
				     @PostMapping("/update-paid")
			
 
				     @Operation(summary = "更新订单为已支付") // 由 pay-module 支付服务，进行回调，可见 PayNotifyJob
			
 
				-    @PreAuthenticated // 无需登录，安全由 PayOrderService 内部校验实现
			
 
				+    @PermitAll
			
 
				     public CommonResult<Boolean> updateOrderPaid(@RequestBody PayOrderNotifyReqDTO notifyReqDTO) {
			
 
				         tradeOrderService.updateOrderPaid(Long.valueOf(notifyReqDTO.getMerchantOrderId()),
			
 
				                 notifyReqDTO.getPayOrderId());
			
@@ -69,7 +68,7 @@ public class TradeOrderController {
 
				 
			
 
				     @PostMapping("/update-refunded")
			
 
				     @Operation(summary = "更新订单为已退款") // 由 pay-module 支付服务，进行回调，可见 PayNotifyJob
			
 
				-    @PreAuthenticated // 无需登录，安全由 PayOrderService 内部校验实现
			
 
				+    @PermitAll
			
 
				     public CommonResult<Boolean> updateOrderRefunded(@RequestBody PayRefundNotifyReqDTO notifyReqDTO) {
			
 
				         tradeOrderService.updateOrderRefunded(Long.valueOf(notifyReqDTO.getMerchantOrderId()),
			
 
				                 notifyReqDTO.getPayRefundId());