const API = require("../../../lib/API") const db = require("../../../plugin/DataBase/db") const AccessControl = require("../../../lib/AccessControl") const { BaseStdResponse } = require("../../../BaseStdResponse") class GetOrderDetail extends API { constructor() { super() this.setPath('/Admin/Order/Detail') this.setMethod('get') } async onRequest(req, res) { const { uuid, session, orderId } = req.query if (!uuid || !session || !orderId) { return res.json({ ...BaseStdResponse.MISSING_PARAMETER }) } if (!await AccessControl.checkSession(uuid, session)) { return res.status(401).json({ ...BaseStdResponse.ACCESS_DENIED }) } let permission = await AccessControl.getPermission(uuid) if (!permission.includes("admin") && !permission.includes("product")) { return res.json({ ...BaseStdResponse.PERMISSION_DENIED }) } const sql = ` SELECT o.orderId, o.create_time, o.pay_time, o.price, o.state, o.pay_id, o.pay_type, o.goods_id, o.create_user, g.name, g.content, g.icon, g.isHot, g.description, g.category, g.features, g.lepao_count, g.ic_count, g.vip, u.username, u.avatar, u.email AS user_email FROM orders o LEFT JOIN goods g ON o.goods_id = g.id LEFT JOIN users u ON o.create_user = u.uuid WHERE o.orderId = ? ` const rows = await db.query(sql, [orderId]) if (!rows || rows.length !== 1) { return res.json({ ...BaseStdResponse.ERR, msg: '订单不存在' }) } res.json({ ...BaseStdResponse.OK, data: rows[0] }) } } module.exports.GetOrderDetail = GetOrderDetail