feat(app): 增加课程详情接口匿名访问支持并优化订单查询逻辑

- 在 Shiro 配置中添加 /app/detail/getCourseInfo 接口的匿名访问权限-为 scanCodeQueryOrder 方法增加商户权限校验，防止越权操作
-优化课程详情服务中的用户登录状态判断，避免空指针异常
- 改进订单退款时间设置逻辑，增加空值兜底处理，提升系统健壮性

national-motion-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java

@@ -121,6 +121,7 @@ public class ShiroConfig {
         filterChainDefinitionMap.put("/app/detail/getAllCourseCategory", "anon");
         filterChainDefinitionMap.put("/app/detail/getPlaceInfoNoFixation", "anon");
         filterChainDefinitionMap.put("/app/game/findById", "anon");
+        filterChainDefinitionMap.put("/app/detail/getCourseInfo", "anon");
         filterChainDefinitionMap.put("/app/stadium/getPlaceInfo", "anon");
         filterChainDefinitionMap.put("/test/**", "anon");//测试
 

national-motion-module-system/national-motion-system-biz/src/main/java/org/jeecg/modules/app/service/impl/DetailServiceImpl.java

@@ -229,7 +229,11 @@ public class DetailServiceImpl implements IDetailService {
         });
 
         courseInfoVO.setCourseDetail(courseDetailVOList);
-        courseInfoVO.setHasDiscount(checkOrderOrFree(loginUser.getId(),courseInfoVO.getCategoryId(),id));
+        if(null != loginUser){
+            courseInfoVO.setHasDiscount(checkOrderOrFree(loginUser.getId(),courseInfoVO.getCategoryId(),id));
+        }else {
+            courseInfoVO.setHasDiscount(false);
+        }
         return courseInfoVO;
     }
 

national-motion-module-system/national-motion-system-biz/src/main/java/org/jeecg/modules/app/service/impl/OrderServiceImpl.java

@@ -1782,8 +1782,13 @@ public class OrderServiceImpl implements IOrderService {
                 String appSiteRulesId = record.getProductIds().split(",")[0];
                 AppSitePriceRules appSitePriceRules = appSitePriceRulesMapper.selectById(appSiteRulesId);
                 if (ObjectUtil.isNotEmpty(appSitePriceRules)) {
-                    AppSitePlace appSitePlace = appSitePlaceMapper.selectById(appSitePriceRules.getSitePlaceId());
-                    record.setEarlyRefundTime(appSitePlace.getEarlyRefundTime());
+                    AppSitePlace appSitePlace = appSitePlaceMapper.selectOne(Wrappers.<AppSitePlace>lambdaQuery()
+                            .eq(AppSitePlace::getId, appSitePriceRules.getSitePlaceId()));
+                    if(null != appSitePlace){
+                        record.setEarlyRefundTime(appSitePlace.getEarlyRefundTime());
+                    }else {
+                        record.setEarlyRefundTime(60);
+                    }
                 }
             }
 

national-motion-module-system/national-motion-system-biz/src/main/java/org/jeecg/modules/system/app/service/impl/AppOrderServiceImpl.java

@@ -258,8 +258,11 @@ public class AppOrderServiceImpl extends ServiceImpl<AppOrderMapper, AppOrder> i
 
     @Override
     public ScanCodeQueryOrderVO scanCodeQueryOrder(String orderId) {
-
+        LoginUser loginUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
         AppOrder appOrder = appOrderMapper.selectById(orderId);
+        if(!appOrder.getOrgCode().equals(loginUser.getOrgCode())) {
+            throw new JeecgBootException("当前券码不属于该商户，无权限操作！");
+        }
         AppSite site = appSiteMapper.selectOne(Wrappers.<AppSite>lambdaQuery().eq(AppSite::getOrgCode, appOrder.getOrgCode()));
 
         ScanCodeQueryOrderVO scanCodeQueryOrderVO = new ScanCodeQueryOrderVO();