跳到主要内容

商品查询架构文档

1 包规划

主包名为:com.enation.app.cms,下面的包皆以此为父包:

goods
model模型
popo模型
vo装修所所需相应模型
controller控制器
service业务类接口
impl业务类实现
tag标签

2 商品查询API(商家查询和平台查询)

2.1 总体类图

image-20201102104331454

GoodsQueryParam是查询所用的参数模型类,shop_cat_id是店铺分类,seller_id是卖家id,具体说明如下:

2.2 查询的时序图

image-20201102104347779

在查询时通过UserContext和IStoreMemberManager鉴定相应权限,这两个类在这些包下:

GoodsManager的查询功能可参考微服务中的此类:

com.enation.shoptnt.controller.backend.GoodsBackController中的查询方法:

@Override
public Page list(GoodsQueryParam goodsQueryParam) {
    StringBuffer sqlBuffer = new StringBuffer();
    sqlBuffer.append(
            "select g.goods_id,g.goods_name,g.sn,g.thumbnail,g.seller_name,g.enable_quantity,g.quantity,g.price,g.create_time,g.market_enable ,b.`name` brand_name,c.`name` category_name "
                    + "from es_goods g left join es_goods_category c on g.category_id = c.category_id left join es_brand b on g.brand_id = b.brand_id "
                    + "where  g.disabled = 0  ");
    if (goodsQueryParam.getMarket_enable() == null || (goodsQueryParam.getMarket_enable().intValue() != 1
            && goodsQueryParam.getMarket_enable().intValue() != 2)) {
        sqlBuffer.append(" and g.market_enable !=2 ");
    } else {
        sqlBuffer.append(" and g.market_enable = " + goodsQueryParam.getMarket_enable());
    }

    if (goodsQueryParam.getStype().intValue() == 0) {
        if (!StringUtil.isEmpty(goodsQueryParam.getKeyword())) {
            sqlBuffer.append(" and (g.goods_name like '%" + goodsQueryParam.getKeyword() + "%' or g.sn like '%"
                    + goodsQueryParam.getKeyword() + "%') ");
        }
    } else {
        // 高级搜索
        if (goodsQueryParam.getCategory_id() != null) {
            Category category = this.daoSupport.queryForObject(
                    "select * from es_goods_category where category_id=? ", Category.class,
                    goodsQueryParam.getCategory_id());
            if (category != null) {
                String cat_path = category.getCategory_path();
                if (cat_path != null) {
                    sqlBuffer.append(" and  g.category_id in(");
                    sqlBuffer.append("select c.category_id from es_goods_category");
                    sqlBuffer.append(" c where c.category_path like '" + cat_path + "%')");
                }
            }
        }
        if (!StringUtil.isEmpty(goodsQueryParam.getGoods_name())) {
            sqlBuffer.append(" and g.goods_name like '%" + goodsQueryParam.getGoods_name() + "%'");
        }
        if (!StringUtil.isEmpty(goodsQueryParam.getSeller_name())) {
            sqlBuffer.append(" and g.seller_name like '%" + goodsQueryParam.getSeller_name() + "%'");
        }
        if (!StringUtil.isEmpty(goodsQueryParam.getGoods_sn())) {
            sqlBuffer.append(" and g.sn like '%" + goodsQueryParam.getGoods_sn() + "%'");
        }
    }
    sqlBuffer.append(" order by g.goods_id desc");
    Page page = this.daoSupport.queryForPage(sqlBuffer.toString(), goodsQueryParam.getPage_no(),
            goodsQueryParam.getPage_size());
    return page;
}

但是要加入卖家id不为空,则进行相应的查询的条件

而且不能有字串拼接,必须要用?号传参,否则有sql注入风险

这个技术点可以参考微服务版中订单查询服务的:

com.enation.shoptnt.order.manager.impl.OrderDBQueryManager#querySeller

2.3 api路径

get:/shop/seller/goods/search.do

get:/shop/admin/goods/search.do