refactor: 数据权限过滤从 GORM Callback 改为 Store 层显式调用
All checks were successful
构建并部署到测试环境(无 SSH) / build-and-deploy (push) Successful in 7m2s
All checks were successful
构建并部署到测试环境(无 SSH) / build-and-deploy (push) Successful in 7m2s
- 移除 RegisterDataPermissionCallback 和 SkipDataPermission 机制 - 在 Auth 中间件预计算 SubordinateShopIDs 并注入 Context - 新增 ApplyShopFilter/ApplyEnterpriseFilter/ApplyOwnerShopFilter 等 Helper 函数 - 所有 Store 层查询方法显式调用数据权限过滤函数 - 权限检查函数 CanManageShop/CanManageEnterprise 改为从 Context 获取数据 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -6,7 +6,6 @@ import (
|
||||
"github.com/break/junhong_cmp_fiber/internal/model"
|
||||
"github.com/break/junhong_cmp_fiber/pkg/config"
|
||||
"github.com/break/junhong_cmp_fiber/pkg/constants"
|
||||
pkgGorm "github.com/break/junhong_cmp_fiber/pkg/gorm"
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
@@ -15,7 +14,6 @@ func initDefaultAdmin(deps *Dependencies, services *services) error {
|
||||
cfg := config.Get()
|
||||
|
||||
ctx := context.Background()
|
||||
ctx = pkgGorm.SkipDataPermission(ctx)
|
||||
|
||||
var count int64
|
||||
if err := deps.DB.WithContext(ctx).Model(&model.Account{}).Where("user_type = ?", constants.UserTypeSuperAdmin).Count(&count).Error; err != nil {
|
||||
|
||||
@@ -45,8 +45,8 @@ func Bootstrap(deps *Dependencies) (*BootstrapResult, error) {
|
||||
deps.Logger.Error("初始化默认超级管理员失败", zap.Error(err))
|
||||
}
|
||||
|
||||
// 5. 初始化 Middleware 层
|
||||
middlewares := initMiddlewares(deps)
|
||||
// 5. 初始化 Middleware 层(传入 ShopStore 以支持预计算下级店铺 ID)
|
||||
middlewares := initMiddlewares(deps, stores)
|
||||
|
||||
// 6. 初始化 Handler 层
|
||||
handlers := initHandlers(services, deps)
|
||||
@@ -59,17 +59,12 @@ func Bootstrap(deps *Dependencies) (*BootstrapResult, error) {
|
||||
|
||||
// registerGORMCallbacks 注册 GORM Callbacks
|
||||
func registerGORMCallbacks(deps *Dependencies, stores *stores) error {
|
||||
// 注册数据权限过滤 Callback(使用 ShopStore 来查询下级店铺 ID)
|
||||
if err := pkgGorm.RegisterDataPermissionCallback(deps.DB, stores.Shop); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// 注册自动添加创建&更新人 Callback
|
||||
if err := pkgGorm.RegisterSetCreatorUpdaterCallback(deps.DB); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// TODO: 在此添加其他 GORM Callbacks
|
||||
// 数据权限过滤已移至 Store 层显式调用 ApplyXxxFilter 函数
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -14,7 +14,7 @@ import (
|
||||
)
|
||||
|
||||
// initMiddlewares 初始化所有中间件
|
||||
func initMiddlewares(deps *Dependencies) *Middlewares {
|
||||
func initMiddlewares(deps *Dependencies, stores *stores) *Middlewares {
|
||||
// 获取全局配置
|
||||
cfg := config.Get()
|
||||
|
||||
@@ -29,11 +29,11 @@ func initMiddlewares(deps *Dependencies) *Middlewares {
|
||||
refreshTTL := time.Duration(cfg.JWT.RefreshTokenTTL) * time.Second
|
||||
tokenManager := pkgauth.NewTokenManager(deps.Redis, accessTTL, refreshTTL)
|
||||
|
||||
// 创建后台认证中间件
|
||||
adminAuthMiddleware := createAdminAuthMiddleware(tokenManager)
|
||||
// 创建后台认证中间件(传入 ShopStore 以支持预计算下级店铺 ID)
|
||||
adminAuthMiddleware := createAdminAuthMiddleware(tokenManager, stores.Shop)
|
||||
|
||||
// 创建H5认证中间件
|
||||
h5AuthMiddleware := createH5AuthMiddleware(tokenManager)
|
||||
// 创建H5认证中间件(传入 ShopStore 以支持预计算下级店铺 ID)
|
||||
h5AuthMiddleware := createH5AuthMiddleware(tokenManager, stores.Shop)
|
||||
|
||||
return &Middlewares{
|
||||
PersonalAuth: personalAuthMiddleware,
|
||||
@@ -42,7 +42,7 @@ func initMiddlewares(deps *Dependencies) *Middlewares {
|
||||
}
|
||||
}
|
||||
|
||||
func createAdminAuthMiddleware(tokenManager *pkgauth.TokenManager) fiber.Handler {
|
||||
func createAdminAuthMiddleware(tokenManager *pkgauth.TokenManager, shopStore pkgmiddleware.AuthShopStoreInterface) fiber.Handler {
|
||||
return pkgmiddleware.Auth(pkgmiddleware.AuthConfig{
|
||||
TokenValidator: func(token string) (*pkgmiddleware.UserContextInfo, error) {
|
||||
tokenInfo, err := tokenManager.ValidateAccessToken(context.Background(), token)
|
||||
@@ -65,10 +65,11 @@ func createAdminAuthMiddleware(tokenManager *pkgauth.TokenManager) fiber.Handler
|
||||
}, nil
|
||||
},
|
||||
SkipPaths: []string{"/api/admin/login", "/api/admin/refresh-token"},
|
||||
ShopStore: shopStore,
|
||||
})
|
||||
}
|
||||
|
||||
func createH5AuthMiddleware(tokenManager *pkgauth.TokenManager) fiber.Handler {
|
||||
func createH5AuthMiddleware(tokenManager *pkgauth.TokenManager, shopStore pkgmiddleware.AuthShopStoreInterface) fiber.Handler {
|
||||
return pkgmiddleware.Auth(pkgmiddleware.AuthConfig{
|
||||
TokenValidator: func(token string) (*pkgmiddleware.UserContextInfo, error) {
|
||||
tokenInfo, err := tokenManager.ValidateAccessToken(context.Background(), token)
|
||||
@@ -90,5 +91,6 @@ func createH5AuthMiddleware(tokenManager *pkgauth.TokenManager) fiber.Handler {
|
||||
}, nil
|
||||
},
|
||||
SkipPaths: []string{"/api/h5/login", "/api/h5/refresh-token"},
|
||||
ShopStore: shopStore,
|
||||
})
|
||||
}
|
||||
|
||||
@@ -147,6 +147,6 @@ func initServices(s *stores, deps *Dependencies) *services {
|
||||
PollingMonitoring: pollingSvc.NewMonitoringService(deps.Redis),
|
||||
PollingAlert: pollingSvc.NewAlertService(s.PollingAlertRule, s.PollingAlertHistory, deps.Redis, deps.Logger),
|
||||
PollingCleanup: pollingSvc.NewCleanupService(s.DataCleanupConfig, s.DataCleanupLog, deps.Logger),
|
||||
PollingManualTrigger: pollingSvc.NewManualTriggerService(s.PollingManualTriggerLog, s.IotCard, s.Shop, deps.Redis, deps.Logger),
|
||||
PollingManualTrigger: pollingSvc.NewManualTriggerService(s.PollingManualTriggerLog, s.IotCard, deps.Redis, deps.Logger),
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user