refactor: 数据权限过滤从 GORM Callback 改为 Store 层显式调用
All checks were successful
构建并部署到测试环境(无 SSH) / build-and-deploy (push) Successful in 7m2s
All checks were successful
构建并部署到测试环境(无 SSH) / build-and-deploy (push) Successful in 7m2s
- 移除 RegisterDataPermissionCallback 和 SkipDataPermission 机制 - 在 Auth 中间件预计算 SubordinateShopIDs 并注入 Context - 新增 ApplyShopFilter/ApplyEnterpriseFilter/ApplyOwnerShopFilter 等 Helper 函数 - 所有 Store 层查询方法显式调用数据权限过滤函数 - 权限检查函数 CanManageShop/CanManageEnterprise 改为从 Context 获取数据 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -19,7 +19,6 @@ import (
|
||||
type ManualTriggerService struct {
|
||||
logStore *postgres.PollingManualTriggerLogStore
|
||||
iotCardStore *postgres.IotCardStore
|
||||
shopStore middleware.ShopStoreInterface
|
||||
redis *redis.Client
|
||||
logger *zap.Logger
|
||||
}
|
||||
@@ -28,14 +27,12 @@ type ManualTriggerService struct {
|
||||
func NewManualTriggerService(
|
||||
logStore *postgres.PollingManualTriggerLogStore,
|
||||
iotCardStore *postgres.IotCardStore,
|
||||
shopStore middleware.ShopStoreInterface,
|
||||
redis *redis.Client,
|
||||
logger *zap.Logger,
|
||||
) *ManualTriggerService {
|
||||
return &ManualTriggerService{
|
||||
logStore: logStore,
|
||||
iotCardStore: iotCardStore,
|
||||
shopStore: shopStore,
|
||||
redis: redis,
|
||||
logger: logger,
|
||||
}
|
||||
@@ -386,7 +383,7 @@ func (s *ManualTriggerService) canManageCard(ctx context.Context, cardID uint) e
|
||||
}
|
||||
|
||||
// 检查代理是否有权管理该店铺
|
||||
return middleware.CanManageShop(ctx, *card.ShopID, s.shopStore)
|
||||
return middleware.CanManageShop(ctx, *card.ShopID)
|
||||
}
|
||||
|
||||
// canManageCards 检查用户是否有权管理多张卡
|
||||
@@ -403,18 +400,13 @@ func (s *ManualTriggerService) canManageCards(ctx context.Context, cardIDs []uin
|
||||
return errors.New(errors.CodeForbidden, "企业账号无权限手动触发轮询")
|
||||
}
|
||||
|
||||
// 代理账号只能管理自己店铺及下级店铺的卡
|
||||
currentShopID := middleware.GetShopIDFromContext(ctx)
|
||||
if currentShopID == 0 {
|
||||
// 从 Context 获取预计算的下级店铺 ID 列表
|
||||
subordinateIDs := middleware.GetSubordinateShopIDs(ctx)
|
||||
if subordinateIDs == nil {
|
||||
// 平台用户/超管不受限制,但这里不应该进入(前面已经检查过用户类型)
|
||||
return errors.New(errors.CodeForbidden, "无权限操作")
|
||||
}
|
||||
|
||||
// 获取下级店铺ID列表
|
||||
subordinateIDs, err := s.shopStore.GetSubordinateShopIDs(ctx, currentShopID)
|
||||
if err != nil {
|
||||
return errors.Wrap(errors.CodeInternalError, err, "查询下级店铺失败")
|
||||
}
|
||||
|
||||
// 构建可管理的店铺ID集合
|
||||
allowedShopIDs := make(map[uint]bool)
|
||||
for _, id := range subordinateIDs {
|
||||
@@ -462,7 +454,7 @@ func (s *ManualTriggerService) applyShopPermissionFilter(ctx context.Context, fi
|
||||
|
||||
// 如果用户指定了 ShopID,验证是否在可管理范围内
|
||||
if filter.ShopID != nil {
|
||||
if err := middleware.CanManageShop(ctx, *filter.ShopID, s.shopStore); err != nil {
|
||||
if err := middleware.CanManageShop(ctx, *filter.ShopID); err != nil {
|
||||
return err
|
||||
}
|
||||
// 已指定有效的 ShopID,无需修改
|
||||
|
||||
Reference in New Issue
Block a user