csxj2026/junhong_cmp_fiber
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

refactor: 数据权限过滤从 GORM Callback 改为 Store 层显式调用
All checks were successful
构建并部署到测试环境(无 SSH) / build-and-deploy (push) Successful in 7m2s
Details

Browse Source 
- 移除 RegisterDataPermissionCallback 和 SkipDataPermission 机制
- 在 Auth 中间件预计算 SubordinateShopIDs 并注入 Context
- 新增 ApplyShopFilter/ApplyEnterpriseFilter/ApplyOwnerShopFilter 等 Helper 函数
- 所有 Store 层查询方法显式调用数据权限过滤函数
- 权限检查函数 CanManageShop/CanManageEnterprise 改为从 Context 获取数据

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
huang
2026-02-26 16:38:52 +08:00
parent 4ba1f5b99d
commit 03a0960c4d
46 changed files with 1573 additions and 705 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
internal/store/postgres/account_store.go
View File

@@ -3,9 +3,9 @@ package postgres
import (
"context"
"github.com/break/junhong_cmp_fiber/internal/store"
"github.com/break/junhong_cmp_fiber/internal/model"
"github.com/break/junhong_cmp_fiber/internal/store"
"github.com/break/junhong_cmp_fiber/pkg/middleware"
"github.com/redis/go-redis/v9"
"gorm.io/gorm"
)
@@ -32,7 +32,12 @@ func (s *AccountStore) Create(ctx context.Context, account *model.Account) error
// GetByID 根据 ID 获取账号
func (s *AccountStore) GetByID(ctx context.Context, id uint) (*model.Account, error) {
var account model.Account
if err := s.db.WithContext(ctx).First(&account, id).Error; err != nil {
query := s.db.WithContext(ctx).Where("id = ?", id)
// 根据当前用户类型应用数据权限过滤
// 代理用户:过滤 shop_id企业用户过滤 enterprise_id
query = middleware.ApplyShopFilter(ctx, query)
query = middleware.ApplyEnterpriseFilter(ctx, query)
if err := query.First(&account).Error; err != nil {
return nil, err
}
return &account, nil
@@ -68,7 +73,10 @@ func (s *AccountStore) GetByUsernameOrPhone(ctx context.Context, identifier stri
// GetByShopID 根据店铺 ID 查询账号列表
func (s *AccountStore) GetByShopID(ctx context.Context, shopID uint) ([]*model.Account, error) {
var accounts []*model.Account
if err := s.db.WithContext(ctx).Where("shop_id = ?", shopID).Find(&accounts).Error; err != nil {
query := s.db.WithContext(ctx).Where("shop_id = ?", shopID)
// 应用数据权限过滤
query = middleware.ApplyShopFilter(ctx, query)
if err := query.Find(&accounts).Error; err != nil {
return nil, err
}
return accounts, nil
@@ -77,7 +85,10 @@ func (s *AccountStore) GetByShopID(ctx context.Context, shopID uint) ([]*model.A
// GetByEnterpriseID 根据企业 ID 查询账号列表
func (s *AccountStore) GetByEnterpriseID(ctx context.Context, enterpriseID uint) ([]*model.Account, error) {
var accounts []*model.Account
if err := s.db.WithContext(ctx).Where("enterprise_id = ?", enterpriseID).Find(&accounts).Error; err != nil {
query := s.db.WithContext(ctx).Where("enterprise_id = ?", enterpriseID)
// 应用企业数据权限过滤
query = middleware.ApplyEnterpriseFilter(ctx, query)
if err := query.Find(&accounts).Error; err != nil {
return nil, err
}
return accounts, nil
@@ -99,6 +110,10 @@ func (s *AccountStore) List(ctx context.Context, opts *store.QueryOptions, filte
var total int64
query := s.db.WithContext(ctx).Model(&model.Account{})
// 根据当前用户类型应用数据权限过滤
// 代理用户:过滤 shop_id企业用户过滤 enterprise_id
query = middleware.ApplyShopFilter(ctx, query)
query = middleware.ApplyEnterpriseFilter(ctx, query)
// 应用过滤条件
if username, ok := filters["username"].(string); ok && username != "" {
@@ -229,7 +244,11 @@ func (s *AccountStore) GetByIDs(ctx context.Context, ids []uint) ([]*model.Accou
return []*model.Account{}, nil
}
var accounts []*model.Account
if err := s.db.WithContext(ctx).Where("id IN ?", ids).Find(&accounts).Error; err != nil {
query := s.db.WithContext(ctx).Where("id IN ?", ids)
// 根据当前用户类型应用数据权限过滤
query = middleware.ApplyShopFilter(ctx, query)
query = middleware.ApplyEnterpriseFilter(ctx, query)
if err := query.Find(&accounts).Error; err != nil {
return nil, err
}
return accounts, nil
@@ -240,9 +259,11 @@ func (s *AccountStore) GetPrimaryAccountsByShopIDs(ctx context.Context, shopIDs
return []*model.Account{}, nil
}
var accounts []*model.Account
if err := s.db.WithContext(ctx).
Where("shop_id IN ? AND is_primary = ?", shopIDs, true).
Find(&accounts).Error; err != nil {
query := s.db.WithContext(ctx).
Where("shop_id IN ? AND is_primary = ?", shopIDs, true)
// 应用数据权限过滤
query = middleware.ApplyShopFilter(ctx, query)
if err := query.Find(&accounts).Error; err != nil {
return nil, err
}
return accounts, nil
@@ -254,6 +275,8 @@ func (s *AccountStore) ListByShopID(ctx context.Context, shopID uint, opts *stor
var total int64
query := s.db.WithContext(ctx).Model(&model.Account{}).Where("shop_id = ?", shopID)
// 应用数据权限过滤
query = middleware.ApplyShopFilter(ctx, query)
if username, ok := filters["username"].(string); ok && username != "" {
query = query.Where("username LIKE ?", "%"+username+"%")