refactor: 数据权限过滤从 GORM Callback 改为 Store 层显式调用

- 移除 RegisterDataPermissionCallback 和 SkipDataPermission 机制
- 在 Auth 中间件预计算 SubordinateShopIDs 并注入 Context
- 新增 ApplyShopFilter/ApplyEnterpriseFilter/ApplyOwnerShopFilter 等 Helper 函数
- 所有 Store 层查询方法显式调用数据权限过滤函数
- 权限检查函数 CanManageShop/CanManageEnterprise 改为从 Context 获取数据

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

internal/store/postgres/enterprise_store.go

@@ -6,6 +6,7 @@ import (
 	"github.com/break/junhong_cmp_fiber/internal/model"
 	"github.com/break/junhong_cmp_fiber/internal/store"
 	"github.com/break/junhong_cmp_fiber/pkg/constants"
+	"github.com/break/junhong_cmp_fiber/pkg/middleware"
 	"github.com/redis/go-redis/v9"
 	"gorm.io/gorm"
 )
@@ -32,7 +33,10 @@ func (s *EnterpriseStore) Create(ctx context.Context, enterprise *model.Enterpri
 // GetByID 根据 ID 获取企业
 func (s *EnterpriseStore) GetByID(ctx context.Context, id uint) (*model.Enterprise, error) {
 	var enterprise model.Enterprise
-	if err := s.db.WithContext(ctx).First(&enterprise, id).Error; err != nil {
+	query := s.db.WithContext(ctx).Where("id = ?", id)
+	// 应用归属店铺数据权限过滤
+	query = middleware.ApplyOwnerShopFilter(ctx, query)
+	if err := query.First(&enterprise).Error; err != nil {
 		return nil, err
 	}
 	return &enterprise, nil
@@ -41,7 +45,10 @@ func (s *EnterpriseStore) GetByID(ctx context.Context, id uint) (*model.Enterpri
 // GetByCode 根据企业编号获取企业
 func (s *EnterpriseStore) GetByCode(ctx context.Context, code string) (*model.Enterprise, error) {
 	var enterprise model.Enterprise
-	if err := s.db.WithContext(ctx).Where("enterprise_code = ?", code).First(&enterprise).Error; err != nil {
+	query := s.db.WithContext(ctx).Where("enterprise_code = ?", code)
+	// 应用归属店铺数据权限过滤
+	query = middleware.ApplyOwnerShopFilter(ctx, query)
+	if err := query.First(&enterprise).Error; err != nil {
 		return nil, err
 	}
 	return &enterprise, nil
@@ -63,6 +70,8 @@ func (s *EnterpriseStore) List(ctx context.Context, opts *store.QueryOptions, fi
 	var total int64
 
 	query := s.db.WithContext(ctx).Model(&model.Enterprise{})
+	// 应用归属店铺数据权限过滤
+	query = middleware.ApplyOwnerShopFilter(ctx, query)
 
 	// 应用过滤条件
 	if enterpriseName, ok := filters["enterprise_name"].(string); ok && enterpriseName != "" {
@@ -111,7 +120,10 @@ func (s *EnterpriseStore) List(ctx context.Context, opts *store.QueryOptions, fi
 // GetByOwnerShopID 根据归属店铺 ID 查询企业列表
 func (s *EnterpriseStore) GetByOwnerShopID(ctx context.Context, ownerShopID uint) ([]*model.Enterprise, error) {
 	var enterprises []*model.Enterprise
-	if err := s.db.WithContext(ctx).Where("owner_shop_id = ?", ownerShopID).Find(&enterprises).Error; err != nil {
+	query := s.db.WithContext(ctx).Where("owner_shop_id = ?", ownerShopID)
+	// 应用归属店铺数据权限过滤
+	query = middleware.ApplyOwnerShopFilter(ctx, query)
+	if err := query.Find(&enterprises).Error; err != nil {
 		return nil, err
 	}
 	return enterprises, nil
@@ -120,7 +132,10 @@ func (s *EnterpriseStore) GetByOwnerShopID(ctx context.Context, ownerShopID uint
 // GetPlatformEnterprises 获取平台直属企业列表（owner_shop_id 为 NULL）
 func (s *EnterpriseStore) GetPlatformEnterprises(ctx context.Context) ([]*model.Enterprise, error) {
 	var enterprises []*model.Enterprise
-	if err := s.db.WithContext(ctx).Where("owner_shop_id IS NULL").Find(&enterprises).Error; err != nil {
+	query := s.db.WithContext(ctx).Where("owner_shop_id IS NULL")
+	// 应用归属店铺数据权限过滤（代理用户无法看到平台直属企业）
+	query = middleware.ApplyOwnerShopFilter(ctx, query)
+	if err := query.Find(&enterprises).Error; err != nil {
 		return nil, err
 	}
 	return enterprises, nil
@@ -132,7 +147,10 @@ func (s *EnterpriseStore) GetByIDs(ctx context.Context, ids []uint) ([]*model.En
 		return []*model.Enterprise{}, nil
 	}
 	var enterprises []*model.Enterprise
-	if err := s.db.WithContext(ctx).Where("id IN ?", ids).Find(&enterprises).Error; err != nil {
+	query := s.db.WithContext(ctx).Where("id IN ?", ids)
+	// 应用归属店铺数据权限过滤
+	query = middleware.ApplyOwnerShopFilter(ctx, query)
+	if err := query.Find(&enterprises).Error; err != nil {
 		return nil, err
 	}
 	return enterprises, nil