fix: 修复代理用户能看到未分配套餐系列的问题
Some checks failed
构建并部署到测试环境(无 SSH) / build-and-deploy (push) Has been cancelled
Some checks failed
构建并部署到测试环境(无 SSH) / build-and-deploy (push) Has been cancelled
问题:代理用户登录后能看到所有套餐系列,即使没有分配给该店铺 原因:PackageSeries 模型没有 shop_id 字段,GORM Callback 无法自动过滤 修复: - 在 package_series Service 的 List 方法中添加权限过滤 - 代理用户只能看到通过 shop_series_allocation 分配给自己店铺的系列 - 平台用户/超级管理员可以看到所有套餐系列 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -130,7 +130,7 @@ func initServices(s *stores, deps *Dependencies) *services {
|
||||
DeviceImport: deviceImportSvc.New(deps.DB, s.DeviceImportTask, deps.QueueClient),
|
||||
AssetAllocationRecord: assetAllocationRecordSvc.New(deps.DB, s.AssetAllocationRecord, s.Shop, s.Account),
|
||||
Carrier: carrierSvc.New(s.Carrier),
|
||||
PackageSeries: packageSeriesSvc.New(s.PackageSeries),
|
||||
PackageSeries: packageSeriesSvc.New(s.PackageSeries, s.ShopSeriesAllocation),
|
||||
Package: packageSvc.New(s.Package, s.PackageSeries, s.ShopPackageAllocation, s.ShopSeriesAllocation),
|
||||
PackageDailyRecord: packageSvc.NewDailyRecordService(deps.DB, deps.Redis, s.PackageUsageDailyRecord, deps.Logger),
|
||||
PackageCustomerView: packageSvc.NewCustomerViewService(deps.DB, deps.Redis, s.PackageUsage, deps.Logger),
|
||||
|
||||
@@ -16,11 +16,15 @@ import (
|
||||
)
|
||||
|
||||
type Service struct {
|
||||
packageSeriesStore *postgres.PackageSeriesStore
|
||||
packageSeriesStore *postgres.PackageSeriesStore
|
||||
shopSeriesAllocationStore *postgres.ShopSeriesAllocationStore
|
||||
}
|
||||
|
||||
func New(packageSeriesStore *postgres.PackageSeriesStore) *Service {
|
||||
return &Service{packageSeriesStore: packageSeriesStore}
|
||||
func New(packageSeriesStore *postgres.PackageSeriesStore, shopSeriesAllocationStore *postgres.ShopSeriesAllocationStore) *Service {
|
||||
return &Service{
|
||||
packageSeriesStore: packageSeriesStore,
|
||||
shopSeriesAllocationStore: shopSeriesAllocationStore,
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Service) Create(ctx context.Context, req *dto.CreatePackageSeriesRequest) (*dto.PackageSeriesResponse, error) {
|
||||
@@ -166,6 +170,33 @@ func (s *Service) List(ctx context.Context, req *dto.PackageSeriesListRequest) (
|
||||
filters["enable_one_time_commission"] = *req.EnableOneTimeCommission
|
||||
}
|
||||
|
||||
// 获取用户类型,代理用户需要过滤只能看到分配给自己店铺的套餐系列
|
||||
userType := middleware.GetUserTypeFromContext(ctx)
|
||||
if userType == constants.UserTypeAgent {
|
||||
shopID := middleware.GetShopIDFromContext(ctx)
|
||||
if shopID == 0 {
|
||||
// 代理用户没有店铺,返回空结果
|
||||
return []*dto.PackageSeriesResponse{}, 0, nil
|
||||
}
|
||||
|
||||
// 查询分配给该店铺的系列 ID
|
||||
allocations, err := s.shopSeriesAllocationStore.GetByShopID(ctx, shopID)
|
||||
if err != nil {
|
||||
return nil, 0, errors.Wrap(errors.CodeInternalError, err, "查询套餐系列分配失败")
|
||||
}
|
||||
if len(allocations) == 0 {
|
||||
// 没有分配任何套餐系列,返回空结果
|
||||
return []*dto.PackageSeriesResponse{}, 0, nil
|
||||
}
|
||||
|
||||
// 提取系列 ID 列表
|
||||
seriesIDs := make([]uint, len(allocations))
|
||||
for i, a := range allocations {
|
||||
seriesIDs[i] = a.SeriesID
|
||||
}
|
||||
filters["series_ids"] = seriesIDs
|
||||
}
|
||||
|
||||
seriesList, total, err := s.packageSeriesStore.List(ctx, opts, filters)
|
||||
if err != nil {
|
||||
return nil, 0, errors.Wrap(errors.CodeInternalError, err, "查询套餐系列列表失败")
|
||||
|
||||
@@ -72,6 +72,10 @@ func (s *PackageSeriesStore) List(ctx context.Context, opts *store.QueryOptions,
|
||||
if enableOneTime, ok := filters["enable_one_time_commission"].(bool); ok {
|
||||
query = query.Where("enable_one_time_commission = ?", enableOneTime)
|
||||
}
|
||||
// 支持按系列 ID 列表过滤(用于代理用户只能看到分配给自己店铺的套餐系列)
|
||||
if seriesIDs, ok := filters["series_ids"].([]uint); ok && len(seriesIDs) > 0 {
|
||||
query = query.Where("id IN ?", seriesIDs)
|
||||
}
|
||||
|
||||
if err := query.Count(&total).Error; err != nil {
|
||||
return nil, 0, err
|
||||
|
||||
Reference in New Issue
Block a user