From 1382cbbf4711f75b8ea668e889dcd7cf59ac79b7 Mon Sep 17 00:00:00 2001
From: huang <youdang2000@gmail.com>
Date: Thu, 26 Feb 2026 14:54:52 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E4=BB=A3=E7=90=86?=
 =?UTF-8?q?=E7=94=A8=E6=88=B7=E8=83=BD=E7=9C=8B=E5=88=B0=E6=9C=AA=E5=88=86?=
 =?UTF-8?q?=E9=85=8D=E5=A5=97=E9=A4=90=E7=B3=BB=E5=88=97=E7=9A=84=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

问题：代理用户登录后能看到所有套餐系列，即使没有分配给该店铺

原因：PackageSeries 模型没有 shop_id 字段，GORM Callback 无法自动过滤

修复：
- 在 package_series Service 的 List 方法中添加权限过滤
- 代理用户只能看到通过 shop_series_allocation 分配给自己店铺的系列
- 平台用户/超级管理员可以看到所有套餐系列

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 internal/bootstrap/services.go                |  2 +-
 internal/service/package_series/service.go    | 37 +++++++++++++++++--
 .../store/postgres/package_series_store.go    |  4 ++
 3 files changed, 39 insertions(+), 4 deletions(-)

diff --git a/internal/bootstrap/services.go b/internal/bootstrap/services.go
index 59269f3..4694f5e 100644
--- a/internal/bootstrap/services.go
+++ b/internal/bootstrap/services.go
@@ -130,7 +130,7 @@ func initServices(s *stores, deps *Dependencies) *services {
 		DeviceImport:               deviceImportSvc.New(deps.DB, s.DeviceImportTask, deps.QueueClient),
 		AssetAllocationRecord:      assetAllocationRecordSvc.New(deps.DB, s.AssetAllocationRecord, s.Shop, s.Account),
 		Carrier:                    carrierSvc.New(s.Carrier),
-		PackageSeries:              packageSeriesSvc.New(s.PackageSeries),
+		PackageSeries:              packageSeriesSvc.New(s.PackageSeries, s.ShopSeriesAllocation),
 		Package:                    packageSvc.New(s.Package, s.PackageSeries, s.ShopPackageAllocation, s.ShopSeriesAllocation),
 		PackageDailyRecord:         packageSvc.NewDailyRecordService(deps.DB, deps.Redis, s.PackageUsageDailyRecord, deps.Logger),
 		PackageCustomerView:        packageSvc.NewCustomerViewService(deps.DB, deps.Redis, s.PackageUsage, deps.Logger),
diff --git a/internal/service/package_series/service.go b/internal/service/package_series/service.go
index 2245a48..4aba1fb 100644
--- a/internal/service/package_series/service.go
+++ b/internal/service/package_series/service.go
@@ -16,11 +16,15 @@ import (
 )
 
 type Service struct {
-	packageSeriesStore *postgres.PackageSeriesStore
+	packageSeriesStore         *postgres.PackageSeriesStore
+	shopSeriesAllocationStore  *postgres.ShopSeriesAllocationStore
 }
 
-func New(packageSeriesStore *postgres.PackageSeriesStore) *Service {
-	return &Service{packageSeriesStore: packageSeriesStore}
+func New(packageSeriesStore *postgres.PackageSeriesStore, shopSeriesAllocationStore *postgres.ShopSeriesAllocationStore) *Service {
+	return &Service{
+		packageSeriesStore:        packageSeriesStore,
+		shopSeriesAllocationStore: shopSeriesAllocationStore,
+	}
 }
 
 func (s *Service) Create(ctx context.Context, req *dto.CreatePackageSeriesRequest) (*dto.PackageSeriesResponse, error) {
@@ -166,6 +170,33 @@ func (s *Service) List(ctx context.Context, req *dto.PackageSeriesListRequest) (
 		filters["enable_one_time_commission"] = *req.EnableOneTimeCommission
 	}
 
+	// 获取用户类型，代理用户需要过滤只能看到分配给自己店铺的套餐系列
+	userType := middleware.GetUserTypeFromContext(ctx)
+	if userType == constants.UserTypeAgent {
+		shopID := middleware.GetShopIDFromContext(ctx)
+		if shopID == 0 {
+			// 代理用户没有店铺，返回空结果
+			return []*dto.PackageSeriesResponse{}, 0, nil
+		}
+
+		// 查询分配给该店铺的系列 ID
+		allocations, err := s.shopSeriesAllocationStore.GetByShopID(ctx, shopID)
+		if err != nil {
+			return nil, 0, errors.Wrap(errors.CodeInternalError, err, "查询套餐系列分配失败")
+		}
+		if len(allocations) == 0 {
+			// 没有分配任何套餐系列，返回空结果
+			return []*dto.PackageSeriesResponse{}, 0, nil
+		}
+
+		// 提取系列 ID 列表
+		seriesIDs := make([]uint, len(allocations))
+		for i, a := range allocations {
+			seriesIDs[i] = a.SeriesID
+		}
+		filters["series_ids"] = seriesIDs
+	}
+
 	seriesList, total, err := s.packageSeriesStore.List(ctx, opts, filters)
 	if err != nil {
 		return nil, 0, errors.Wrap(errors.CodeInternalError, err, "查询套餐系列列表失败")
diff --git a/internal/store/postgres/package_series_store.go b/internal/store/postgres/package_series_store.go
index 5deb10a..bd263c7 100644
--- a/internal/store/postgres/package_series_store.go
+++ b/internal/store/postgres/package_series_store.go
@@ -72,6 +72,10 @@ func (s *PackageSeriesStore) List(ctx context.Context, opts *store.QueryOptions,
 	if enableOneTime, ok := filters["enable_one_time_commission"].(bool); ok {
 		query = query.Where("enable_one_time_commission = ?", enableOneTime)
 	}
+	// 支持按系列 ID 列表过滤（用于代理用户只能看到分配给自己店铺的套餐系列）
+	if seriesIDs, ok := filters["series_ids"].([]uint); ok && len(seriesIDs) > 0 {
+		query = query.Where("id IN ?", seriesIDs)
+	}
 
 	if err := query.Count(&total).Error; err != nil {
 		return nil, 0, err