fix: 修复代理用户能看到未分配套餐系列的问题
Some checks failed
构建并部署到测试环境(无 SSH) / build-and-deploy (push) Has been cancelled
Some checks failed
构建并部署到测试环境(无 SSH) / build-and-deploy (push) Has been cancelled
问题:代理用户登录后能看到所有套餐系列,即使没有分配给该店铺 原因:PackageSeries 模型没有 shop_id 字段,GORM Callback 无法自动过滤 修复: - 在 package_series Service 的 List 方法中添加权限过滤 - 代理用户只能看到通过 shop_series_allocation 分配给自己店铺的系列 - 平台用户/超级管理员可以看到所有套餐系列 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -130,7 +130,7 @@ func initServices(s *stores, deps *Dependencies) *services {
|
|||||||
DeviceImport: deviceImportSvc.New(deps.DB, s.DeviceImportTask, deps.QueueClient),
|
DeviceImport: deviceImportSvc.New(deps.DB, s.DeviceImportTask, deps.QueueClient),
|
||||||
AssetAllocationRecord: assetAllocationRecordSvc.New(deps.DB, s.AssetAllocationRecord, s.Shop, s.Account),
|
AssetAllocationRecord: assetAllocationRecordSvc.New(deps.DB, s.AssetAllocationRecord, s.Shop, s.Account),
|
||||||
Carrier: carrierSvc.New(s.Carrier),
|
Carrier: carrierSvc.New(s.Carrier),
|
||||||
PackageSeries: packageSeriesSvc.New(s.PackageSeries),
|
PackageSeries: packageSeriesSvc.New(s.PackageSeries, s.ShopSeriesAllocation),
|
||||||
Package: packageSvc.New(s.Package, s.PackageSeries, s.ShopPackageAllocation, s.ShopSeriesAllocation),
|
Package: packageSvc.New(s.Package, s.PackageSeries, s.ShopPackageAllocation, s.ShopSeriesAllocation),
|
||||||
PackageDailyRecord: packageSvc.NewDailyRecordService(deps.DB, deps.Redis, s.PackageUsageDailyRecord, deps.Logger),
|
PackageDailyRecord: packageSvc.NewDailyRecordService(deps.DB, deps.Redis, s.PackageUsageDailyRecord, deps.Logger),
|
||||||
PackageCustomerView: packageSvc.NewCustomerViewService(deps.DB, deps.Redis, s.PackageUsage, deps.Logger),
|
PackageCustomerView: packageSvc.NewCustomerViewService(deps.DB, deps.Redis, s.PackageUsage, deps.Logger),
|
||||||
|
|||||||
@@ -17,10 +17,14 @@ import (
|
|||||||
|
|
||||||
type Service struct {
|
type Service struct {
|
||||||
packageSeriesStore *postgres.PackageSeriesStore
|
packageSeriesStore *postgres.PackageSeriesStore
|
||||||
|
shopSeriesAllocationStore *postgres.ShopSeriesAllocationStore
|
||||||
}
|
}
|
||||||
|
|
||||||
func New(packageSeriesStore *postgres.PackageSeriesStore) *Service {
|
func New(packageSeriesStore *postgres.PackageSeriesStore, shopSeriesAllocationStore *postgres.ShopSeriesAllocationStore) *Service {
|
||||||
return &Service{packageSeriesStore: packageSeriesStore}
|
return &Service{
|
||||||
|
packageSeriesStore: packageSeriesStore,
|
||||||
|
shopSeriesAllocationStore: shopSeriesAllocationStore,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Service) Create(ctx context.Context, req *dto.CreatePackageSeriesRequest) (*dto.PackageSeriesResponse, error) {
|
func (s *Service) Create(ctx context.Context, req *dto.CreatePackageSeriesRequest) (*dto.PackageSeriesResponse, error) {
|
||||||
@@ -166,6 +170,33 @@ func (s *Service) List(ctx context.Context, req *dto.PackageSeriesListRequest) (
|
|||||||
filters["enable_one_time_commission"] = *req.EnableOneTimeCommission
|
filters["enable_one_time_commission"] = *req.EnableOneTimeCommission
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 获取用户类型,代理用户需要过滤只能看到分配给自己店铺的套餐系列
|
||||||
|
userType := middleware.GetUserTypeFromContext(ctx)
|
||||||
|
if userType == constants.UserTypeAgent {
|
||||||
|
shopID := middleware.GetShopIDFromContext(ctx)
|
||||||
|
if shopID == 0 {
|
||||||
|
// 代理用户没有店铺,返回空结果
|
||||||
|
return []*dto.PackageSeriesResponse{}, 0, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// 查询分配给该店铺的系列 ID
|
||||||
|
allocations, err := s.shopSeriesAllocationStore.GetByShopID(ctx, shopID)
|
||||||
|
if err != nil {
|
||||||
|
return nil, 0, errors.Wrap(errors.CodeInternalError, err, "查询套餐系列分配失败")
|
||||||
|
}
|
||||||
|
if len(allocations) == 0 {
|
||||||
|
// 没有分配任何套餐系列,返回空结果
|
||||||
|
return []*dto.PackageSeriesResponse{}, 0, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// 提取系列 ID 列表
|
||||||
|
seriesIDs := make([]uint, len(allocations))
|
||||||
|
for i, a := range allocations {
|
||||||
|
seriesIDs[i] = a.SeriesID
|
||||||
|
}
|
||||||
|
filters["series_ids"] = seriesIDs
|
||||||
|
}
|
||||||
|
|
||||||
seriesList, total, err := s.packageSeriesStore.List(ctx, opts, filters)
|
seriesList, total, err := s.packageSeriesStore.List(ctx, opts, filters)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, 0, errors.Wrap(errors.CodeInternalError, err, "查询套餐系列列表失败")
|
return nil, 0, errors.Wrap(errors.CodeInternalError, err, "查询套餐系列列表失败")
|
||||||
|
|||||||
@@ -72,6 +72,10 @@ func (s *PackageSeriesStore) List(ctx context.Context, opts *store.QueryOptions,
|
|||||||
if enableOneTime, ok := filters["enable_one_time_commission"].(bool); ok {
|
if enableOneTime, ok := filters["enable_one_time_commission"].(bool); ok {
|
||||||
query = query.Where("enable_one_time_commission = ?", enableOneTime)
|
query = query.Where("enable_one_time_commission = ?", enableOneTime)
|
||||||
}
|
}
|
||||||
|
// 支持按系列 ID 列表过滤(用于代理用户只能看到分配给自己店铺的套餐系列)
|
||||||
|
if seriesIDs, ok := filters["series_ids"].([]uint); ok && len(seriesIDs) > 0 {
|
||||||
|
query = query.Where("id IN ?", seriesIDs)
|
||||||
|
}
|
||||||
|
|
||||||
if err := query.Count(&total).Error; err != nil {
|
if err := query.Count(&total).Error; err != nil {
|
||||||
return nil, 0, err
|
return nil, 0, err
|
||||||
|
|||||||
Reference in New Issue
Block a user