From 1d602ad1f9f38171e611b103450cb85a011f3abd Mon Sep 17 00:00:00 2001 From: huang Date: Thu, 26 Feb 2026 16:55:47 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E4=BB=A3=E7=90=86?= =?UTF-8?q?=E7=94=A8=E6=88=B7=E8=83=BD=E7=9C=8B=E5=88=B0=E5=85=A8=E9=83=A8?= =?UTF-8?q?=E5=BA=97=E9=93=BA=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 在 ShopStore.List 中应用数据权限过滤,新增 ApplyShopIDFilter 函数用于对 Shop 表的 id 字段进行过滤。 Co-Authored-By: Claude Opus 4.5 --- internal/store/postgres/shop_store.go | 3 +++ pkg/middleware/data_scope.go | 12 ++++++++++++ 2 files changed, 15 insertions(+) diff --git a/internal/store/postgres/shop_store.go b/internal/store/postgres/shop_store.go index c855379..ec9f7e1 100644 --- a/internal/store/postgres/shop_store.go +++ b/internal/store/postgres/shop_store.go @@ -7,6 +7,7 @@ import ( "github.com/break/junhong_cmp_fiber/internal/model" "github.com/break/junhong_cmp_fiber/internal/store" "github.com/break/junhong_cmp_fiber/pkg/constants" + "github.com/break/junhong_cmp_fiber/pkg/middleware" "github.com/bytedance/sonic" "github.com/redis/go-redis/v9" "gorm.io/gorm" @@ -101,6 +102,8 @@ func (s *ShopStore) List(ctx context.Context, opts *store.QueryOptions, filters var total int64 query := s.db.WithContext(ctx).Model(&model.Shop{}) + // 应用数据权限过滤:代理用户只能看到自己店铺及下级店铺 + query = middleware.ApplyShopIDFilter(ctx, query) // 应用过滤条件 if shopName, ok := filters["shop_name"].(string); ok && shopName != "" { diff --git a/pkg/middleware/data_scope.go b/pkg/middleware/data_scope.go index aad3d6b..c79ed9a 100644 --- a/pkg/middleware/data_scope.go +++ b/pkg/middleware/data_scope.go @@ -89,3 +89,15 @@ func ApplyShopTagFilter(ctx context.Context, query *gorm.DB) *gorm.DB { } return query.Where("shop_id_tag IN ?", shopIDs) } + +// ApplyShopIDFilter 应用店铺主键数据权限过滤 +// 用于 Shop 表,根据 id 字段过滤 +// 平台用户/超管:不添加条件 +// 代理用户:WHERE id IN (subordinateShopIDs) +func ApplyShopIDFilter(ctx context.Context, query *gorm.DB) *gorm.DB { + shopIDs := GetSubordinateShopIDs(ctx) + if shopIDs == nil { + return query + } + return query.Where("id IN ?", shopIDs) +}