fix: 修复代理用户能看到全部店铺的问题

在 ShopStore.List 中应用数据权限过滤，新增 ApplyShopIDFilter
函数用于对 Shop 表的 id 字段进行过滤。

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

internal/store/postgres/shop_store.go

@@ -7,6 +7,7 @@ import (
 	"github.com/break/junhong_cmp_fiber/internal/model"
 	"github.com/break/junhong_cmp_fiber/internal/store"
 	"github.com/break/junhong_cmp_fiber/pkg/constants"
+	"github.com/break/junhong_cmp_fiber/pkg/middleware"
 	"github.com/bytedance/sonic"
 	"github.com/redis/go-redis/v9"
 	"gorm.io/gorm"
@@ -101,6 +102,8 @@ func (s *ShopStore) List(ctx context.Context, opts *store.QueryOptions, filters
 	var total int64
 
 	query := s.db.WithContext(ctx).Model(&model.Shop{})
+	// 应用数据权限过滤：代理用户只能看到自己店铺及下级店铺
+	query = middleware.ApplyShopIDFilter(ctx, query)
 
 	// 应用过滤条件
 	if shopName, ok := filters["shop_name"].(string); ok && shopName != "" {

pkg/middleware/data_scope.go

@@ -89,3 +89,15 @@ func ApplyShopTagFilter(ctx context.Context, query *gorm.DB) *gorm.DB {
 	}
 	return query.Where("shop_id_tag IN ?", shopIDs)
 }
+
+// ApplyShopIDFilter 应用店铺主键数据权限过滤
+// 用于 Shop 表，根据 id 字段过滤
+// 平台用户/超管：不添加条件
+// 代理用户：WHERE id IN (subordinateShopIDs)
+func ApplyShopIDFilter(ctx context.Context, query *gorm.DB) *gorm.DB {
+	shopIDs := GetSubordinateShopIDs(ctx)
+	if shopIDs == nil {
+		return query
+	}
+	return query.Where("id IN ?", shopIDs)
+}