This commit is contained in:
@@ -12,11 +12,13 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
// registerRefundRoutes 注册退款管理路由
|
// registerRefundRoutes 注册退款管理路由
|
||||||
// 仅平台用户(超级管理员和平台用户)可访问
|
// 平台和代理账号可访问,企业账号禁止访问
|
||||||
func registerRefundRoutes(router fiber.Router, handler *admin.RefundHandler, doc *openapi.Generator, basePath string) {
|
func registerRefundRoutes(router fiber.Router, handler *admin.RefundHandler, doc *openapi.Generator, basePath string) {
|
||||||
refund := router.Group("/refunds", func(c *fiber.Ctx) error {
|
refund := router.Group("/refunds", func(c *fiber.Ctx) error {
|
||||||
userType := middleware.GetUserTypeFromContext(c.UserContext())
|
userType := middleware.GetUserTypeFromContext(c.UserContext())
|
||||||
if userType != constants.UserTypeSuperAdmin && userType != constants.UserTypePlatform {
|
if userType != constants.UserTypeSuperAdmin &&
|
||||||
|
userType != constants.UserTypePlatform &&
|
||||||
|
userType != constants.UserTypeAgent {
|
||||||
return errors.New(errors.CodeForbidden, "无权限访问退款管理功能")
|
return errors.New(errors.CodeForbidden, "无权限访问退款管理功能")
|
||||||
}
|
}
|
||||||
return c.Next()
|
return c.Next()
|
||||||
|
|||||||
@@ -193,6 +193,9 @@ func (s *Service) Approve(ctx context.Context, id uint, req *dto.ApproveRefundRe
|
|||||||
if userID == 0 {
|
if userID == 0 {
|
||||||
return errors.New(errors.CodeUnauthorized, "未授权访问")
|
return errors.New(errors.CodeUnauthorized, "未授权访问")
|
||||||
}
|
}
|
||||||
|
if err := ensureRefundProcessor(ctx); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
refund, err := s.refundStore.GetByID(ctx, id)
|
refund, err := s.refundStore.GetByID(ctx, id)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -267,6 +270,9 @@ func (s *Service) Reject(ctx context.Context, id uint, req *dto.RejectRefundRequ
|
|||||||
if userID == 0 {
|
if userID == 0 {
|
||||||
return errors.New(errors.CodeUnauthorized, "未授权访问")
|
return errors.New(errors.CodeUnauthorized, "未授权访问")
|
||||||
}
|
}
|
||||||
|
if err := ensureRefundProcessor(ctx); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
now := time.Now()
|
now := time.Now()
|
||||||
result := s.db.WithContext(ctx).
|
result := s.db.WithContext(ctx).
|
||||||
@@ -296,6 +302,9 @@ func (s *Service) Return(ctx context.Context, id uint, req *dto.ReturnRefundRequ
|
|||||||
if userID == 0 {
|
if userID == 0 {
|
||||||
return errors.New(errors.CodeUnauthorized, "未授权访问")
|
return errors.New(errors.CodeUnauthorized, "未授权访问")
|
||||||
}
|
}
|
||||||
|
if err := ensureRefundProcessor(ctx); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
now := time.Now()
|
now := time.Now()
|
||||||
result := s.db.WithContext(ctx).
|
result := s.db.WithContext(ctx).
|
||||||
@@ -318,6 +327,15 @@ func (s *Service) Return(ctx context.Context, id uint, req *dto.ReturnRefundRequ
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ensureRefundProcessor 确保只有平台侧账号可以处理审批类动作。
|
||||||
|
func ensureRefundProcessor(ctx context.Context) error {
|
||||||
|
userType := middleware.GetUserTypeFromContext(ctx)
|
||||||
|
if userType == constants.UserTypeSuperAdmin || userType == constants.UserTypePlatform {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
return errors.New(errors.CodeForbidden, "无权限处理退款申请")
|
||||||
|
}
|
||||||
|
|
||||||
// Resubmit 重新提交退款申请
|
// Resubmit 重新提交退款申请
|
||||||
// 条件更新 WHERE status=4(已退回),修改部分字段后重新进入待审批状态
|
// 条件更新 WHERE status=4(已退回),修改部分字段后重新进入待审批状态
|
||||||
func (s *Service) Resubmit(ctx context.Context, id uint, req *dto.ResubmitRefundRequest) error {
|
func (s *Service) Resubmit(ctx context.Context, id uint, req *dto.ResubmitRefundRequest) error {
|
||||||
|
|||||||
@@ -40,7 +40,7 @@ func (s *RefundStore) GetByID(ctx context.Context, id uint) (*model.RefundReques
|
|||||||
Select("tb_refund_request.*, tb_shop.shop_name AS shop_name").
|
Select("tb_refund_request.*, tb_shop.shop_name AS shop_name").
|
||||||
Joins("LEFT JOIN tb_shop ON tb_shop.id = tb_refund_request.shop_id AND tb_shop.deleted_at IS NULL").
|
Joins("LEFT JOIN tb_shop ON tb_shop.id = tb_refund_request.shop_id AND tb_shop.deleted_at IS NULL").
|
||||||
Where("tb_refund_request.id = ?", id)
|
Where("tb_refund_request.id = ?", id)
|
||||||
query = middleware.ApplyShopFilter(ctx, query)
|
query = applyRefundScope(ctx, query)
|
||||||
if err := query.First(&req).Error; err != nil {
|
if err := query.First(&req).Error; err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@@ -69,7 +69,7 @@ func (s *RefundStore) List(ctx context.Context, opts *store.QueryOptions, filter
|
|||||||
Model(&model.RefundRequest{}).
|
Model(&model.RefundRequest{}).
|
||||||
Select("tb_refund_request.*, tb_shop.shop_name AS shop_name").
|
Select("tb_refund_request.*, tb_shop.shop_name AS shop_name").
|
||||||
Joins("LEFT JOIN tb_shop ON tb_shop.id = tb_refund_request.shop_id AND tb_shop.deleted_at IS NULL")
|
Joins("LEFT JOIN tb_shop ON tb_shop.id = tb_refund_request.shop_id AND tb_shop.deleted_at IS NULL")
|
||||||
query = middleware.ApplyShopFilter(ctx, query)
|
query = applyRefundScope(ctx, query)
|
||||||
|
|
||||||
if filters != nil {
|
if filters != nil {
|
||||||
if filters.Status != nil {
|
if filters.Status != nil {
|
||||||
@@ -109,6 +109,23 @@ func (s *RefundStore) List(ctx context.Context, opts *store.QueryOptions, filter
|
|||||||
return requests, total, nil
|
return requests, total, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// applyRefundScope 应用退款单专属数据权限。
|
||||||
|
// 退款申请对代理按创建人隔离,避免上级代理通过店铺层级看到下级申请。
|
||||||
|
func applyRefundScope(ctx context.Context, query *gorm.DB) *gorm.DB {
|
||||||
|
switch middleware.GetUserTypeFromContext(ctx) {
|
||||||
|
case constants.UserTypeSuperAdmin, constants.UserTypePlatform:
|
||||||
|
return query
|
||||||
|
case constants.UserTypeAgent:
|
||||||
|
userID := middleware.GetUserIDFromContext(ctx)
|
||||||
|
if userID == 0 {
|
||||||
|
return query.Where("1 = 0")
|
||||||
|
}
|
||||||
|
return query.Where("tb_refund_request.creator = ?", userID)
|
||||||
|
default:
|
||||||
|
return query.Where("1 = 0")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// FindActiveByOrderID 查找订单关联的活跃退款申请(状态为待审批、已通过)
|
// FindActiveByOrderID 查找订单关联的活跃退款申请(状态为待审批、已通过)
|
||||||
func (s *RefundStore) FindActiveByOrderID(ctx context.Context, orderID uint) (*model.RefundRequest, error) {
|
func (s *RefundStore) FindActiveByOrderID(ctx context.Context, orderID uint) (*model.RefundRequest, error) {
|
||||||
var req model.RefundRequest
|
var req model.RefundRequest
|
||||||
|
|||||||
Reference in New Issue
Block a user