fix: 修复套餐系列/套餐分配权限过滤问题
All checks were successful
构建并部署到测试环境(无 SSH) / build-and-deploy (push) Successful in 7m19s
All checks were successful
构建并部署到测试环境(无 SSH) / build-and-deploy (push) Successful in 7m19s
代理用户只能看到自己分配出去的记录,而不是被分配的记录。 - 新增 ApplyAllocatorShopFilter 过滤函数 - ShopSeriesAllocationStore: List 和 GetByID 改用 ApplyAllocatorShopFilter - ShopPackageAllocationStore: List 和 GetByID 改用 ApplyAllocatorShopFilter - 平台用户和超管不受限制 - 代理用户只能看到 allocator_shop_id = 自己店铺ID 的记录 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -101,3 +101,23 @@ func ApplyShopIDFilter(ctx context.Context, query *gorm.DB) *gorm.DB {
|
||||
}
|
||||
return query.Where("id IN ?", shopIDs)
|
||||
}
|
||||
|
||||
// ApplyAllocatorShopFilter 应用分配者店铺数据权限过滤
|
||||
// 用于 ShopSeriesAllocation、ShopPackageAllocation 等使用 allocator_shop_id 字段的表
|
||||
// 代理用户只能看到自己作为分配者的记录
|
||||
// 平台用户/超管:不添加条件(allocator_shop_id=0 表示平台分配)
|
||||
// 代理用户:WHERE allocator_shop_id = 当前用户店铺ID
|
||||
func ApplyAllocatorShopFilter(ctx context.Context, query *gorm.DB) *gorm.DB {
|
||||
userType := GetUserTypeFromContext(ctx)
|
||||
// 平台用户和超管不限制
|
||||
if userType == constants.UserTypeSuperAdmin || userType == constants.UserTypePlatform {
|
||||
return query
|
||||
}
|
||||
// 代理用户只能看到自己分配出去的记录
|
||||
shopID := GetShopIDFromContext(ctx)
|
||||
if shopID == 0 {
|
||||
// 代理用户但无店铺ID,返回空结果
|
||||
return query.Where("1 = 0")
|
||||
}
|
||||
return query.Where("allocator_shop_id = ?", shopID)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user