重构数据权限模型并清理旧RBAC代码

核心变更： - 数据权限过滤从基于账号层级改为基于用户类型的多策略过滤 - 移除 AccountStore 中的 GetSubordinateIDs 等旧方法 - 重构认证中间件，支持 enterprise_id 和 customer_id - 更新 GORM Callback，根据用户类型自动选择过滤策略（代理/企业/个人客户） - 更新所有集成测试以适配新的 API 签名 - 添加功能总结文档和 OpenSpec 归档 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-10 15:08:11 +08:00
parent 9c6d4a3bd4
commit 743db126f7
26 changed files with 1292 additions and 322 deletions
--- a/tests/integration/auth_test.go
+++ b/tests/integration/auth_test.go
@@ -53,13 +53,13 @@ func setupAuthTestApp(t *testing.T, rdb *redis.Client) *fiber.App {
 	// Add authentication middleware
 	tokenValidator := validator.NewTokenValidator(rdb, logger.GetAppLogger())
 	app.Use(middleware.Auth(middleware.AuthConfig{
-		TokenValidator: func(token string) (uint, int, uint, error) {
+		TokenValidator: func(token string) (*middleware.UserContextInfo, error) {
 			_, err := tokenValidator.Validate(token)
 			if err != nil {
-				return 0, 0, 0, err
+				return nil, err
 			}
 			// 测试中简化处理：userID 设为 1，userType 设为普通用户
-			return 1, 0, 0, nil
+			return middleware.NewSimpleUserContext(1, 0, 0), nil
 		},
 	}))

@@ -352,13 +352,13 @@ func TestKeyAuthMiddleware_UserIDPropagation(t *testing.T) {
 	// Add authentication middleware
 	tokenValidator := validator.NewTokenValidator(rdb, logger.GetAppLogger())
 	app.Use(middleware.Auth(middleware.AuthConfig{
-		TokenValidator: func(token string) (uint, int, uint, error) {
+		TokenValidator: func(token string) (*middleware.UserContextInfo, error) {
 			_, err := tokenValidator.Validate(token)
 			if err != nil {
-				return 0, 0, 0, err
+				return nil, err
 			}
 			// 测试中简化处理：userID 设为 1，userType 设为普通用户
-			return 1, 0, 0, nil
+			return middleware.NewSimpleUserContext(1, 0, 0), nil
 		},
 	}))