feat(iot-card-import): 为导入任务接口添加平台用户权限控制

- 在 Import/List/GetByID 接口添加用户类型校验 - 仅超级管理员和平台用户可访问 - 同步更新 OpenAPI 路由描述 - 补充集成测试覆盖权限拒绝场景
2026-02-02 10:25:03 +08:00
parent d81bd242a4
commit a30b3036bb
9 changed files with 318 additions and 17 deletions
--- a/internal/handler/admin/iot_card_import.go
+++ b/internal/handler/admin/iot_card_import.go
@@ -7,7 +7,9 @@ import (

 	"github.com/break/junhong_cmp_fiber/internal/model/dto"
 	iotCardImportService "github.com/break/junhong_cmp_fiber/internal/service/iot_card_import"
+	"github.com/break/junhong_cmp_fiber/pkg/constants"
 	"github.com/break/junhong_cmp_fiber/pkg/errors"
+	"github.com/break/junhong_cmp_fiber/pkg/middleware"
 	"github.com/break/junhong_cmp_fiber/pkg/response"
 )

@@ -22,6 +24,11 @@ func NewIotCardImportHandler(service *iotCardImportService.Service) *IotCardImpo
 }

 func (h *IotCardImportHandler) Import(c *fiber.Ctx) error {
+	userType := middleware.GetUserTypeFromContext(c.UserContext())
+	if userType != constants.UserTypeSuperAdmin && userType != constants.UserTypePlatform {
+		return errors.New(errors.CodeForbidden, "仅平台用户可导入IoT卡")
+	}
+
 	var req dto.ImportIotCardRequest
 	if err := c.BodyParser(&req); err != nil {
 		return errors.New(errors.CodeInvalidParam, "请求参数解析失败")
@@ -40,6 +47,11 @@ func (h *IotCardImportHandler) Import(c *fiber.Ctx) error {
 }

 func (h *IotCardImportHandler) List(c *fiber.Ctx) error {
+	userType := middleware.GetUserTypeFromContext(c.UserContext())
+	if userType != constants.UserTypeSuperAdmin && userType != constants.UserTypePlatform {
+		return errors.New(errors.CodeForbidden, "仅平台用户可查看导入任务")
+	}
+
 	var req dto.ListImportTaskRequest
 	if err := c.QueryParser(&req); err != nil {
 		return errors.New(errors.CodeInvalidParam, "请求参数解析失败")
@@ -54,6 +66,11 @@ func (h *IotCardImportHandler) List(c *fiber.Ctx) error {
 }

 func (h *IotCardImportHandler) GetByID(c *fiber.Ctx) error {
+	userType := middleware.GetUserTypeFromContext(c.UserContext())
+	if userType != constants.UserTypeSuperAdmin && userType != constants.UserTypePlatform {
+		return errors.New(errors.CodeForbidden, "仅平台用户可查看导入任务详情")
+	}
+
 	idStr := c.Params("id")
 	id, err := strconv.ParseUint(idStr, 10, 64)
 	if err != nil {
--- a/internal/routes/iot_card.go
+++ b/internal/routes/iot_card.go
@@ -30,7 +30,9 @@ func registerIotCardRoutes(router fiber.Router, handler *admin.IotCardHandler, i

 	Register(iotCards, doc, groupPath, "POST", "/import", importHandler.Import, RouteSpec{
 		Summary: "批量导入IoT卡（ICCID+MSISDN）",
-		Description: `## ⚠️ 接口变更说明（BREAKING CHANGE）
+		Description: `仅平台用户可操作。
+
+## ⚠️ 接口变更说明（BREAKING CHANGE）

 本接口已从 ` + "`multipart/form-data`" + ` 改为 ` + "`application/json`" + `。
 文件格式从 CSV 升级为 Excel (.xlsx),解决长数字被转为科学记数法的问题。
@@ -64,19 +66,21 @@ func registerIotCardRoutes(router fiber.Router, handler *admin.IotCardHandler, i
 	})

 	Register(iotCards, doc, groupPath, "GET", "/import-tasks", importHandler.List, RouteSpec{
-		Summary: "导入任务列表",
-		Tags:    []string{"IoT卡管理"},
-		Input:   new(dto.ListImportTaskRequest),
-		Output:  new(dto.ListImportTaskResponse),
-		Auth:    true,
+		Summary:     "导入任务列表",
+		Description: "仅平台用户可操作。",
+		Tags:        []string{"IoT卡管理"},
+		Input:       new(dto.ListImportTaskRequest),
+		Output:      new(dto.ListImportTaskResponse),
+		Auth:        true,
 	})

 	Register(iotCards, doc, groupPath, "GET", "/import-tasks/:id", importHandler.GetByID, RouteSpec{
-		Summary: "导入任务详情",
-		Tags:    []string{"IoT卡管理"},
-		Input:   new(dto.GetImportTaskRequest),
-		Output:  new(dto.ImportTaskDetailResponse),
-		Auth:    true,
+		Summary:     "导入任务详情",
+		Description: "仅平台用户可操作。",
+		Tags:        []string{"IoT卡管理"},
+		Input:       new(dto.GetImportTaskRequest),
+		Output:      new(dto.ImportTaskDetailResponse),
+		Auth:        true,
 	})

 	Register(iotCards, doc, groupPath, "POST", "/standalone/allocate", handler.AllocateCards, RouteSpec{