From bc60886aea1c4201849fd40f3cac3cdf417fb57e Mon Sep 17 00:00:00 2001 From: huang Date: Thu, 26 Feb 2026 18:07:45 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=20GetByIDs=20?= =?UTF-8?q?=E7=BC=BA=E5=B0=91=E6=95=B0=E6=8D=AE=E6=9D=83=E9=99=90=E8=BF=87?= =?UTF-8?q?=E6=BB=A4=E5=AF=BC=E8=87=B4=E5=B9=B3=E5=8F=B0=E8=B4=A6=E5=8F=B7?= =?UTF-8?q?=E6=97=A0=E6=B3=95=E5=9B=9E=E6=94=B6=E8=B5=84=E4=BA=A7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 在 ShopStore.GetByIDs 方法中添加 ApplyShopIDFilter,确保: - 平台用户可以查询所有店铺(用于资产回收) - 代理用户只能查询自己和下级店铺(保持权限隔离) Co-Authored-By: Claude Sonnet 4.5 --- internal/store/postgres/shop_store.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/internal/store/postgres/shop_store.go b/internal/store/postgres/shop_store.go index ec9f7e1..64f7272 100644 --- a/internal/store/postgres/shop_store.go +++ b/internal/store/postgres/shop_store.go @@ -213,7 +213,10 @@ func (s *ShopStore) GetByIDs(ctx context.Context, ids []uint) ([]*model.Shop, er return []*model.Shop{}, nil } var shops []*model.Shop - if err := s.db.WithContext(ctx).Where("id IN ?", ids).Find(&shops).Error; err != nil { + query := s.db.WithContext(ctx).Where("id IN ?", ids) + // 应用数据权限过滤:代理用户只能看到自己店铺及下级店铺 + query = middleware.ApplyShopIDFilter(ctx, query) + if err := query.Find(&shops).Error; err != nil { return nil, err } return shops, nil