fix: 修复 GetByIDs 缺少数据权限过滤导致平台账号无法回收资产
All checks were successful
构建并部署到测试环境(无 SSH) / build-and-deploy (push) Successful in 7m2s
All checks were successful
构建并部署到测试环境(无 SSH) / build-and-deploy (push) Successful in 7m2s
在 ShopStore.GetByIDs 方法中添加 ApplyShopIDFilter,确保: - 平台用户可以查询所有店铺(用于资产回收) - 代理用户只能查询自己和下级店铺(保持权限隔离) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -213,7 +213,10 @@ func (s *ShopStore) GetByIDs(ctx context.Context, ids []uint) ([]*model.Shop, er
|
|||||||
return []*model.Shop{}, nil
|
return []*model.Shop{}, nil
|
||||||
}
|
}
|
||||||
var shops []*model.Shop
|
var shops []*model.Shop
|
||||||
if err := s.db.WithContext(ctx).Where("id IN ?", ids).Find(&shops).Error; err != nil {
|
query := s.db.WithContext(ctx).Where("id IN ?", ids)
|
||||||
|
// 应用数据权限过滤:代理用户只能看到自己店铺及下级店铺
|
||||||
|
query = middleware.ApplyShopIDFilter(ctx, query)
|
||||||
|
if err := query.Find(&shops).Error; err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return shops, nil
|
return shops, nil
|
||||||
|
|||||||
Reference in New Issue
Block a user