fix: 修复授权记录备注修改权限问题

- 实现备注权限检查逻辑（authorization_service.go） - 添加备注权限验证存储层（authorization_store.go） - 新增集成测试覆盖备注权限场景 - 归档 fix-authorization-remark-permission 变更 - 同步 enterprise-card-authorization spec 规范
2026-01-29 14:29:11 +08:00
parent b02175271a
commit c9fee7f2f6
9 changed files with 252 additions and 8 deletions
--- a/internal/service/enterprise_card/authorization_service.go
+++ b/internal/service/enterprise_card/authorization_service.go
@@ -399,7 +399,37 @@ func (s *AuthorizationService) GetRecordDetail(ctx context.Context, id uint) (*A
 }

 func (s *AuthorizationService) UpdateRecordRemark(ctx context.Context, id uint, remark string) (*AuthorizationRecord, error) {
-	if err := s.authorizationStore.UpdateRemark(ctx, id, remark); err != nil {
+	userID := middleware.GetUserIDFromContext(ctx)
+	userType := middleware.GetUserTypeFromContext(ctx)
+
+	if userID == 0 {
+		return nil, errors.New(errors.CodeUnauthorized, "用户信息无效")
+	}
+
+	record, err := s.authorizationStore.GetByIDWithJoin(ctx, id)
+	if err != nil {
+		if err == gorm.ErrRecordNotFound {
+			return nil, errors.New(errors.CodeNotFound, "授权记录不存在")
+		}
+		return nil, err
+	}
+
+	switch userType {
+	case constants.UserTypeSuperAdmin, constants.UserTypePlatform:
+		// 超级管理员和平台用户: 允许修改任意授权记录备注
+	case constants.UserTypeAgent:
+		// 代理用户: 只能修改自己创建的授权记录
+		if record.AuthorizedBy != userID {
+			return nil, errors.New(errors.CodeForbidden, "只能修改自己创建的授权记录备注")
+		}
+	case constants.UserTypeEnterprise:
+		// 企业用户: 禁止修改授权记录备注
+		return nil, errors.New(errors.CodeForbidden, "企业用户不允许修改授权记录备注")
+	default:
+		return nil, errors.New(errors.CodeForbidden, "无权限修改授权记录备注")
+	}
+
+	if err := s.authorizationStore.UpdateRemarkWithConstraint(ctx, id, remark, record.AuthorizedBy); err != nil {
 		if err == gorm.ErrRecordNotFound {
 			return nil, errors.New(errors.CodeNotFound, "授权记录不存在")
 		}