From f5000f2bfc16176d12e0291e66d421152c1598c0 Mon Sep 17 00:00:00 2001 From: huang Date: Fri, 27 Feb 2026 11:03:44 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E8=B6=85=E7=AE=A1=E6=97=A0?= =?UTF-8?q?=E6=B3=95=E5=9B=9E=E6=94=B6=E8=B5=84=E4=BA=A7=E7=9A=84=E9=97=AE?= =?UTF-8?q?=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- internal/service/iot_card/service.go | 32 +++++++++------------------ internal/store/postgres/shop_store.go | 7 ++++++ opencode.json | 2 +- pkg/middleware/data_scope.go | 20 ++++++++--------- 4 files changed, 28 insertions(+), 33 deletions(-) diff --git a/internal/service/iot_card/service.go b/internal/service/iot_card/service.go index 7ae9250..d3f93d8 100644 --- a/internal/service/iot_card/service.go +++ b/internal/service/iot_card/service.go @@ -419,26 +419,12 @@ func (s *Service) RecallCards(ctx context.Context, req *dto.RecallStandaloneCard if err != nil { return nil, err } - // 调试日志:记录查询结果 - s.logger.Info("批量查询店铺结果", - zap.Any("operator_shop_id", operatorShopID), - zap.Uints("requested_shop_ids", shopIDs), - zap.Int("returned_shops_count", len(shops)), - zap.Uints("returned_shop_ids", func() []uint { - ids := make([]uint, len(shops)) - for i, shop := range shops { - ids[i] = shop.ID - } - return ids - }())) for _, shop := range shops { if s.isDirectSubordinate(operatorShopID, shop) { directSubordinateSet[shop.ID] = true } } - // 调试日志:记录直属下级集合 - s.logger.Info("直属下级店铺集合", - zap.Any("direct_subordinate_set", directSubordinateSet)) + } // 4. 检查绑定设备的卡 @@ -472,15 +458,17 @@ func (s *Service) RecallCards(ctx context.Context, req *dto.RecallStandaloneCard }) continue } + userType := middleware.GetUserTypeFromContext(ctx) - if !directSubordinateSet[*card.ShopID] { - failedItems = append(failedItems, dto.AllocationFailedItem{ - ICCID: card.ICCID, - Reason: "卡所属店铺不是您的直属下级", - }) - continue + if userType == constants.UserTypeAgent { + if !directSubordinateSet[*card.ShopID] { + failedItems = append(failedItems, dto.AllocationFailedItem{ + ICCID: card.ICCID, + Reason: "卡所属店铺不是您的直属下级", + }) + continue + } } - cardIDs = append(cardIDs, card.ID) successCards = append(successCards, card) } diff --git a/internal/store/postgres/shop_store.go b/internal/store/postgres/shop_store.go index 64f7272..d5e7bc0 100644 --- a/internal/store/postgres/shop_store.go +++ b/internal/store/postgres/shop_store.go @@ -7,9 +7,11 @@ import ( "github.com/break/junhong_cmp_fiber/internal/model" "github.com/break/junhong_cmp_fiber/internal/store" "github.com/break/junhong_cmp_fiber/pkg/constants" + "github.com/break/junhong_cmp_fiber/pkg/logger" "github.com/break/junhong_cmp_fiber/pkg/middleware" "github.com/bytedance/sonic" "github.com/redis/go-redis/v9" + "go.uber.org/zap" "gorm.io/gorm" ) @@ -215,6 +217,11 @@ func (s *ShopStore) GetByIDs(ctx context.Context, ids []uint) ([]*model.Shop, er var shops []*model.Shop query := s.db.WithContext(ctx).Where("id IN ?", ids) // 应用数据权限过滤:代理用户只能看到自己店铺及下级店铺 + subordinateShopIDs := middleware.GetSubordinateShopIDs(ctx) + logger.GetAppLogger().Debug("GetByIDs 数据权限过滤", + zap.Uints("requested_ids", ids), + zap.Any("subordinate_shop_ids", subordinateShopIDs), + zap.Int("user_type", middleware.GetUserTypeFromContext(ctx))) query = middleware.ApplyShopIDFilter(ctx, query) if err := query.Find(&shops).Error; err != nil { return nil, err diff --git a/opencode.json b/opencode.json index d72658e..7ac1320 100644 --- a/opencode.json +++ b/opencode.json @@ -34,7 +34,7 @@ "--access-mode=restricted" ], "environment": { - "DATABASE_URI": "postgresql://erp_pgsql:erp_2025@cxd.whcxd.cn:16289/junhong_cmp_test?sslmode=disable" + "DATABASE_URI": "postgresql://erp_pgsql:erp_2025@cxd.whcxd.cn:16159/junhong_cmp_test?sslmode=disable" } } } diff --git a/pkg/middleware/data_scope.go b/pkg/middleware/data_scope.go index ca0a840..8540b8c 100644 --- a/pkg/middleware/data_scope.go +++ b/pkg/middleware/data_scope.go @@ -21,12 +21,12 @@ func GetSubordinateShopIDs(ctx context.Context) []uint { } // ApplyShopFilter 应用店铺数据权限过滤 -// 平台用户/超管:不添加条件(SubordinateShopIDs 为 nil) +// 平台用户/超管:不添加条件(SubordinateShopIDs 为 nil 或空数组) // 代理用户:WHERE shop_id IN (subordinateShopIDs) // 注意:NULL shop_id 的记录对代理用户不可见 func ApplyShopFilter(ctx context.Context, query *gorm.DB) *gorm.DB { shopIDs := GetSubordinateShopIDs(ctx) - if shopIDs == nil { + if len(shopIDs) == 0 { return query } return query.Where("shop_id IN ?", shopIDs) @@ -50,11 +50,11 @@ func ApplyEnterpriseFilter(ctx context.Context, query *gorm.DB) *gorm.DB { // ApplyOwnerShopFilter 应用归属店铺数据权限过滤 // 用于 Enterprise 等使用 owner_shop_id 字段的表 -// 平台用户/超管:不添加条件 +// 平台用户/超管:不添加条件(SubordinateShopIDs 为 nil 或空数组) // 代理用户:WHERE owner_shop_id IN (subordinateShopIDs) func ApplyOwnerShopFilter(ctx context.Context, query *gorm.DB) *gorm.DB { shopIDs := GetSubordinateShopIDs(ctx) - if shopIDs == nil { + if len(shopIDs) == 0 { return query } return query.Where("owner_shop_id IN ?", shopIDs) @@ -68,11 +68,11 @@ func IsUnrestricted(ctx context.Context) bool { // ApplySellerShopFilter 应用销售店铺数据权限过滤 // 用于 Order 等使用 seller_shop_id 字段的表 -// 平台用户/超管:不添加条件 +// 平台用户/超管:不添加条件(SubordinateShopIDs 为 nil 或空数组) // 代理用户:WHERE seller_shop_id IN (subordinateShopIDs) func ApplySellerShopFilter(ctx context.Context, query *gorm.DB) *gorm.DB { shopIDs := GetSubordinateShopIDs(ctx) - if shopIDs == nil { + if len(shopIDs) == 0 { return query } return query.Where("seller_shop_id IN ?", shopIDs) @@ -80,11 +80,11 @@ func ApplySellerShopFilter(ctx context.Context, query *gorm.DB) *gorm.DB { // ApplyShopTagFilter 应用店铺标签数据权限过滤 // 用于 CardWallet 等使用 shop_id_tag 字段的表 -// 平台用户/超管:不添加条件 +// 平台用户/超管:不添加条件(SubordinateShopIDs 为 nil 或空数组) // 代理用户:WHERE shop_id_tag IN (subordinateShopIDs) func ApplyShopTagFilter(ctx context.Context, query *gorm.DB) *gorm.DB { shopIDs := GetSubordinateShopIDs(ctx) - if shopIDs == nil { + if len(shopIDs) == 0 { return query } return query.Where("shop_id_tag IN ?", shopIDs) @@ -92,11 +92,11 @@ func ApplyShopTagFilter(ctx context.Context, query *gorm.DB) *gorm.DB { // ApplyShopIDFilter 应用店铺主键数据权限过滤 // 用于 Shop 表,根据 id 字段过滤 -// 平台用户/超管:不添加条件 +// 平台用户/超管:不添加条件(SubordinateShopIDs 为 nil 或空数组) // 代理用户:WHERE id IN (subordinateShopIDs) func ApplyShopIDFilter(ctx context.Context, query *gorm.DB) *gorm.DB { shopIDs := GetSubordinateShopIDs(ctx) - if shopIDs == nil { + if len(shopIDs) == 0 { return query } return query.Where("id IN ?", shopIDs)