整体优化完善接口与数据权限检查

2026-03-28 14:18:11 +08:00
parent 51c377964d
commit 22cb2d50d3
21 changed files with 161 additions and 98 deletions
--- a/web/handlers/admin.go
+++ b/web/handlers/admin.go
@@ -9,7 +9,7 @@ import (
 	"github.com/gofiber/fiber/v2"
 )

-func PageAdminsByAdmin(c *fiber.Ctx) error {
+func PageAdminByAdmin(c *fiber.Ctx) error {
 	_, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeAdminRead)
 	if err != nil {
 		return err
@@ -37,7 +37,7 @@ type PageAdminsReq struct {
 	core.PageReq
 }

-func ListAdminsByAdmin(c *fiber.Ctx) error {
+func AllAdminByAdmin(c *fiber.Ctx) error {
 	_, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeAdminRead)
 	if err != nil {
 		return err
--- a/web/handlers/admin_role.go
+++ b/web/handlers/admin_role.go
@@ -9,7 +9,7 @@ import (
 	"github.com/gofiber/fiber/v2"
 )

-func ListAdminRolesByAdmin(c *fiber.Ctx) error {
+func AllAdminRoleByAdmin(c *fiber.Ctx) error {
 	_, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeAdminRoleRead)
 	if err != nil {
 		return err
@@ -23,7 +23,7 @@ func ListAdminRolesByAdmin(c *fiber.Ctx) error {
 	return c.JSON(list)
 }

-func PageAdminRolesByAdmin(c *fiber.Ctx) error {
+func PageAdminRoleByAdmin(c *fiber.Ctx) error {
 	_, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeAdminRoleRead)
 	if err != nil {
 		return err
--- a/web/handlers/batch.go
+++ b/web/handlers/batch.go
@@ -12,8 +12,8 @@ import (
 	"github.com/gofiber/fiber/v2"
 )

-// PageResourceBatch 分页查询套餐提取记录
-func PageResourceBatch(ctx *fiber.Ctx) error {
+// PageBatch 分页查询套餐提取记录
+func PageBatch(ctx *fiber.Ctx) error {
 	// 检查权限
 	authCtx, err := auth.GetAuthCtx(ctx).PermitUser()
 	if err != nil {
@@ -59,7 +59,7 @@ type PageResourceBatchReq struct {

 // PageBatchByAdmin 分页查询所有提取记录
 func PageBatchByAdmin(c *fiber.Ctx) error {
-	_, err := auth.GetAuthCtx(c).PermitAdmin()
+	_, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeBatchRead)
 	if err != nil {
 		return err
 	}
--- a/web/handlers/bill.go
+++ b/web/handlers/bill.go
@@ -14,7 +14,7 @@ import (
 // PageBillByAdmin 分页查询全部账单
 func PageBillByAdmin(c *fiber.Ctx) error {
 	// 检查权限
-	_, err := auth.GetAuthCtx(c).PermitAdmin()
+	_, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeBillRead)
 	if err != nil {
 		return err
 	}
--- a/web/handlers/channel.go
+++ b/web/handlers/channel.go
@@ -15,10 +15,10 @@ import (
 	"github.com/gofiber/fiber/v2"
 )

-// PageChannelsByAdmin 分页查询所有通道
-func PageChannelsByAdmin(c *fiber.Ctx) error {
+// PageChannelByAdmin 分页查询所有通道
+func PageChannelByAdmin(c *fiber.Ctx) error {
 	// 检查权限
-	_, err := auth.GetAuthCtx(c).PermitAdmin()
+	_, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeChannelRead)
 	if err != nil {
 		return err
 	}
@@ -98,8 +98,8 @@ type PageChannelsByAdminReq struct {
 	ExpiredAtEnd   *time.Time `json:"expired_at_end"`
 }

-// 分页查询当前用户通道
-func ListChannels(c *fiber.Ctx) error {
+// ListChannel 分页查询当前用户通道
+func ListChannel(c *fiber.Ctx) error {
 	// 检查权限
 	authContext, err := auth.GetAuthCtx(c).PermitUser()
 	if err != nil {
@@ -169,9 +169,15 @@ type ListChannelsReq struct {
 	ExpireBefore *time.Time        `json:"expire_before"`
 }

-// 创建新通道
+// CreateChannel 创建新通道
 func CreateChannel(c *fiber.Ctx) error {

+	// 检查权限
+	_, err := auth.GetAuthCtx(c).PermitUser()
+	if err != nil {
+		return err
+	}
+
 	// 解析参数
 	req := new(CreateChannelReq)
 	if err := g.Validator.ParseBody(c, req); err != nil {
--- a/web/handlers/coupon.go
+++ b/web/handlers/coupon.go
@@ -33,7 +33,7 @@ func PageCouponByAdmin(c *fiber.Ctx) error {
 	})
 }

-func AllCouponsByAdmin(c *fiber.Ctx) error {
+func AllCouponByAdmin(c *fiber.Ctx) error {
 	_, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeCouponRead)
 	if err != nil {
 		return err
--- a/web/handlers/permission.go
+++ b/web/handlers/permission.go
@@ -9,7 +9,7 @@ import (
 	"github.com/gofiber/fiber/v2"
 )

-func ListPermissionsByAdmin(c *fiber.Ctx) error {
+func AllPermissionByAdmin(c *fiber.Ctx) error {
 	_, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopePermissionRead)
 	if err != nil {
 		return err
--- a/web/handlers/product.go
+++ b/web/handlers/product.go
@@ -9,7 +9,7 @@ import (
 	"github.com/gofiber/fiber/v2"
 )

-func AllProductsByAdmin(c *fiber.Ctx) error {
+func AllProductByAdmin(c *fiber.Ctx) error {
 	// 检查权限
 	_, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeProductRead)
 	if err != nil {
--- a/web/handlers/product_discount.go
+++ b/web/handlers/product_discount.go
@@ -9,8 +9,8 @@ import (
 	"github.com/gofiber/fiber/v2"
 )

-func PageProductDiscountByAdmin(c *fiber.Ctx) error {
-	_, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeProductDiscountRead)
+func PageDiscountByAdmin(c *fiber.Ctx) error {
+	_, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeDiscountRead)
 	if err != nil {
 		return err
 	}
@@ -33,8 +33,8 @@ func PageProductDiscountByAdmin(c *fiber.Ctx) error {
 	})
 }

-func AllProductDiscountsByAdmin(c *fiber.Ctx) error {
-	_, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeProductDiscountRead)
+func AllDiscountByAdmin(c *fiber.Ctx) error {
+	_, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeDiscountRead)
 	if err != nil {
 		return err
 	}
@@ -47,8 +47,8 @@ func AllProductDiscountsByAdmin(c *fiber.Ctx) error {
 	return c.JSON(list)
 }

-func CreateProductDiscount(c *fiber.Ctx) error {
-	_, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeProductDiscountWrite)
+func CreateDiscount(c *fiber.Ctx) error {
+	_, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeDiscountWrite)
 	if err != nil {
 		return err
 	}
@@ -66,8 +66,8 @@ func CreateProductDiscount(c *fiber.Ctx) error {
 	return nil
 }

-func UpdateProductDiscount(c *fiber.Ctx) error {
-	_, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeProductDiscountWrite)
+func UpdateDiscount(c *fiber.Ctx) error {
+	_, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeDiscountWrite)
 	if err != nil {
 		return err
 	}
@@ -85,8 +85,8 @@ func UpdateProductDiscount(c *fiber.Ctx) error {
 	return nil
 }

-func DeleteProductDiscount(c *fiber.Ctx) error {
-	_, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeProductDiscountWrite)
+func DeleteDiscount(c *fiber.Ctx) error {
+	_, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeDiscountWrite)
 	if err != nil {
 		return err
 	}
--- a/web/handlers/resource.go
+++ b/web/handlers/resource.go
@@ -209,7 +209,7 @@ type PageResourceLongReq struct {

 // PageResourceShortByAdmin 分页查询全部短效套餐
 func PageResourceShortByAdmin(c *fiber.Ctx) error {
-	_, err := auth.GetAuthCtx(c).PermitAdmin()
+	_, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeResourceRead)
 	if err != nil {
 		return err
 	}
@@ -303,7 +303,7 @@ type PageResourceShortByAdminReq struct {

 // PageResourceLongByAdmin 分页查询全部长效套餐
 func PageResourceLongByAdmin(c *fiber.Ctx) error {
-	_, err := auth.GetAuthCtx(c).PermitAdmin()
+	_, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeResourceRead)
 	if err != nil {
 		return err
 	}
--- a/web/handlers/trade.go
+++ b/web/handlers/trade.go
@@ -21,7 +21,7 @@ import (
 // PageTradeByAdmin 分页查询所有订单
 func PageTradeByAdmin(c *fiber.Ctx) error {
 	// 检查权限
-	_, err := auth.GetAuthCtx(c).PermitAdmin()
+	_, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeTradeRead)
 	if err != nil {
 		return err
 	}
@@ -193,6 +193,12 @@ type TradeCancelReq struct {

 // 检查订单
 func TradeCheck(c *fiber.Ctx) error {
+	// 检查权限
+	_, err := auth.GetAuthCtx(c).PermitUser()
+	if err != nil {
+		return err
+	}
+
 	// 解析请求参数
 	req := new(TradeCheckReq)
 	if err := g.Validator.ParseQuery(c, req); err != nil {
--- a/web/handlers/user.go
+++ b/web/handlers/user.go
@@ -121,7 +121,7 @@ func PageUserByAdmin(c *fiber.Ctx) error {

 	// 查询用户列表
 	users, total, err := q.User.Debug().
-		Preload(q.User.Admin).
+		Preload(q.User.Admin, q.User.Discount).
 		Omit(q.User.Password).
 		Where(do).
 		Order(q.User.CreatedAt).
@@ -159,7 +159,7 @@ type PageUserByAdminReq struct {
 // 绑定管理员
 func BindAdmin(c *fiber.Ctx) error {
 	// 检查权限
-	authCtx, err := auth.GetAuthCtx(c).PermitAdmin()
+	authCtx, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeUserWrite)
 	if err != nil {
 		return err
 	}