| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 |
- package product
- import (
- "context"
- "perms-system-server/internal/middleware"
- "perms-system-server/internal/response"
- "perms-system-server/internal/svc"
- "perms-system-server/internal/types"
- "github.com/zeromicro/go-zero/core/logx"
- )
- type ProductDetailLogic struct {
- logx.Logger
- ctx context.Context
- svcCtx *svc.ServiceContext
- }
- func NewProductDetailLogic(ctx context.Context, svcCtx *svc.ServiceContext) *ProductDetailLogic {
- return &ProductDetailLogic{
- Logger: logx.WithContext(ctx),
- ctx: ctx,
- svcCtx: svcCtx,
- }
- }
- // ProductDetail 产品详情。超管可查任何产品的完整信息(含 appKey);非超管只能查自己所属的产品,
- // 对其他产品一律返回 404,避免将"存在但无权"和"不存在"区分开后被用作枚举 oracle(见审计 M-2)。
- func (l *ProductDetailLogic) ProductDetail(req *types.ProductDetailReq) (resp *types.ProductItem, err error) {
- caller := middleware.GetUserDetails(l.ctx)
- if caller == nil {
- return nil, response.ErrUnauthorized("未登录")
- }
- product, err := l.svcCtx.SysProductModel.FindOne(l.ctx, req.Id)
- if err != nil {
- return nil, response.ErrNotFound("产品不存在")
- }
- if !caller.IsSuperAdmin && product.Code != caller.ProductCode {
- return nil, response.ErrNotFound("产品不存在")
- }
- item := &types.ProductItem{
- Id: product.Id,
- Code: product.Code,
- Name: product.Name,
- Remark: product.Remark,
- Status: product.Status,
- CreateTime: product.CreateTime,
- }
- if caller.IsSuperAdmin {
- item.AppKey = product.AppKey
- }
- return item, nil
- }
|
