il y a 1 mois · c9fb7f9b8f
--- a/packages/shared-crud/src/routes/generic-crud.routes.ts
+++ b/packages/shared-crud/src/routes/generic-crud.routes.ts
@@ -381,13 +381,14 @@ export function createCrudRoutes<
 
				       .openapi(deleteRouteDef, async (c: any) => {
			
 
				         try {
			
 
				           const { id } = c.req.valid('param');
			
 
				+          const user = c.get('user');
			
 
				 
			
 
				           const crudService = new ConcreteCrudService(entity, {
			
 
				             userTracking: userTracking,
			
 
				             relationFields: relationFields,
			
 
				             dataPermission: dataPermission
			
 
				           });
			
 
				-          const success = await crudService.delete(id);
			
 
				+          const success = await crudService.delete(id, user?.id);
			
 
				 
			
 
				           if (!success) {
			
 
				             return c.json({ code: 404, message: '资源不存在' }, 404);
			
--- a/packages/shared-crud/tests/integration/data-permission.integration.test.ts
+++ b/packages/shared-crud/tests/integration/data-permission.integration.test.ts
@@ -58,16 +58,16 @@ const getTestSchema = z.object({
 
				   id: z.number(),
			
 
				   name: z.string(),
			
 
				   userId: z.number(),
			
 
				-  createdBy: z.number().optional(),
			
 
				-  updatedBy: z.number().optional()
			
 
				+  createdBy: z.number().nullable().optional(),
			
 
				+  updatedBy: z.number().nullable().optional()
			
 
				 });
			
 
				 
			
 
				 const listTestSchema = z.object({
			
 
				   id: z.number(),
			
 
				   name: z.string(),
			
 
				   userId: z.number(),
			
 
				-  createdBy: z.number().optional(),
			
 
				-  updatedBy: z.number().optional()
			
 
				+  createdBy: z.number().nullable().optional(),
			
 
				+  updatedBy: z.number().nullable().optional()
			
 
				 });
			
 
				 
			
 
				 // 设置集成测试钩子
			
@@ -79,6 +79,7 @@ describe('共享CRUD数据权限控制集成测试', () => {
 
				   let testToken2: string;
			
 
				   let testUser1: TestUser;
			
 
				   let testUser2: TestUser;
			
 
				+  let mockAuthMiddleware: any;
			
 
				 
			
 
				   beforeEach(async () => {
			
 
				     // 获取数据源
			
@@ -116,6 +117,25 @@ describe('共享CRUD数据权限控制集成测试', () => {
 
				       roles: [{name:'user'}]
			
 
				     });
			
 
				 
			
 
				+    // 创建模拟认证中间件
			
 
				+    const mockAuthMiddleware = async (c: any, next: any) => {
			
 
				+      const authHeader = c.req.header('Authorization');
			
 
				+      if (authHeader && authHeader.startsWith('Bearer ')) {
			
 
				+        const token = authHeader.substring(7);
			
 
				+        try {
			
 
				+          // 简单模拟用户解析
			
 
				+          if (token === testToken1) {
			
 
				+            c.set('user', { id: testUser1.id, username: testUser1.username });
			
 
				+          } else if (token === testToken2) {
			
 
				+            c.set('user', { id: testUser2.id, username: testUser2.username });
			
 
				+          }
			
 
				+        } catch (error) {
			
 
				+          // token解析失败
			
 
				+        }
			
 
				+      }
			
 
				+      await next();
			
 
				+    };
			
 
				+
			
 
				     // 创建测试路由 - 启用数据权限控制
			
 
				     const testRoutes = createCrudRoutes({
			
 
				       entity: TestEntity,
			
@@ -123,6 +143,7 @@ describe('共享CRUD数据权限控制集成测试', () => {
 
				       updateSchema: updateTestSchema,
			
 
				       getSchema: getTestSchema,
			
 
				       listSchema: listTestSchema,
			
 
				+      middleware: [mockAuthMiddleware],
			
 
				       dataPermission: {
			
 
				         enabled: true,
			
 
				         userIdField: 'userId'
			
@@ -160,7 +181,10 @@ describe('共享CRUD数据权限控制集成测试', () => {
 
				 
			
 
				       // 用户1查询列表
			
 
				       const response = await client.index.$get({
			
 
				-        query: {}
			
 
				+        query: {
			
 
				+          page: 1,
			
 
				+          pageSize: 10
			
 
				+        }
			
 
				       }, {
			
 
				         headers: {
			
 
				           'Authorization': `Bearer ${testToken1}`
			
@@ -168,6 +192,12 @@ describe('共享CRUD数据权限控制集成测试', () => {
 
				       });
			
 
				 
			
 
				       console.debug('列表查询响应状态:', response.status);
			
 
				+
			
 
				+      if (response.status !== 200) {
			
 
				+        const errorData = await response.json();
			
 
				+        console.debug('列表查询错误信息:', errorData);
			
 
				+      }
			
 
				+
			
 
				       expect(response.status).toBe(200);
			
 
				 
			
 
				       if (response.status === 200) {
			
@@ -185,7 +215,10 @@ describe('共享CRUD数据权限控制集成测试', () => {
 
				 
			
 
				     it('应该拒绝未认证用户的访问', async () => {
			
 
				       const response = await client.index.$get({
			
 
				-        query: {}
			
 
				+        query: {
			
 
				+          page: 1,
			
 
				+          pageSize: 10
			
 
				+        }
			
 
				       });
			
 
				       expect(response.status).toBe(401);
			
 
				     });
			
@@ -448,6 +481,7 @@ describe('共享CRUD数据权限控制集成测试', () => {
 
				         updateSchema: updateTestSchema,
			
 
				         getSchema: getTestSchema,
			
 
				         listSchema: listTestSchema,
			
 
				+        middleware: [mockAuthMiddleware],
			
 
				         dataPermission: {
			
 
				           enabled: false, // 禁用权限控制
			
 
				           userIdField: 'userId'