fix(api): 修复 merchant_id 过滤条件冲突问题
- 当存在非零 reseller_id_eq 时,跳过 merchant_id_in 过滤以避免条件冲突 - 兼容 YMT 数据源 merchant_id 与 reseller_id 的映射关系 - 在 SQL 构建器中新增对 merchant_id_in 的支持,保证查询过滤生效 - 优化 URL 参数解析逻辑,避免无效或重复的过滤条件注入
This commit is contained in:
parent
686df08da8
commit
bb55adb1b9
|
|
@ -156,7 +156,17 @@ func (a *ExportsAPI) create(w http.ResponseWriter, r *http.Request) {
|
||||||
// 注意:不再从 URL 参数 userId 或 current_user_id 自动转换为 creator_in 过滤
|
// 注意:不再从 URL 参数 userId 或 current_user_id 自动转换为 creator_in 过滤
|
||||||
// current_user_id 仅用于记录导出任务的 owner,不用于数据过滤
|
// current_user_id 仅用于记录导出任务的 owner,不用于数据过滤
|
||||||
// support multiple merchantId in query: e.g., merchantId=1,2,3 → filters.merchant_id_in
|
// support multiple merchantId in query: e.g., merchantId=1,2,3 → filters.merchant_id_in
|
||||||
|
// 注意:对于 YMT 数据源,reseller_id_eq 和 merchant_id_in 映射到同一物理列 order_info.merchant_id,
|
||||||
|
// 当 reseller_id_eq 已存在且非零时,跳过 merchantId URL 参数注入以避免冲突导致过滤条件丢失
|
||||||
{
|
{
|
||||||
|
skipMerchantIdIn := false
|
||||||
|
// 当 reseller_id_eq 已存在且非零时,跳过 merchantId URL 参数注入
|
||||||
|
// YMT: reseller_id_eq 和 merchant_id_in 映射同一物理列 order_info.merchant_id,注入会导致冲突
|
||||||
|
// Marketing: merchant_id_in 未在 schema 中定义,但其存在会阻止 reseller_id_eq 的应用
|
||||||
|
if v, ok := p.Filters["reseller_id_eq"]; ok && v != nil && v != "" && v != 0 {
|
||||||
|
skipMerchantIdIn = true
|
||||||
|
}
|
||||||
|
if !skipMerchantIdIn {
|
||||||
midStr := r.URL.Query().Get("merchantId")
|
midStr := r.URL.Query().Get("merchantId")
|
||||||
if midStr != "" {
|
if midStr != "" {
|
||||||
parts := strings.Split(midStr, ",")
|
parts := strings.Split(midStr, ",")
|
||||||
|
|
@ -177,6 +187,7 @@ func (a *ExportsAPI) create(w http.ResponseWriter, r *http.Request) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// DEBUG LOGGING
|
// DEBUG LOGGING
|
||||||
logging.JSON("INFO", map[string]interface{}{
|
logging.JSON("INFO", map[string]interface{}{
|
||||||
|
|
|
||||||
|
|
@ -317,6 +317,13 @@ func BuildSQLWithFields(req BuildRequest, whitelist map[string]bool) (string, []
|
||||||
where = append(where, fmt.Sprintf("`%s`.%s IN (%s)", sch.TableName(tbl), escape(col), ph))
|
where = append(where, fmt.Sprintf("`%s`.%s IN (%s)", sch.TableName(tbl), escape(col), ph))
|
||||||
args = append(args, creatorArgs...)
|
args = append(args, creatorArgs...)
|
||||||
}
|
}
|
||||||
|
} else if hasMerchant {
|
||||||
|
if tbl, col, ok := sch.FilterColumn("merchant_id_in"); ok {
|
||||||
|
ph := strings.Repeat("?,", len(merchantArgs))
|
||||||
|
ph = strings.TrimSuffix(ph, ",")
|
||||||
|
where = append(where, fmt.Sprintf("`%s`.%s IN (%s)", sch.TableName(tbl), escape(col), ph))
|
||||||
|
args = append(args, merchantArgs...)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if v, ok := req.Filters["create_time_between"]; ok {
|
if v, ok := req.Filters["create_time_between"]; ok {
|
||||||
|
|
@ -647,6 +654,13 @@ func BuildCountSQL(req BuildRequest, whitelist map[string]bool) (string, []inter
|
||||||
where = append(where, fmt.Sprintf("`%s`.%s IN (%s)", sch.TableName(tbl), escape(col), ph))
|
where = append(where, fmt.Sprintf("`%s`.%s IN (%s)", sch.TableName(tbl), escape(col), ph))
|
||||||
args = append(args, creatorArgs...)
|
args = append(args, creatorArgs...)
|
||||||
}
|
}
|
||||||
|
} else if hasMerchant {
|
||||||
|
if tbl, col, ok := sch.FilterColumn("merchant_id_in"); ok {
|
||||||
|
ph := strings.Repeat("?,", len(merchantArgs))
|
||||||
|
ph = strings.TrimSuffix(ph, ",")
|
||||||
|
where = append(where, fmt.Sprintf("`%s`.%s IN (%s)", sch.TableName(tbl), escape(col), ph))
|
||||||
|
args = append(args, merchantArgs...)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// build WHERE from other filters
|
// build WHERE from other filters
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue