Add aftersales work order feature

- AftersalesOrder model with state machine (created/pending_confirmation/closed/rejected)
- Public scan-to-confirm flow with phone last-4 verification and rate limiting
- Technician role and middleware for ownership-scoped operations
- QR code generation pointing to /aftersales/{serialNumber}
- Admin overrides: reassign, force-close, delete

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Frudrax Cheng
2026-05-26 10:39:49 +08:00
parent e820b858bf
commit 0d82260fd9
6 changed files with 992 additions and 0 deletions
+23
View File
@@ -110,3 +110,26 @@ func AdminMiddleware() gin.HandlerFunc {
c.Next()
}
}
// TechnicianMiddleware 技术员权限中间件(放行 admin 和 technician
func TechnicianMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
user, exists := c.Get("user")
if !exists {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
"message": "未认证",
})
return
}
userModel := user.(models.User)
if userModel.Role != "admin" && userModel.Role != "technician" {
c.AbortWithStatusJSON(http.StatusForbidden, gin.H{
"message": "无权限访问此资源",
})
return
}
c.Next()
}
}