feat: restrict permission roles

This commit is contained in:
Frudrax Cheng
2026-06-06 13:50:56 +08:00
parent a55f515930
commit 5edb25ac4e
17 changed files with 229 additions and 175 deletions
+3 -3
View File
@@ -80,7 +80,7 @@ func SetupAPIRoutes(r *gin.RouterGroup) {
usersRoutes := r.Group("/users")
{
usersRoutes.GET("/assignable", middleware.JWTAuthMiddleware(), middleware.TechnicianMiddleware(), usersController.FindAssignable)
usersRoutes.GET("/assignable", middleware.JWTAuthMiddleware(), middleware.AdminMiddleware(), usersController.FindAssignable)
}
// 售后工单路由
@@ -93,7 +93,7 @@ func SetupAPIRoutes(r *gin.RouterGroup) {
aftersalesRoutes.POST("/:serialNumber/confirm", aftersalesController.CustomerConfirm)
// 技术员 + 管理员
aftersalesRoutes.POST("", middleware.JWTAuthMiddleware(), middleware.TechnicianMiddleware(), aftersalesController.Create)
aftersalesRoutes.POST("", middleware.JWTAuthMiddleware(), middleware.AdminMiddleware(), aftersalesController.Create)
aftersalesRoutes.GET("", middleware.JWTAuthMiddleware(), middleware.TechnicianMiddleware(), aftersalesController.FindAll)
aftersalesRoutes.GET("/:serialNumber", middleware.JWTAuthMiddleware(), middleware.TechnicianMiddleware(), aftersalesController.FindOne)
aftersalesRoutes.PATCH("/:serialNumber", middleware.JWTAuthMiddleware(), middleware.TechnicianMiddleware(), aftersalesController.Update)
@@ -116,7 +116,7 @@ func SetupAPIRoutes(r *gin.RouterGroup) {
projectOrdersRoutes.POST("/:serialNumber/complete", projectOrdersController.EngineerComplete)
// 技术员 + 管理员
projectOrdersRoutes.POST("", middleware.JWTAuthMiddleware(), middleware.TechnicianMiddleware(), projectOrdersController.Create)
projectOrdersRoutes.POST("", middleware.JWTAuthMiddleware(), middleware.AdminMiddleware(), projectOrdersController.Create)
projectOrdersRoutes.GET("", middleware.JWTAuthMiddleware(), middleware.TechnicianMiddleware(), projectOrdersController.FindAll)
projectOrdersRoutes.GET("/:serialNumber", middleware.JWTAuthMiddleware(), middleware.TechnicianMiddleware(), projectOrdersController.FindOne)
projectOrdersRoutes.PATCH("/:serialNumber", middleware.JWTAuthMiddleware(), middleware.TechnicianMiddleware(), projectOrdersController.Update)