rogee/quyun-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: restrict order status to owner

Browse Source
This commit is contained in:
Rogee
2026-01-09 17:34:18 +08:00
parent 0707d1c5da
commit 2c6f4163c5
3 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
backend/app/http/v1/transaction.go
View File

@@ -66,10 +66,11 @@ func (t *Transaction) Pay(
// @Produce json
// @Param id path int64 true "Order ID"
// @Success 200 {object} dto.OrderStatusResponse
// @Bind user local key(__ctx_user)
// @Bind id path
func (t *Transaction) Status(ctx fiber.Ctx, id int64) (*dto.OrderStatusResponse, error) {
func (t *Transaction) Status(ctx fiber.Ctx, user *models.User, id int64) (*dto.OrderStatusResponse, error) {
tenantID := getTenantID(ctx)
return services.Order.Status(ctx, tenantID, id)
return services.Order.Status(ctx, tenantID, user.ID, id)
}
type WebhookForm struct {