fix: enforce content visibility and tenant login

backend/app/services/content_test.go

@@ -3,9 +3,11 @@ package services
 import (
 	"context"
 	"database/sql"
+	"errors"
 	"testing"
 
 	"quyun/v2/app/commands/testx"
+	"quyun/v2/app/errorx"
 	content_dto "quyun/v2/app/http/v1/dto"
 	"quyun/v2/app/requests"
 	"quyun/v2/database"
@@ -15,6 +17,7 @@ import (
 	. "github.com/smartystreets/goconvey/convey"
 	"github.com/stretchr/testify/suite"
 	"go.ipao.vip/atom/contracts"
+	"go.ipao.vip/gen/types"
 	"go.uber.org/dig"
 )
 
@@ -88,7 +91,7 @@ func (s *ContentTestSuite) Test_Get() {
 	Convey("Get", s.T(), func() {
 		ctx := s.T().Context()
 		tenantID := int64(1)
-		database.Truncate(ctx, s.DB, models.TableNameContent, models.TableNameMediaAsset, models.TableNameContentAsset, models.TableNameUser)
+		database.Truncate(ctx, s.DB, models.TableNameContent, models.TableNameMediaAsset, models.TableNameContentAsset, models.TableNameTenantUser, models.TableNameUser)
 
 		// Author
 		author := &models.User{Nickname: "Author1", Username: "author1", Phone: "13800000002"}
@@ -112,6 +115,32 @@ func (s *ContentTestSuite) Test_Get() {
 		}
 		models.ContentQuery.WithContext(ctx).Create(content)
 
+		member := &models.User{Nickname: "Member", Username: "member1", Phone: "13800000003"}
+		guest := &models.User{Nickname: "Guest", Username: "guest1", Phone: "13800000004"}
+		models.UserQuery.WithContext(ctx).Create(member, guest)
+		models.TenantUserQuery.WithContext(ctx).Create(&models.TenantUser{
+			TenantID: 1,
+			UserID:   member.ID,
+			Role:     types.Array[consts.TenantUserRole]{consts.TenantUserRoleMember},
+			Status:   consts.UserStatusVerified,
+		})
+
+		tenantOnly := &models.Content{
+			TenantID:   1,
+			UserID:     author.ID,
+			Title:      "Member Only",
+			Status:     consts.ContentStatusPublished,
+			Visibility: consts.ContentVisibilityTenantOnly,
+		}
+		privateContent := &models.Content{
+			TenantID:   1,
+			UserID:     author.ID,
+			Title:      "Private Content",
+			Status:     consts.ContentStatusPublished,
+			Visibility: consts.ContentVisibilityPrivate,
+		}
+		models.ContentQuery.WithContext(ctx).Create(tenantOnly, privateContent)
+
 		// Link Asset
 		ca := &models.ContentAsset{
 			TenantID:  1,
@@ -134,6 +163,34 @@ func (s *ContentTestSuite) Test_Get() {
 			So(len(detail.MediaUrls), ShouldEqual, 1)
 			So(detail.MediaUrls[0].URL, ShouldContainSubstring, "test.mp4")
 		})
+
+		Convey("should allow tenant_only content for member", func() {
+			detail, err := Content.Get(ctx, tenantID, member.ID, tenantOnly.ID)
+			So(err, ShouldBeNil)
+			So(detail.Title, ShouldEqual, "Member Only")
+		})
+
+		Convey("should reject tenant_only content for non-member", func() {
+			_, err := Content.Get(ctx, tenantID, guest.ID, tenantOnly.ID)
+			So(err, ShouldNotBeNil)
+			var appErr *errorx.AppError
+			So(errors.As(err, &appErr), ShouldBeTrue)
+			So(appErr.Code, ShouldEqual, errorx.ErrForbidden.Code)
+		})
+
+		Convey("should reject private content for non-owner", func() {
+			_, err := Content.Get(ctx, tenantID, member.ID, privateContent.ID)
+			So(err, ShouldNotBeNil)
+			var appErr *errorx.AppError
+			So(errors.As(err, &appErr), ShouldBeTrue)
+			So(appErr.Code, ShouldEqual, errorx.ErrForbidden.Code)
+		})
+
+		Convey("should allow private content for author", func() {
+			detail, err := Content.Get(ctx, tenantID, author.ID, privateContent.ID)
+			So(err, ShouldBeNil)
+			So(detail.Title, ShouldEqual, "Private Content")
+		})
 	})
 }
 
@@ -333,7 +390,13 @@ func (s *ContentTestSuite) Test_PreviewLogic() {
 		author := &models.User{Username: "author_p", Phone: "13900000006"}
 		models.UserQuery.WithContext(ctx).Create(author)
 
-		c := &models.Content{TenantID: 1, UserID: author.ID, Title: "Premium", Status: consts.ContentStatusPublished}
+		c := &models.Content{
+			TenantID:   1,
+			UserID:     author.ID,
+			Title:      "Premium",
+			Status:     consts.ContentStatusPublished,
+			Visibility: consts.ContentVisibilityPublic,
+		}
 		models.ContentQuery.WithContext(ctx).Create(c)
 
 		assetMain := &models.MediaAsset{ObjectKey: "main.mp4", Type: consts.MediaAssetTypeVideo}
@@ -391,7 +454,14 @@ func (s *ContentTestSuite) Test_ViewCounting() {
 		author := &models.User{Username: "author_v", Phone: "13900000009"}
 		models.UserQuery.WithContext(ctx).Create(author)
 
-		c := &models.Content{TenantID: 1, UserID: author.ID, Title: "View Me", Views: 0, Status: consts.ContentStatusPublished}
+		c := &models.Content{
+			TenantID:   1,
+			UserID:     author.ID,
+			Title:      "View Me",
+			Views:      0,
+			Status:     consts.ContentStatusPublished,
+			Visibility: consts.ContentVisibilityPublic,
+		}
 		models.ContentQuery.WithContext(ctx).Create(c)
 
 		Convey("should increment views", func() {