hailin
/
rwadurian
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(authorization): allow admin tokens without accountSequence field 

Admin JWT tokens from identity-service don't include the accountSequence
field (only userId, email, role, type). This caused a 400 error with
message "管理员账户序列号不能为空" when admins tried to grant authorizations.

Changes:
- Update AdminUserId value object to make accountSequence optional
- Use 'ADMIN' as default value when accountSequence is not provided
- Update all controller methods to handle optional accountSequence

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
hailin 2026-01-03 22:57:56 -08:00
parent 4a3658e770
commit 50f960ecea
2 changed files with 16 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
backend/services/authorization-service/src/api/controllers/admin-authorization.controller.ts
View File

@ -72,14 +72,14 @@ export class AdminAuthorizationController {
@ApiOperation({ summary: '撤销授权(管理员)' })
@ApiResponse({ status: 200, description: '撤销成功' })
async revokeAuthorization(
@CurrentUser() user: { userId: string; accountSequence: string },
@CurrentUser() user: { userId: string; accountSequence?: string },
@Param('id') authorizationId: string,
@Body() dto: RevokeAuthorizationDto,
): Promise<{ message: string }> {
const command = new RevokeAuthorizationCommand(
authorizationId,
dto.reason,
user.accountSequence,
user.accountSequence || 'ADMIN',
)
await this.applicationService.revokeAuthorization(command)
return { message: '授权已撤销' }
@ -90,7 +90,7 @@ export class AdminAuthorizationController {
@ApiOperation({ summary: '授权社区(管理员)' })
@ApiResponse({ status: 201, description: '授权成功' })
async grantCommunity(
@CurrentUser() user: { userId: string; accountSequence: string },
@CurrentUser() user: { userId: string; accountSequence?: string },
@Body() dto: GrantCommunityDto,
): Promise<{ message: string }> {
const command = new GrantCommunityCommand(
@ -98,7 +98,7 @@ export class AdminAuthorizationController {
dto.accountSequence,
dto.communityName,
user.userId,
user.accountSequence,
user.accountSequence || 'ADMIN',
dto.skipAssessment ?? false,
)
await this.applicationService.grantCommunity(command)
@ -110,7 +110,7 @@ export class AdminAuthorizationController {
@ApiOperation({ summary: '授权正式省公司(管理员)' })
@ApiResponse({ status: 201, description: '授权成功' })
async grantProvinceCompany(
@CurrentUser() user: { userId: string; accountSequence: string },
@CurrentUser() user: { userId: string; accountSequence?: string },
@Body() dto: GrantProvinceCompanyDto,
): Promise<{ message: string }> {
const command = new GrantProvinceCompanyCommand(
@ -119,7 +119,7 @@ export class AdminAuthorizationController {
dto.provinceCode,
dto.provinceName,
user.userId,
user.accountSequence,
user.accountSequence || 'ADMIN',
dto.skipAssessment ?? false,
)
await this.applicationService.grantProvinceCompany(command)
@ -131,7 +131,7 @@ export class AdminAuthorizationController {
@ApiOperation({ summary: '授权正式市公司(管理员)' })
@ApiResponse({ status: 201, description: '授权成功' })
async grantCityCompany(
@CurrentUser() user: { userId: string; accountSequence: string },
@CurrentUser() user: { userId: string; accountSequence?: string },
@Body() dto: GrantCityCompanyDto,
): Promise<{ message: string }> {
const command = new GrantCityCompanyCommand(
@ -140,7 +140,7 @@ export class AdminAuthorizationController {
dto.cityCode,
dto.cityName,
user.userId,
user.accountSequence,
user.accountSequence || 'ADMIN',
dto.skipAssessment ?? false,
)
await this.applicationService.grantCityCompany(command)
@ -153,7 +153,7 @@ export class AdminAuthorizationController {
@ApiResponse({ status: 201, description: '授权成功' })
@ApiResponse({ status: 400, description: '验证失败(如团队内已存在相同省份授权)' })
async grantAuthProvinceCompany(
@CurrentUser() user: { userId: string; accountSequence: string },
@CurrentUser() user: { userId: string; accountSequence?: string },
@Body() dto: GrantAuthProvinceCompanyDto,
): Promise<{ message: string }> {
const command = new GrantAuthProvinceCompanyCommand(
@ -162,7 +162,7 @@ export class AdminAuthorizationController {
dto.provinceCode,
dto.provinceName,
user.userId,
user.accountSequence,
user.accountSequence || 'ADMIN',
dto.skipAssessment ?? false,
)
await this.applicationService.grantAuthProvinceCompany(command)
@ -175,7 +175,7 @@ export class AdminAuthorizationController {
@ApiResponse({ status: 201, description: '授权成功' })
@ApiResponse({ status: 400, description: '验证失败(如团队内已存在相同城市授权)' })
async grantAuthCityCompany(
@CurrentUser() user: { userId: string; accountSequence: string },
@CurrentUser() user: { userId: string; accountSequence?: string },
@Body() dto: GrantAuthCityCompanyDto,
): Promise<{ message: string }> {
const command = new GrantAuthCityCompanyCommand(
@ -184,7 +184,7 @@ export class AdminAuthorizationController {
dto.cityCode,
dto.cityName,
user.userId,
user.accountSequence,
user.accountSequence || 'ADMIN',
dto.skipAssessment ?? false,
)
await this.applicationService.grantAuthCityCompany(command)

9
backend/services/authorization-service/src/domain/value-objects/user-id.vo.ts
View File

@ -34,13 +34,12 @@ export class AdminUserId {
if (!value) {
throw new DomainError('管理员ID不能为空')
}
if (accountSequence === undefined || accountSequence === null) {
throw new DomainError('管理员账户序列号不能为空')
}
// 管理员账户序列号可以为空管理员token没有accountSequence字段
// 使用 'ADMIN' 作为默认值
}
static create(value: string, accountSequence: string): AdminUserId {
return new AdminUserId(value, accountSequence)
static create(value: string, accountSequence?: string): AdminUserId {
return new AdminUserId(value, accountSequence || 'ADMIN')
}
equals(other: AdminUserId): boolean {