新增用户权限验证，更新团队和团队成员控制器，支持根据用户角色过滤查询结果，并新增获取用户团队的接口。

src/controllers/team-members.controller.ts

@@ -7,12 +7,16 @@ import {
   TeamMembersParams,
   UpdateRevenueBody
 } from '../dto/team-members.dto'
+import { UserRole } from '../entities/user.entity'
+import { TeamService } from '../services/team.service'
 
 export class TeamMembersController {
   private teamMembersService: TeamMembersService
+  private teamService: TeamService
 
   constructor(app: FastifyInstance) {
     this.teamMembersService = new TeamMembersService(app)
+    this.teamService = new TeamService(app)
   }
 
   async create(request: FastifyRequest<{ Body: CreateTeamMembersBody }>, reply: FastifyReply) {
@@ -36,6 +40,16 @@ export class TeamMembersController {
 
   async findAll(request: FastifyRequest<{ Querystring: ListTeamMembersQuery }>, reply: FastifyReply) {
     try {
+      const user = request.user
+      if (!user) {
+        return reply.code(403).send({ message: '用户未登录' })
+      }
+      if (user.role === UserRole.USER) {
+        return reply.code(403).send({ message: '用户无权限' })
+      } else if (user.role === UserRole.TEAM) {
+        const team = await this.teamService.findByUserId(user.id)
+        request.query.teamId = team.id
+      }
       const result = await this.teamMembersService.findAll(request.query)
       return reply.send(result)
     } catch (error) {
@@ -43,11 +57,14 @@ export class TeamMembersController {
     }
   }
 
-  async update(request: FastifyRequest<{ Params: TeamMembersParams; Body: UpdateTeamMembersBody }>, reply: FastifyReply) {
+  async update(
+    request: FastifyRequest<{ Params: TeamMembersParams; Body: UpdateTeamMembersBody }>,
+    reply: FastifyReply
+  ) {
     try {
       const { id } = request.params
       const updateData = { ...request.body, id }
-      
+
       try {
         await this.teamMembersService.findById(id)
       } catch (error) {
@@ -64,7 +81,7 @@ export class TeamMembersController {
   async delete(request: FastifyRequest<{ Params: TeamMembersParams }>, reply: FastifyReply) {
     try {
       const { id } = request.params
-      
+
       try {
         await this.teamMembersService.findById(id)
       } catch (error) {
@@ -81,7 +98,7 @@ export class TeamMembersController {
   async updateRevenue(request: FastifyRequest<{ Body: UpdateRevenueBody }>, reply: FastifyReply) {
     try {
       const { id, amount, type } = request.body
-      
+
       try {
         await this.teamMembersService.findById(id)
       } catch (error) {

src/controllers/team.controller.ts

@@ -1,12 +1,7 @@
 import { FastifyRequest, FastifyReply, FastifyInstance } from 'fastify'
 import { TeamService } from '../services/team.service'
-import {
-  CreateTeamBody,
-  UpdateTeamBody,
-  ListTeamQuery,
-  TeamParams,
-  UpdateRevenueBody
-} from '../dto/team.dto'
+import { CreateTeamBody, UpdateTeamBody, ListTeamQuery, TeamParams, UpdateRevenueBody } from '../dto/team.dto'
+import { UserRole } from '../entities/user.entity'
 
 export class TeamController {
   private teamService: TeamService
@@ -36,6 +31,15 @@ export class TeamController {
 
   async findAll(request: FastifyRequest<{ Querystring: ListTeamQuery }>, reply: FastifyReply) {
     try {
+      const user = request.user
+      if (!user) {
+        return reply.code(403).send({ message: '用户未登录' })
+      }
+      if (user.role === UserRole.USER) {
+        return reply.code(403).send({ message: '用户无权限' })
+      } else if (user.role === UserRole.TEAM) {
+        request.query.userId = user.id
+      }
       const result = await this.teamService.findAll(request.query)
       return reply.send(result)
     } catch (error) {
@@ -47,7 +51,7 @@ export class TeamController {
     try {
       const { id } = request.params
       const updateData = { ...request.body, id }
-      
+
       try {
         await this.teamService.findById(id)
       } catch (error) {
@@ -64,7 +68,7 @@ export class TeamController {
   async delete(request: FastifyRequest<{ Params: TeamParams }>, reply: FastifyReply) {
     try {
       const { id } = request.params
-      
+
       try {
         await this.teamService.findById(id)
       } catch (error) {
@@ -81,7 +85,7 @@ export class TeamController {
   async updateRevenue(request: FastifyRequest<{ Body: UpdateRevenueBody }>, reply: FastifyReply) {
     try {
       const { id, amount, type } = request.body
-      
+
       try {
         await this.teamService.findById(id)
       } catch (error) {
@@ -121,4 +125,20 @@ export class TeamController {
       return reply.code(500).send({ message: '获取团队失败', error })
     }
   }
+
+  async findByUserId(request: FastifyRequest, reply: FastifyReply) {
+    try {
+      const user = request.user
+      if (!user) {
+        return reply.code(403).send({ message: '用户未登录' })
+      }
+      if (user.role === UserRole.USER) {
+        return reply.code(403).send({ message: '用户无权限' })
+      }
+      const team = await this.teamService.findByUserId(user.id)
+      return reply.send(team)
+    } catch (error) {
+      return reply.code(404).send({ message: '团队不存在' })
+    }
+  }
 }

src/dto/team.dto.ts

@@ -18,7 +18,9 @@ export interface UpdateTeamBody {
 }
 
 export interface ListTeamQuery extends Pagination {
+  id?: number
   name?: string
+  userId?: number
 }
 
 export interface TeamParams {

src/routes/team-members.routes.ts

@@ -1,8 +1,14 @@
 import { FastifyInstance } from 'fastify'
 import { TeamMembersController } from '../controllers/team-members.controller'
-import { authenticate, hasRole } from '../middlewares/auth.middleware'
+import { authenticate, hasAnyRole, hasRole } from '../middlewares/auth.middleware'
 import { UserRole } from '../entities/user.entity'
-import { CreateTeamMembersBody, UpdateTeamMembersBody, ListTeamMembersQuery, TeamMembersParams, UpdateRevenueBody } from '../dto/team-members.dto'
+import {
+  CreateTeamMembersBody,
+  UpdateTeamMembersBody,
+  ListTeamMembersQuery,
+  TeamMembersParams,
+  UpdateRevenueBody
+} from '../dto/team-members.dto'
 
 export default async function teamMembersRoutes(fastify: FastifyInstance) {
   const teamMembersController = new TeamMembersController(fastify)
@@ -17,7 +23,7 @@ export default async function teamMembersRoutes(fastify: FastifyInstance) {
   // 获取团队成员列表
   fastify.get<{ Querystring: ListTeamMembersQuery }>(
     '/',
-    { onRequest: [authenticate, hasRole(UserRole.ADMIN)] },
+    { onRequest: [authenticate, hasAnyRole(UserRole.ADMIN, UserRole.TEAM)] },
     teamMembersController.findAll.bind(teamMembersController)
   )
 

src/routes/team.routes.ts

@@ -1,6 +1,6 @@
 import { FastifyInstance } from 'fastify'
 import { TeamController } from '../controllers/team.controller'
-import { authenticate, hasRole } from '../middlewares/auth.middleware'
+import { authenticate, hasAnyRole, hasRole } from '../middlewares/auth.middleware'
 import { UserRole } from '../entities/user.entity'
 import { CreateTeamBody, UpdateTeamBody, ListTeamQuery, TeamParams, UpdateRevenueBody } from '../dto/team.dto'
 
@@ -17,7 +17,7 @@ export default async function teamRoutes(fastify: FastifyInstance) {
   // 获取团队列表
   fastify.get<{ Querystring: ListTeamQuery }>(
     '/',
-    { onRequest: [authenticate, hasRole(UserRole.ADMIN)] },
+    { onRequest: [authenticate, hasAnyRole(UserRole.ADMIN, UserRole.TEAM)] },
     teamController.findAll.bind(teamController)
   )
 
@@ -69,4 +69,11 @@ export default async function teamRoutes(fastify: FastifyInstance) {
     { onRequest: [authenticate, hasRole(UserRole.ADMIN)] },
     teamController.getTeams.bind(teamController)
   )
+
+  // 获取自己的团队
+  fastify.get(
+    '/getTeam',
+    { onRequest: [authenticate, hasAnyRole(UserRole.ADMIN, UserRole.TEAM)] },
+    teamController.findByUserId.bind(teamController)
+  )
 }

src/services/team.service.ts

@@ -40,14 +40,23 @@ export class TeamService {
   }
 
   async findAll(query: ListTeamQuery): Promise<PaginationResponse<Team>> {
-    const { page, size, name } = query
+    const { page, size, id, name, userId } = query
+    console.log(query)
 
     const where: any = {}
 
+    if (id) {
+      where.id = id
+    }
+
     if (name) {
       where.name = Like(`%${name}%`)
     }
 
+    if (userId) {
+      where.userId = userId
+    }
+
     const [teams, total] = await this.teamRepository.findAndCount({
       where,
       skip: (Number(page) || 0) * (Number(size) || 20),
@@ -139,4 +148,8 @@ export class TeamService {
       select: ['id', 'name', 'userId']
     })
   }
+
+  async findByUserId(userId: number): Promise<{ id: number; name: string; userId: number }> {
+    return this.teamRepository.findOneOrFail({ select: ['id', 'name', 'userId'], where: { userId } })
+  }
 }