added additional_role_id when checking the roles

2026-02-27 14:03:29 +08:00
parent 3ac1f83dd4
commit 20bd509bba
5 changed files with 64 additions and 2 deletions
@@ -240,8 +240,24 @@ func JWTAuth(next http.HandlerFunc) http.HandlerFunc {
 func buildContext(parent context.Context, claims *models.Claims) context.Context {
 	ctx := context.WithValue(parent, claimsKey, claims)
 	ctx = context.WithValue(ctx, userIDKey, claims.UsersID)
-	// Store plain []int in context for roles to keep middleware interfaces simple
-	ctx = context.WithValue(ctx, roleIDKey, []int(claims.RoleID))
+	roles := make([]int, 0, len(claims.RoleID)+len(claims.AdditionalRoleID))
+	unique := make(map[int]struct{})
+
+	for _, role := range claims.RoleID {
+		if _, exists := unique[role]; !exists {
+			unique[role] = struct{}{}
+			roles = append(roles, role)
+		}
+	}
+
+	for _, role := range claims.AdditionalRoleID {
+		if _, exists := unique[role]; !exists {
+			unique[role] = struct{}{}
+			roles = append(roles, role)
+		}
+	}
+
+	ctx = context.WithValue(ctx, roleIDKey, roles)
 	return ctx
 }

@@ -190,6 +190,28 @@ func TestBuildContext(t *testing.T) {
 	}
 }

+func TestBuildContextIncludesAdditionalRoles(t *testing.T) {
+	claims := &models.Claims{
+		UsersID:           "user123",
+		RoleID:            models.RoleIDs{30},
+		AdditionalRoleID:  models.RoleIDs{4, 5, 30},
+	}
+
+	ctx := buildContext(context.Background(), claims)
+	val, ok := ctx.Value(roleIDKey).([]int)
+	if !ok {
+		t.Fatal("Role not properly set in context")
+	}
+
+	if len(val) != 3 {
+		t.Fatalf("expected 3 unique roles, got %d (%v)", len(val), val)
+	}
+
+	if val[0] != 30 || val[1] != 4 || val[2] != 5 {
+		t.Fatalf("unexpected roles in context: %v", val)
+	}
+}
+
 func TestGetClaims(t *testing.T) {
 	claims := &models.Claims{
 		UsersID: "user123",