fix(appconfig): 修复跨表查询以确保产品有效性

- selectByCategory SQL 增加 INNER JOIN app_product，确保只返回该租户下有效产品配置 - 加入关联条件 ap.product_id = ac.app_id 和 ap.tenant_id = #{tenantId} - 保证查询结果中 app_config 的 app_id 必须对应有效且属于当前租户的产品 - 维护原有租户过滤和配置类型过滤逻辑，增强数据准确性 - 该改动对 Service 和 Controller 层无影响，无需修改调用逻辑
2026-06-18 17:17:45 +08:00
parent bae1f75533
commit 307c209565
2 changed files with 29 additions and 14 deletions
--- a/.workbuddy/memory/2026-06-18.md
+++ b/.workbuddy/memory/2026-06-18.md
@@ -0,0 +1,11 @@
 # 2026-06-18 工作日志
 ## AppConfigMapper.xml 添加关联查询
 **改动文件**: `src/main/java/com/gxwebsoft/websopy/mapper/AppConfigMapper.xml`
 - `selectByCategory` SQL 增加了 `INNER JOIN db_websopy.app_product`，关联条件：
  - `ap.product_id = ac.app_id`
  - `ap.tenant_id = #{tenantId}`
 - 目的：确保只返回该租户下有效产品的配置，防止 app_config 中的 app_id 指向非该租户的产品
 - Service 层和 Controller 层无需改动，不影响现有调用
--- a/src/main/java/com/gxwebsoft/websopy/mapper/AppConfigMapper.xml
+++ b/src/main/java/com/gxwebsoft/websopy/mapper/AppConfigMapper.xml
@@ -3,27 +3,31 @@
 <mapper namespace="com.gxwebsoft.websopy.mapper.AppConfigMapper">
    <!--
-        跨表查询 db_websopy.app_config
+        跨表查询 db_websopy.app_config，关联 app_product 校验产品有效性
        注意：
        1. 表名带库名前缀 db_websopy.app_config（该表在 db_websopy 库中）
        2. Mapper 方法已加 @InterceptorIgnore(tenantLine = "true")，
           TenantLineInnerInterceptor 不会自动追加 tenant_id 条件
        3. 手动传入 tenantId 参数精确匹配 app_config 自身的租户
        4. INNER JOIN app_product，确保只返回该租户下有效产品（app_product.product_id = app_config.app_id）的配置
    -->
    <select id="selectByCategory" resultType="com.gxwebsoft.websopy.entity.AppConfig">
-        SELECT config_id   AS configId,
+        SELECT ac.config_id   AS configId,
-               app_id      AS appId,
+               ac.app_id      AS appId,
-               tenant_id   AS tenantId,
+               ac.tenant_id   AS tenantId,
-               config_key  AS configKey,
+               ac.config_key  AS configKey,
-               config_value AS configValue,
+               ac.config_value AS configValue,
-               config_type AS configType,
+               ac.config_type AS configType,
-               is_encrypted AS isEncrypted,
+               ac.is_encrypted AS isEncrypted,
-               is_secret   AS isSecret,
+               ac.is_secret   AS isSecret,
-               description
+               ac.description
-        FROM db_websopy.app_config
+        FROM db_websopy.app_config ac
-        WHERE deleted = 0
+        INNER JOIN db_websopy.app_product ap
-          AND tenant_id  = #{tenantId}
+            ON ap.product_id = ac.app_id
-          AND config_type = #{configType}
+            AND ap.tenant_id = #{tenantId}
        WHERE ac.deleted = 0
          AND ac.tenant_id  = #{tenantId}
          AND ac.config_type = #{configType}
    </select>
 </mapper>