@@ -254,14 +254,16 @@ func (s *RegexScriptService) GetScriptsForPlacement(userID uint, placement int,
|
||||
db := global.GVA_DB.Where("user_id = ? AND placement = ? AND disabled = ?", userID, placement, false)
|
||||
|
||||
// 作用域过滤:全局(0) 或 角色(1) 或 预设(2)
|
||||
scopeCondition := "scope = 0" // 全局
|
||||
if charID != nil {
|
||||
scopeCondition += " OR (scope = 1 AND owner_char_id = " + string(rune(*charID)) + ")"
|
||||
// 使用参数化查询避免 SQL 注入
|
||||
if charID != nil && presetID != nil {
|
||||
db = db.Where("scope = 0 OR (scope = 1 AND owner_char_id = ?) OR (scope = 2 AND owner_preset_id = ?)", *charID, *presetID)
|
||||
} else if charID != nil {
|
||||
db = db.Where("scope = 0 OR (scope = 1 AND owner_char_id = ?)", *charID)
|
||||
} else if presetID != nil {
|
||||
db = db.Where("scope = 0 OR (scope = 2 AND owner_preset_id = ?)", *presetID)
|
||||
} else {
|
||||
db = db.Where("scope = 0")
|
||||
}
|
||||
if presetID != nil {
|
||||
scopeCondition += " OR (scope = 2 AND owner_preset_id = " + string(rune(*presetID)) + ")"
|
||||
}
|
||||
db = db.Where(scopeCondition)
|
||||
|
||||
if err := db.Order("\"order\" ASC").Find(&scripts).Error; err != nil {
|
||||
return nil, err
|
||||
|
||||
Reference in New Issue
Block a user