110 lines
5.6 KiB
Markdown
110 lines
5.6 KiB
Markdown
# Plan — 调研「场馆删除后编辑商品出现规格重复错误」问题
|
||
|
||
> 版本:v1.3 | 日期:2026-04-20 | Agent:council/FrontendDev + council/SecurityEngineer + council/BackendArchitect
|
||
|
||
---
|
||
|
||
## BackendArchitect(Task B1-B6)
|
||
|
||
当票务商品关联的场馆模板被硬删除后,编辑商品时出现「规格不允许重复」错误。
|
||
|
||
**根因调查分工**:
|
||
- FrontendDev:前端规格项构建与 fallback 行为
|
||
- BackendArchitect:后端规格去重逻辑、`spec_base_id_map` 解析
|
||
- SecurityEngineer:安全风险评估(P1 vs P2)
|
||
|
||
---
|
||
|
||
## FrontendDev 任务清单
|
||
|
||
- [x] [Done: council/FrontendDev] **Task 1**: 读取 `ticket_detail.html`,分析前端构建规格项的过程
|
||
- [x] [Done: council/FrontendDev] **Task 2**: 当模板不存在时,前端如何处理 `template_snapshot` 和 `spec_base_id_map`?
|
||
- [x] [Done: council/FrontendDev] **Task 3**: `loadSoldSeats()` 函数实际实现了吗?soldSeats 数据如何填充?
|
||
- [x] [Done: council/FrontendDev] **Task 4**: 编辑模式下(已有 vr_goods_config),前端是否正确处理已删除场馆的旧规格?
|
||
- [x] [Done: council/FrontendDev] **Task 5**: 给出前端根因分析(含具体文件路径和行号)
|
||
- [x] [Done: council/FrontendDev] **Task 6**: 给出修复方案
|
||
- [x] [Done: council/FrontendDev] **Task 7**: 将调研报告写入 `reviews/council-ghost-spec-FrontendDev.md`
|
||
|
||
---
|
||
|
||
## SecurityEngineer 任务清单
|
||
|
||
- [x] [Done: council/SecurityEngineer] **Task S1**: 读取 AdminGoodsSaveHandle.php — 安全审计:保存时是否拒绝脏数据
|
||
- [x] [Done: council/SecurityEngineer] **Task S2**: 读取 SeatSkuService.php — 幽灵 spec 注入路径分析
|
||
- [x] [Done: council/SecurityEngineer] **Task S3**: 读取 AdminGoodsSave.php — ShopXO 入口安全检查
|
||
- [x] [Done: council/SecurityEngineer] **Task S4**: 输出安全审计报告 → `reviews/SecurityEngineer-GHOST_SPEC_SECURITY.md`
|
||
- [x] [Done: council/SecurityEngineer] **Task S5**: 更新 `reviews/council-ghost-spec-summary.md`
|
||
|
||
### 优先级定义
|
||
|
||
| 级别 | 含义 |
|
||
|------|------|
|
||
| **P1** | 安全漏洞:脏数据注入、XSS、权限绕过、数据覆盖 |
|
||
| **P2** | 功能缺陷:用户体验问题、错误提示不友好 |
|
||
| **P3** | 改进建议:代码健壮性优化 |
|
||
|
||
---
|
||
|
||
## BackendArchitect 任务清单
|
||
|
||
- [x] [Done: council/BackendArchitect] **Task B1**: AdminGoodsSaveHandle.php 全链路追踪 — vr_goods_config 读取/解析/snapshot 重建
|
||
- [x] [Done: council/BackendArchitect] **Task B2**: spec_base_id_map 如何被转换成规格项(已验证:存储在模板表,与幽灵 spec 无关)
|
||
- [x] [Done: council/BackendArchitect] **Task B3**: SeatSkuService GetGoodsViewData 模板不存在时的 fallback(单模板处理,多模板有缺陷)
|
||
- [x] [Done: council/BackendArchitect] **Task B4**: 幽灵 spec 产生环节 + 清理时机(保存时未清理,写回 DB)
|
||
- [x] [Done: council/BackendArchitect] **Task B5**: 商品保存规格去重逻辑(GoodsService.php:1859)
|
||
- [x] [Done: council/BackendArchitect] **Task B6**: 根因分析报告(含行号)→ `reviews/council-ghost-spec-BackendArchitect.md`
|
||
- [x] [Done: council/BackendArchitect] **Task B7**: 将调研报告写入 `reviews/council-ghost-spec-BackendArchitect.md`
|
||
|
||
---
|
||
|
||
## 阶段划分 ✅
|
||
|
||
| 阶段 | 内容 | 状态 |
|
||
|------|------|------|
|
||
| **Draft** | Task 1-7(FrontendDev)+ Task S1-S3 + Task B1-B6(并行)| ✅ 完成 |
|
||
| **Review** | Task 7 + Task S4 + Task B7(输出各自报告)| ✅ 完成 |
|
||
| **Finalize** | Task S5:汇总到 `reviews/council-ghost-spec-summary.md` | ✅ 完成 |
|
||
|
||
---
|
||
|
||
## 根因结论
|
||
|
||
| 优先级 | 根因 | 文件:行号 |
|
||
|--------|------|-----------|
|
||
| **P1(功能)** | 无效 config 块未从数组移除,`continue` 后脏数据写回 DB | AdminGoodsSaveHandle.php:88-89 + 148-150 |
|
||
| **P2** | GetGoodsViewData 单模板模式,多模板时覆盖有效块 | SeatSkuService.php:368 + 386-388 |
|
||
| **P3** | BatchGenerate 对无效 template_id 返回 code=-2,阻断保存 | AdminGoodsSaveHandle.php:164-170 |
|
||
| **P4** | 前端过滤后 configs 为空时用户无声失去配置 | AdminGoodsSave.php:196-229 |
|
||
| **P5** | loadSoldSeats 未实现(TODO 注释) | ticket_detail.html:375-383 |
|
||
| **安全评估** | 无 P1 安全漏洞,属于 P2 功能缺陷 | SecurityEngineer-GHOST_SPEC_SECURITY.md |
|
||
|
||
---
|
||
|
||
## 关键文件
|
||
|
||
| 文件 | 关注点 |
|
||
|------|--------|
|
||
| `shopxo/app/plugins/vr_ticket/hook/AdminGoodsSaveHandle.php` | P1 根因:continue 不删除脏 config |
|
||
| `shopxo/app/plugins/vr_ticket/service/SeatSkuService.php` | GetGoodsViewData:P2 根因,多模板处理缺陷 |
|
||
| `shopxo/app/plugins/vr_ticket/hook/AdminGoodsSave.php` | 前端过滤逻辑:P4 体验问题 |
|
||
| `shopxo/app/plugins/vr_ticket/admin/Admin.php` | VenueDelete:硬删除逻辑(第 888 行) |
|
||
| `shopxo/app/plugins/vr_ticket/view/goods/ticket_detail.html` | loadSoldSeats 未实现(P5) |
|
||
| `shopxo/app/service/GoodsService.php` | 规格列值去重检测(第 1859 行) |
|
||
|
||
---
|
||
|
||
## 修复方案
|
||
|
||
### P1 Fix(立即实施)
|
||
1. AdminGoodsSaveHandle.php:88 — `continue` 改为 `unset($configs[$i])`
|
||
2. AdminGoodsSaveHandle.php:145 后 — 添加 `$configs = array_values($configs);`
|
||
3. AdminGoodsSaveHandle.php:148 — 写回前加 `if (!empty($configs))`
|
||
4. AdminGoodsSaveHandle.php:158-173 — BatchGenerate 前增加模板存在性显式校验
|
||
|
||
### P2 Fix(高优先级)
|
||
1. SeatSkuService.php GetGoodsViewData — 遍历所有有效配置块,不只处理 `$vrGoodsConfig[0]`
|
||
2. 修改 DB 写回逻辑为写回 `validConfigs` 而非 `[$config]`
|
||
|
||
### P3 Fix(中优先级)
|
||
1. AdminGoodsSave.php — configs 为空时提示用户重新选择场馆
|