fix: enforce resource ownership checks

internal/api/handler/webhook_handler.go

@@ -6,6 +6,7 @@ import (
 
 	"github.com/gin-gonic/gin"
 
+	apimiddleware "github.com/user-management-system/internal/api/middleware"
 	"github.com/user-management-system/internal/service"
 )
 
@@ -117,6 +118,10 @@ func (h *WebhookHandler) UpdateWebhook(c *gin.Context) {
 		return
 	}
 
+	if _, ok := h.authorizeWebhookAccess(c, id); !ok {
+		return
+	}
+
 	var req service.UpdateWebhookRequest
 	if err := c.ShouldBindJSON(&req); err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"code": 400, "message": err.Error()})
@@ -150,6 +155,10 @@ func (h *WebhookHandler) DeleteWebhook(c *gin.Context) {
 		return
 	}
 
+	if _, ok := h.authorizeWebhookAccess(c, id); !ok {
+		return
+	}
+
 	if err := h.webhookService.DeleteWebhook(c.Request.Context(), id); err != nil {
 		c.JSON(http.StatusInternalServerError, gin.H{"code": 500, "message": "删除 Webhook 失败"})
 		return
@@ -178,6 +187,10 @@ func (h *WebhookHandler) GetWebhookDeliveries(c *gin.Context) {
 		return
 	}
 
+	if _, ok := h.authorizeWebhookAccess(c, id); !ok {
+		return
+	}
+
 	limit, _ := strconv.Atoi(c.DefaultQuery("limit", "20"))
 	if limit < 1 || limit > 100 {
 		limit = 20
@@ -191,3 +204,24 @@ func (h *WebhookHandler) GetWebhookDeliveries(c *gin.Context) {
 
 	c.JSON(http.StatusOK, gin.H{"code": 0, "message": "success", "data": gin.H{"deliveries": deliveries}})
 }
+
+func (h *WebhookHandler) authorizeWebhookAccess(c *gin.Context, webhookID int64) (int64, bool) {
+	userID, ok := getUserIDFromContext(c)
+	if !ok {
+		c.JSON(http.StatusUnauthorized, gin.H{"code": 401, "message": "unauthorized"})
+		return 0, false
+	}
+
+	webhook, err := h.webhookService.GetWebhook(c.Request.Context(), webhookID)
+	if err != nil {
+		handleError(c, err)
+		return 0, false
+	}
+
+	if webhook.CreatedBy != userID && !apimiddleware.IsAdmin(c) {
+		c.JSON(http.StatusForbidden, gin.H{"code": 403, "message": "permission denied"})
+		return 0, false
+	}
+
+	return userID, true
+}