TanWenyan/leaudit-platform-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
66 Commits 3 Branches 0 Tags
1a626a9020181890bd79f373db6446dc4e9eeb1a
Commit Graph

39 Commits

Author SHA1 Message Date
wren 32fb2a4812 fix: stabilize rule config and cross-review backend 2026-05-11 02:03:01 +08:00
wren 0fec8baafd fix(rbac): expose usage stats menu in settings 2026-05-11 00:52:57 +08:00
wren be41863099 feat(rbac): seed usage stats permissions and schema 2026-05-09 20:08:22 +08:00
wren e8a93f25a6 feat(audit): record login events and trigger users 2026-05-09 20:07:44 +08:00
wren 4d56652879 feat(usage-stats): add usage stats backend apis 2026-05-09 20:06:59 +08:00
wren 9c86bf59e5 feat: add rag backend and review access fixes 2026-05-08 10:58:24 +08:00
wren 1c84209f38 feat: migrate cross review to v3 leaudit flow 2026-05-07 18:18:59 +08:00
wren 35e0c45c42 refactor: remove document legacy binding reads 2026-05-07 18:06:20 +08:00
wren 59f2737f80 refactor: remove audit legacy binding fallback 2026-05-07 18:03:40 +08:00
wren ad367ac5bf refactor: drop legacy rule binding fallbacks 2026-05-07 18:01:54 +08:00
wren e1adcf30d2 chore: add legacy binding fallback audit logs 2026-05-07 17:52:01 +08:00
wren f8eb2dc817 feat: migrate rule bindings to group-based flow 2026-05-07 17:43:20 +08:00
wren 75c2111209 fix: align rule rollback version resolution 2026-05-07 10:58:42 +08:00
wren f9de903acc feat: add rule draft permission flow 2026-05-06 20:06:41 +08:00
wren 0b76dce2a5 fix: preserve review field page positions in platform 2026-05-06 16:29:39 +08:00
wren c4694e11f0 feat: add document type root management 2026-05-06 14:20:28 +08:00
wren 6ff1fb1cf6 fix: repair review detail attachment query 2026-05-06 10:01:21 +08:00
wren 76ba7e65ed feat: add backend rule group and permission support 2026-05-06 09:40:37 +08:00
wren 2d3a0f31de feat: complete review detail backend chain 2026-05-06 09:19:03 +08:00
wren acdcfeb0be fix: add /document-types to visible route whitelist and permission map 2026-04-30 14:27:06 +08:00
wren 283c8228b2 feat: add document-types route and permissions to admin seeds 2026-04-30 14:13:33 +08:00
wren e6e129c70e fix: parse date strings to date objects for asyncpg compatibility 2026-04-30 13:09:24 +08:00
wren 52c2bed4f9 feat: add document type CRUD with inline rule set binding 
- GET/POST /api/document-types, GET/PUT/DELETE /api/document-types/{id}
- DocumentTypeItemVO extended with description, entryModuleId,
  isEnabled, ruleSetIds
- Create/Update DTOs accept ruleSetIds array for automatic
  leaudit_rule_type_bindings sync (full replace on update)
- Soft delete cascades to rule_type_bindings
 2026-04-30 12:50:56 +08:00
wren 8f307aecba feat: add document-types endpoint and date/user filters to list 
- GET /api/document-types: returns {id, name, code} from
  leaudit_document_types, with optional ?ids=1,2,3 filter
- GET /api/documents/list: added userId, dateFrom, dateTo
  query params for filtering by uploading user and date range
 2026-04-30 12:28:55 +08:00
wren b6d7f154ad fix: enforce fine-grained read/write permissions on all rbac admin endpoints 
Previously only CreateRole/UpdateRole/DeleteRole checked specific
permission keys. Now every endpoint enforces its corresponding
permission:
  ListRoles/GetRoleRoutes/GetRolePermissions → rbac:roles:read
  ListUsers/ListRoleUsers/GetUserRoles       → rbac:users:read
  AssignUserRoles/RevokeUserRole             → rbac:user_roles:write
  UpdateRoleRoutes                           → rbac:role_routes:write
  SaveRolePermissions                        → rbac:role_permissions:write
  GetRoutePermissions                        → rbac:permissions:read
 2026-04-30 11:23:09 +08:00
wren ab31c808d7 fix: show permission display_name instead of key in 403 errors 
Previously _assertPermission raised "缺少权限: rbac:roles:delete".
Now it looks up the display_name from the permissions table and
shows "缺少「删除角色」权限".
 2026-04-30 11:18:06 +08:00
wren c16bb841de fix: restrict area bypass to super_admin only 
Previously provincial_admin also skipped entry module area
filtering, making areas configuration meaningless for them.
Now only super_admin bypasses — provincial_admin and below
must match their area against the module's areas list.
 2026-04-30 10:58:37 +08:00
wren 33255e823f fix: enforce fine-grained rbac permissions on role CRUD endpoints 
Add _assertPermission() that checks role_permissions table for
specific permission keys (super_admin bypasses). Wire it into
CreateRole (rbac:roles:create), UpdateRole (rbac:roles:update),
and DeleteRole (rbac:roles:delete). Previously only the coarse
can_manage role check was enforced, making the permission grants
in role_permissions purely cosmetic for these endpoints.
 2026-04-30 10:36:38 +08:00
wren 3a58f19d6c feat: add rbac-backed settings modules 2026-04-29 22:25:06 +08:00
wren b3ad4a6f33 feat: bootstrap user rbac foundation 2026-04-29 15:23:19 +08:00
wren b45d61fa97 feat: add document versioning and list API 2026-04-29 11:48:50 +08:00
wren f3b83c9979 feat: add async worker queues and retry controls 2026-04-29 11:48:09 +08:00
wren e738398eb6 feat: wire native leaudit upload flow 2026-04-28 16:53:16 +08:00
wren c776af598a refactor: region from document, not app config 
- Add region column to leaudit_documents + LeauditDocument model
- AuditServiceImpl: read region from document.region, not APP_REGION
- RuleServiceImpl: ListBindings/CreateBinding accept Region parameter
- RuleBindingCreateDTO: add region field
- RuleController: pass region from query param/DTO to service
- APP_REGION removed from binding queries; region flows from document

Region is now per-document: each document carries its region at upload
time, and rules are matched to the document's region at run time.
 2026-04-28 14:19:29 +08:00
wren e80e8febd8 feat: multi-region rule isolation — region column + config + queries 
- DB: add region column to leaudit_rule_sets + leaudit_rule_type_bindings
- DB: change UNIQUE constraint from (rule_type) to (rule_type, region)
- Config: add APP_REGION to app.toml + AppSettings + __init__.pyi
- AuditServiceImpl: filter bindings by APP_REGION
- RuleServiceImpl: ListBindings/CreateBinding use APP_REGION
- Seed script: accept --region arg, tag rules by region
- OssPathUtils: BuildRuleYamlKey already accepts Region parameter

Each region can now have its own independent copy of the same rule_type,
stored in separate OSS paths and DB rows, keyed by region.
 2026-04-28 13:15:26 +08:00
wren 2d108c8381 feat: M4 seed — upload & publish 20 rule sets, fix config/schema column names 
- Fix _export_settings for pydantic v2 compatibility (model_fields)
- Fix delete_time→deleted_at, update_time→updated_at in RuleServiceImpl
- Add OssClient.EnsureBucket method
- Replace contract_lease/sale/tech rules.yaml from new-rules
- Seed script: batch upload 20 rule YAMLs to OSS + write DB + publish
- Config: fix OSS import chain
 2026-04-28 12:13:46 +08:00
wren 246c0e5ded feat: complete M1-M3 infrastructure — OSS client, native execution chain, rule lifecycle API, system docs 
- M1: unified OSS client (upload/download/presign) + path utils + config
- M2: rule service with validate/create/publish/rollback + binding CRUD endpoints
- M3: native AuditCtx runner, file/rule resolvers, storage adapter with full persistence
- docs: SYSTEM_OVERVIEW.md as comprehensive architecture reference
- fix: double finalize — terminal state now written once by finalize_run
 2026-04-28 11:49:55 +08:00
wren d310ba8bc0 feat: implement binding CRUD in RuleServiceImpl 2026-04-28 11:44:20 +08:00
wren 535d97a70c chore: initial commit — leaudit-platform project skeleton 
17-table PostgreSQL schema with full Chinese column comments,
FastAPI project structure (admin/common/modules),
DSL rule files, and schema migration scripts.
 2026-04-27 16:48:22 +08:00