TanWenyan/leaudit-platform-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
66 Commits 3 Branches 0 Tags
1a626a9020181890bd79f373db6446dc4e9eeb1a
Commit Graph

11 Commits

Author SHA1 Message Date
wren 32fb2a4812 fix: stabilize rule config and cross-review backend 2026-05-11 02:03:01 +08:00
wren be41863099 feat(rbac): seed usage stats permissions and schema 2026-05-09 20:08:22 +08:00
wren 9c86bf59e5 feat: add rag backend and review access fixes 2026-05-08 10:58:24 +08:00
wren 1c84209f38 feat: migrate cross review to v3 leaudit flow 2026-05-07 18:18:59 +08:00
wren f9de903acc feat: add rule draft permission flow 2026-05-06 20:06:41 +08:00
wren 76ba7e65ed feat: add backend rule group and permission support 2026-05-06 09:40:37 +08:00
wren 283c8228b2 feat: add document-types route and permissions to admin seeds 2026-04-30 14:13:33 +08:00
wren b6d7f154ad fix: enforce fine-grained read/write permissions on all rbac admin endpoints 
Previously only CreateRole/UpdateRole/DeleteRole checked specific
permission keys. Now every endpoint enforces its corresponding
permission:
  ListRoles/GetRoleRoutes/GetRolePermissions → rbac:roles:read
  ListUsers/ListRoleUsers/GetUserRoles       → rbac:users:read
  AssignUserRoles/RevokeUserRole             → rbac:user_roles:write
  UpdateRoleRoutes                           → rbac:role_routes:write
  SaveRolePermissions                        → rbac:role_permissions:write
  GetRoutePermissions                        → rbac:permissions:read
 2026-04-30 11:23:09 +08:00
wren ab31c808d7 fix: show permission display_name instead of key in 403 errors 
Previously _assertPermission raised "缺少权限: rbac:roles:delete".
Now it looks up the display_name from the permissions table and
shows "缺少「删除角色」权限".
 2026-04-30 11:18:06 +08:00
wren 33255e823f fix: enforce fine-grained rbac permissions on role CRUD endpoints 
Add _assertPermission() that checks role_permissions table for
specific permission keys (super_admin bypasses). Wire it into
CreateRole (rbac:roles:create), UpdateRole (rbac:roles:update),
and DeleteRole (rbac:roles:delete). Previously only the coarse
can_manage role check was enforced, making the permission grants
in role_permissions purely cosmetic for these endpoints.
 2026-04-30 10:36:38 +08:00
wren 3a58f19d6c feat: add rbac-backed settings modules 2026-04-29 22:25:06 +08:00