TanWenyan/leaudit-platform-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
159 Commits 3 Branches 0 Tags
4ac53ded5a25a9347318414dc96426d2be8064f3
Commit Graph

23 Commits

Author SHA1 Message Date
wren 4ac53ded5a fix(auth): enforce document and govdoc route grants 2026-05-25 15:37:53 +08:00
wren 0f385c9839 fix(rules): unify rule configuration naming 2026-05-25 14:52:10 +08:00
wren 47a495e910 fix(rules): require evaluation point list read permission for rule packs 2026-05-25 14:50:06 +08:00
wren fe424761e2 fix: enforce role hierarchy on permission edits 2026-05-25 10:13:48 +08:00
wren 68d0b4c878 feat: update audit platform workspace 2026-05-25 09:50:01 +08:00
wren 1f1bccf3b3 feat: add tenant-scoped rule and permission management 2026-05-21 22:03:08 +08:00
wren a2c2bf1969 feat: 完善模板对比持久化与附件版本处理 2026-05-20 10:55:28 +08:00
wren 7c6f134808 feat: 支持合同模板上传与地区隔离 2026-05-19 22:59:11 +08:00
wren 16e8668150 feat: add contract template v3 api and legacy oss migration 2026-05-19 18:38:17 +08:00
wren d47f499e57 Optimize RBAC org tree loading 2026-05-12 16:53:22 +08:00
wren 2aa5a6d1d6 fix: tighten rag permissions and area scope 2026-05-11 18:01:09 +08:00
wren e19f63183b feat(rbac): add lazy organization tree endpoint 2026-05-11 09:38:14 +08:00
wren 32fb2a4812 fix: stabilize rule config and cross-review backend 2026-05-11 02:03:01 +08:00
wren be41863099 feat(rbac): seed usage stats permissions and schema 2026-05-09 20:08:22 +08:00
wren 9c86bf59e5 feat: add rag backend and review access fixes 2026-05-08 10:58:24 +08:00
wren 1c84209f38 feat: migrate cross review to v3 leaudit flow 2026-05-07 18:18:59 +08:00
wren f9de903acc feat: add rule draft permission flow 2026-05-06 20:06:41 +08:00
wren 76ba7e65ed feat: add backend rule group and permission support 2026-05-06 09:40:37 +08:00
wren 283c8228b2 feat: add document-types route and permissions to admin seeds 2026-04-30 14:13:33 +08:00
wren b6d7f154ad fix: enforce fine-grained read/write permissions on all rbac admin endpoints 
Previously only CreateRole/UpdateRole/DeleteRole checked specific
permission keys. Now every endpoint enforces its corresponding
permission:
  ListRoles/GetRoleRoutes/GetRolePermissions → rbac:roles:read
  ListUsers/ListRoleUsers/GetUserRoles       → rbac:users:read
  AssignUserRoles/RevokeUserRole             → rbac:user_roles:write
  UpdateRoleRoutes                           → rbac:role_routes:write
  SaveRolePermissions                        → rbac:role_permissions:write
  GetRoutePermissions                        → rbac:permissions:read
 2026-04-30 11:23:09 +08:00
wren ab31c808d7 fix: show permission display_name instead of key in 403 errors 
Previously _assertPermission raised "缺少权限: rbac:roles:delete".
Now it looks up the display_name from the permissions table and
shows "缺少「删除角色」权限".
 2026-04-30 11:18:06 +08:00
wren 33255e823f fix: enforce fine-grained rbac permissions on role CRUD endpoints 
Add _assertPermission() that checks role_permissions table for
specific permission keys (super_admin bypasses). Wire it into
CreateRole (rbac:roles:create), UpdateRole (rbac:roles:update),
and DeleteRole (rbac:roles:delete). Previously only the coarse
can_manage role check was enforced, making the permission grants
in role_permissions purely cosmetic for these endpoints.
 2026-04-30 10:36:38 +08:00
wren 3a58f19d6c feat: add rbac-backed settings modules 2026-04-29 22:25:06 +08:00