TanWenyan/leaudit-platform-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
134 Commits 3 Branches 0 Tags
acad3d4bf374bef97a3d9373e6af85266fe1960c
Commit Graph

18 Commits

Author SHA1 Message Date
wren 1f1bccf3b3 feat: add tenant-scoped rule and permission management 2026-05-21 22:03:08 +08:00
wren a2c2bf1969 feat: 完善模板对比持久化与附件版本处理 2026-05-20 10:55:28 +08:00
wren 7c6f134808 feat: 支持合同模板上传与地区隔离 2026-05-19 22:59:11 +08:00
wren 16e8668150 feat: add contract template v3 api and legacy oss migration 2026-05-19 18:38:17 +08:00
wren d47f499e57 Optimize RBAC org tree loading 2026-05-12 16:53:22 +08:00
wren 2aa5a6d1d6 fix: tighten rag permissions and area scope 2026-05-11 18:01:09 +08:00
wren e19f63183b feat(rbac): add lazy organization tree endpoint 2026-05-11 09:38:14 +08:00
wren 32fb2a4812 fix: stabilize rule config and cross-review backend 2026-05-11 02:03:01 +08:00
wren be41863099 feat(rbac): seed usage stats permissions and schema 2026-05-09 20:08:22 +08:00
wren 9c86bf59e5 feat: add rag backend and review access fixes 2026-05-08 10:58:24 +08:00
wren 1c84209f38 feat: migrate cross review to v3 leaudit flow 2026-05-07 18:18:59 +08:00
wren f9de903acc feat: add rule draft permission flow 2026-05-06 20:06:41 +08:00
wren 76ba7e65ed feat: add backend rule group and permission support 2026-05-06 09:40:37 +08:00
wren 283c8228b2 feat: add document-types route and permissions to admin seeds 2026-04-30 14:13:33 +08:00
wren b6d7f154ad fix: enforce fine-grained read/write permissions on all rbac admin endpoints 
Previously only CreateRole/UpdateRole/DeleteRole checked specific
permission keys. Now every endpoint enforces its corresponding
permission:
  ListRoles/GetRoleRoutes/GetRolePermissions → rbac:roles:read
  ListUsers/ListRoleUsers/GetUserRoles       → rbac:users:read
  AssignUserRoles/RevokeUserRole             → rbac:user_roles:write
  UpdateRoleRoutes                           → rbac:role_routes:write
  SaveRolePermissions                        → rbac:role_permissions:write
  GetRoutePermissions                        → rbac:permissions:read
 2026-04-30 11:23:09 +08:00
wren ab31c808d7 fix: show permission display_name instead of key in 403 errors 
Previously _assertPermission raised "缺少权限: rbac:roles:delete".
Now it looks up the display_name from the permissions table and
shows "缺少「删除角色」权限".
 2026-04-30 11:18:06 +08:00
wren 33255e823f fix: enforce fine-grained rbac permissions on role CRUD endpoints 
Add _assertPermission() that checks role_permissions table for
specific permission keys (super_admin bypasses). Wire it into
CreateRole (rbac:roles:create), UpdateRole (rbac:roles:update),
and DeleteRole (rbac:roles:delete). Previously only the coarse
can_manage role check was enforced, making the permission grants
in role_permissions purely cosmetic for these endpoints.
 2026-04-30 10:36:38 +08:00
wren 3a58f19d6c feat: add rbac-backed settings modules 2026-04-29 22:25:06 +08:00