TanWenyan/leaudit-platform-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
71 Commits 3 Branches 0 Tags
f788149ca74b1734c3c840ab493f13aafc032d82
Commit Graph

71 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
wren f788149ca7 docs(collabora): organize deployment guides and fix proxy chain 2026-05-11 17:54:39 +08:00
wren dcc0f3c30d feat: restore rag dataset management and linkage 2026-05-11 17:21:33 +08:00
wren da2bb8310d fix(entry-modules): persist route path updates 2026-05-11 11:28:08 +08:00
wren e19f63183b feat(rbac): add lazy organization tree endpoint 2026-05-11 09:38:14 +08:00
wren 90e56d6259 feat: manage worker in leaudit script 2026-05-11 02:31:58 +08:00
wren 1a626a9020 fix: add rbac organization tree contracts 2026-05-11 02:17:50 +08:00
wren f753b8c6c3 chore: add local dev helper scripts 2026-05-11 02:06:23 +08:00
wren 32fb2a4812 fix: stabilize rule config and cross-review backend 2026-05-11 02:03:01 +08:00
wren 900fc2e8a2 docs(usage-stats): add implementation file inventory 2026-05-11 01:13:31 +08:00
wren 0fec8baafd fix(rbac): expose usage stats menu in settings 2026-05-11 00:52:57 +08:00
wren 58ee6a1085 docs: consolidate usage stats documentation 2026-05-10 21:04:07 +08:00
wren 601811f957 docs: refine sql operations handbook 2026-05-10 20:14:05 +08:00
wren ae89eec3b9 docs(scripts): organize sql files under 创建sql 2026-05-10 19:56:31 +08:00
wren be41863099 feat(rbac): seed usage stats permissions and schema 2026-05-09 20:08:22 +08:00
wren e8a93f25a6 feat(audit): record login events and trigger users 2026-05-09 20:07:44 +08:00
wren 4d56652879 feat(usage-stats): add usage stats backend apis 2026-05-09 20:06:59 +08:00
wren c9d7a693b8 docs: reorganize by module 2026-05-09 20:04:08 +08:00
wren 29873eaecd deploy: add collabora nginx proxy stack 2026-05-09 15:10:50 +08:00
wren 9c86bf59e5 feat: add rag backend and review access fixes 2026-05-08 10:58:24 +08:00
wren 1c84209f38 feat: migrate cross review to v3 leaudit flow 2026-05-07 18:18:59 +08:00
wren 35e0c45c42 refactor: remove document legacy binding reads 2026-05-07 18:06:20 +08:00
wren 59f2737f80 refactor: remove audit legacy binding fallback 2026-05-07 18:03:40 +08:00
wren ad367ac5bf refactor: drop legacy rule binding fallbacks 2026-05-07 18:01:54 +08:00
wren e1adcf30d2 chore: add legacy binding fallback audit logs 2026-05-07 17:52:01 +08:00
wren f8eb2dc817 feat: migrate rule bindings to group-based flow 2026-05-07 17:43:20 +08:00
wren 75c2111209 fix: align rule rollback version resolution 2026-05-07 10:58:42 +08:00
wren 7cf551018b docs: rewrite project documentation map 2026-05-07 09:54:41 +08:00
wren f9de903acc feat: add rule draft permission flow 2026-05-06 20:06:41 +08:00
wren 0b76dce2a5 fix: preserve review field page positions in platform 2026-05-06 16:29:39 +08:00
wren c4694e11f0 feat: add document type root management 2026-05-06 14:20:28 +08:00
wren 201e3adc18 fix: synthesize docx field location chunks 2026-05-06 11:36:02 +08:00
wren 6ff1fb1cf6 fix: repair review detail attachment query 2026-05-06 10:01:21 +08:00
wren 0d8f13ab3d docs: reorganize backend project documentation 2026-05-06 09:42:29 +08:00
wren 76ba7e65ed feat: add backend rule group and permission support 2026-05-06 09:40:37 +08:00
wren 7acbe0f1d9 chore: ignore playwright mcp cache 2026-05-06 09:19:53 +08:00
wren 2d3a0f31de feat: complete review detail backend chain 2026-05-06 09:19:03 +08:00
wren 23b5445ff8 docs: add comprehensive handoff document 2026-04-30 14:31:53 +08:00
wren acdcfeb0be fix: add /document-types to visible route whitelist and permission map 2026-04-30 14:27:06 +08:00
wren 283c8228b2 feat: add document-types route and permissions to admin seeds 2026-04-30 14:13:33 +08:00
wren e6e129c70e fix: parse date strings to date objects for asyncpg compatibility 2026-04-30 13:09:24 +08:00
wren 52c2bed4f9 feat: add document type CRUD with inline rule set binding 
- GET/POST /api/document-types, GET/PUT/DELETE /api/document-types/{id}
- DocumentTypeItemVO extended with description, entryModuleId,
  isEnabled, ruleSetIds
- Create/Update DTOs accept ruleSetIds array for automatic
  leaudit_rule_type_bindings sync (full replace on update)
- Soft delete cascades to rule_type_bindings
 2026-04-30 12:50:56 +08:00
wren 32f56f7bf6 docs: add document-type and rule-binding analysis and migration plan 2026-04-30 12:37:00 +08:00
wren 9e1b7a6de7 feat: add queue status endpoint for upload page 
GET /api/v2/system/queue/status returns counts of documents
by processing_status (waiting/processing) from leaudit_documents,
plus processing document IDs for the frontend progress display.
 2026-04-30 12:32:37 +08:00
wren 969c3aaf35 docs: add document upload/list API analysis and integration plan 2026-04-30 12:29:00 +08:00
wren 8f307aecba feat: add document-types endpoint and date/user filters to list 
- GET /api/document-types: returns {id, name, code} from
  leaudit_document_types, with optional ?ids=1,2,3 filter
- GET /api/documents/list: added userId, dateFrom, dateTo
  query params for filtering by uploading user and date range
 2026-04-30 12:28:55 +08:00
wren b6d7f154ad fix: enforce fine-grained read/write permissions on all rbac admin endpoints 
Previously only CreateRole/UpdateRole/DeleteRole checked specific
permission keys. Now every endpoint enforces its corresponding
permission:
  ListRoles/GetRoleRoutes/GetRolePermissions → rbac:roles:read
  ListUsers/ListRoleUsers/GetUserRoles       → rbac:users:read
  AssignUserRoles/RevokeUserRole             → rbac:user_roles:write
  UpdateRoleRoutes                           → rbac:role_routes:write
  SaveRolePermissions                        → rbac:role_permissions:write
  GetRoutePermissions                        → rbac:permissions:read
 2026-04-30 11:23:09 +08:00
wren ab31c808d7 fix: show permission display_name instead of key in 403 errors 
Previously _assertPermission raised "缺少权限: rbac:roles:delete".
Now it looks up the display_name from the permissions table and
shows "缺少「删除角色」权限".
 2026-04-30 11:18:06 +08:00
wren 292b18760c fix: add global exception handler for BusinessException 
BusinessException (and its subclass LeauditException) had no
FastAPI exception handler, so they escaped as unhandled 500s
even when carrying the correct status code (e.g. 403). Add a
handler that renders the status code and message as a proper
JSON response.
 2026-04-30 11:13:07 +08:00
wren c16bb841de fix: restrict area bypass to super_admin only 
Previously provincial_admin also skipped entry module area
filtering, making areas configuration meaningless for them.
Now only super_admin bypasses — provincial_admin and below
must match their area against the module's areas list.
 2026-04-30 10:58:37 +08:00
wren 33255e823f fix: enforce fine-grained rbac permissions on role CRUD endpoints 
Add _assertPermission() that checks role_permissions table for
specific permission keys (super_admin bypasses). Wire it into
CreateRole (rbac:roles:create), UpdateRole (rbac:roles:update),
and DeleteRole (rbac:roles:delete). Previously only the coarse
can_manage role check was enforced, making the permission grants
in role_permissions purely cosmetic for these endpoints.
 2026-04-30 10:36:38 +08:00