TanWenyan/leaudit-platform-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add proposal create/vote/delete and document complete permissions to common role #1

Merged
TanWenyan merged 1 commits from fix/cross-review-common-permissions into main 2026-05-13 15:02:59 +08:00
Conversation 0 Commits 1 Files Changed 1
+5 -1
TanWenyan commented 2026-05-13 15:02:44 +08:00
Owner
Copy Link
Copy Source

背景

交叉评查详情页中"提出意见""赞同/反对""完成评查"等按钮在 common 角色下全部不渲染,因为种子 SQL 只给 common 授予了只读权限(task:read / progress:view / document:read),缺少以下 4 个操作权限:

  • cross_review:proposal:create
  • cross_review:proposal:delete
  • cross_review:proposal:vote
  • cross_review:document:complete

改动内容

seed_cross_review_phase1_permissions.sql 中给 common 角色追加 4 个操作权限:

权限 key 用途 原来 现在
cross_review:proposal:create 提出意见按钮
cross_review:proposal:delete 撤销意见按钮
cross_review:proposal:vote 赞同/反对/撤销投票
cross_review:document:complete 完成评查按钮

数据库变更

已直连执行,common 角色当前拥有全部 8 个 cross_review:* 权限。

影响范围

  • 交叉评查详情页操作按钮在 common 角色下可见
  • proposal:deletedocument:complete 有额外的业务层校验(发起人才可撤销意见、isProposer 才可完成评查),不存在越权风险
## 背景 交叉评查详情页中"提出意见""赞同/反对""完成评查"等按钮在 `common` 角色下全部不渲染,因为种子 SQL 只给 `common` 授予了只读权限(task:read / progress:view / document:read),缺少以下 4 个操作权限: - `cross_review:proposal:create` - `cross_review:proposal:delete` - `cross_review:proposal:vote` - `cross_review:document:complete` ## 改动内容 在 `seed_cross_review_phase1_permissions.sql` 中给 `common` 角色追加 4 个操作权限: | 权限 key | 用途 | 原来 | 现在 | |---------|------|------|------| | `cross_review:proposal:create` | 提出意见按钮 | ❌ | ✅ | | `cross_review:proposal:delete` | 撤销意见按钮 | ❌ | ✅ | | `cross_review:proposal:vote` | 赞同/反对/撤销投票 | ❌ | ✅ | | `cross_review:document:complete` | 完成评查按钮 | ❌ | ✅ | ## 数据库变更 已直连执行,`common` 角色当前拥有全部 8 个 `cross_review:*` 权限。 ## 影响范围 - 交叉评查详情页操作按钮在 `common` 角色下可见 - `proposal:delete` 和 `document:complete` 有额外的业务层校验(发起人才可撤销意见、isProposer 才可完成评查),不存在越权风险
TanWenyan added 1 commit 2026-05-13 15:02:44 +08:00
fix: add proposal create/vote/delete and document complete permissions to common role 01b02da685
TanWenyan merged commit eb5acc8da9 into main 2026-05-13 15:02:59 +08:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
Compat/Breaking
Breaking change that won't be backward compatible
 Kind/Bug
Something is not working
 Kind/Documentation
Documentation changes
 Kind/Enhancement
Improve existing functionality
 Kind/Feature
New functionality
 Kind/Security
This is security issue
 Kind/Testing
Issue or pull request related to testing
Priority
Critical
1
The priority is critical
Priority
High
2
The priority is high
Priority
Low
4
The priority is low
Priority
Medium
3
The priority is medium
Reviewed
Confirmed
1
Issue has been confirmed
Reviewed
Duplicate
2
This issue or pull request already exists
Reviewed
Invalid
3
Invalid issue
Reviewed
Won't Fix
3
This issue won't be fixed
Status
Abandoned
3
Somebody has started to work on this but abandoned work
Status
Blocked
1
Something is blocking this issue or pull request
Status
Need More Info
2
Feedback is required to reproduce issue or to continue work
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
jandejang TanWenyan
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: TanWenyan/leaudit-platform-backend#1
Delete Branch "fix/cross-review-common-permissions"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?