fix: allow admin role to edit in role-permissions page

Previously only provincial_admin could edit roles/permissions in
the UI. Now admin (city-level admin) role can also edit. The
backend already enforces fine-grained permission checks, so the
UI gate just needs to match can_manage semantics.
This commit is contained in:
wren
2026-04-30 11:36:11 +08:00
parent 55e2c6993f
commit e2ae791fa2
+16 -16
View File
@@ -948,7 +948,7 @@ export default function RolePermissions() {
// v3.3: 检查当前用户角色和地区 // v3.3: 检查当前用户角色和地区
const [currentUserRole, setCurrentUserRole] = useState(''); const [currentUserRole, setCurrentUserRole] = useState('');
const [currentUserArea, setCurrentUserArea] = useState(''); const [currentUserArea, setCurrentUserArea] = useState('');
const [isProvincialAdmin, setIsProvincialAdmin] = useState(false); const [canEdit, setCanEdit] = useState(false);
const [isCityAdmin, setIsCityAdmin] = useState(false); const [isCityAdmin, setIsCityAdmin] = useState(false);
// 模态框状态 // 模态框状态
@@ -1029,13 +1029,13 @@ export default function RolePermissions() {
setCurrentUserRole(userRole); setCurrentUserRole(userRole);
setCurrentUserArea(userArea); setCurrentUserArea(userArea);
setIsProvincialAdmin(userRole === 'provincial_admin'); setCanEdit((userRole === 'provincial_admin' || userRole === 'admin'));
setIsCityAdmin(userRole === 'admin'); setIsCityAdmin(userRole === 'admin');
console.log('🔑 [RolePermissions v3.3] 当前用户信息:', { console.log('🔑 [RolePermissions v3.3] 当前用户信息:', {
role: userRole, role: userRole,
area: userArea, area: userArea,
isProvincialAdmin: userRole === 'provincial_admin', canEdit: (userRole === 'provincial_admin' || userRole === 'admin'),
isCityAdmin: userRole === 'admin' isCityAdmin: userRole === 'admin'
}); });
} catch (e) { } catch (e) {
@@ -1569,14 +1569,14 @@ export default function RolePermissions() {
} }
}; };
// 保存权限 - v3.3: 同时保存路由权限和API权限,仅省级管理员可操作 // 保存权限 - 省级管理员和地区管理员可操作
// v3.5: 增加事务性操作和回滚机制 // v3.5: 增加事务性操作和回滚机制
const handleSavePermissions = async () => { const handleSavePermissions = async () => {
if (!selectedRole) return; if (!selectedRole) return;
// v3.3: 前置权限检查(省级管理员) // 前置权限检查(省级管理员和地区管理员
if (!isProvincialAdmin) { if (!canEdit) {
toastService.error('权限不足:仅省级管理员可以修改角色路由权限'); toastService.error('权限不足:仅省级管理员和地区管理员可以修改角色路由权限');
return; return;
} }
@@ -1593,7 +1593,7 @@ export default function RolePermissions() {
// v3.3: 处理权限不足错误 // v3.3: 处理权限不足错误
if (!routeResult.success) { if (!routeResult.success) {
if (routeResult.code === 4003) { if (routeResult.code === 4003) {
toastService.error('权限不足:仅省级管理员可以修改角色路由权限'); toastService.error('权限不足:仅省级管理员和地区管理员可以修改角色路由权限');
} else { } else {
toastService.error(routeResult.message); toastService.error(routeResult.message);
} }
@@ -1741,7 +1741,7 @@ export default function RolePermissions() {
checked={selectedPermissionIds.includes(permission.id)} checked={selectedPermissionIds.includes(permission.id)}
onChange={(e) => handleTogglePermission(permission, e.target.checked)} onChange={(e) => handleTogglePermission(permission, e.target.checked)}
style={{ margin: '3px 0 0 0', flexShrink: 0 }} style={{ margin: '3px 0 0 0', flexShrink: 0 }}
disabled={!isProvincialAdmin} disabled={!canEdit}
/> />
{isShared && ( {isShared && (
<span <span
@@ -1831,7 +1831,7 @@ export default function RolePermissions() {
} }
}} }}
className="route-checkbox" className="route-checkbox"
disabled={!isProvincialAdmin} disabled={!canEdit}
/> />
<label htmlFor={`route-${route.id}`} className="route-label"> <label htmlFor={`route-${route.id}`} className="route-label">
{route.icon && <i className={`${route.icon} route-icon`}></i>} {route.icon && <i className={`${route.icon} route-icon`}></i>}
@@ -1877,7 +1877,7 @@ export default function RolePermissions() {
} }
}} }}
className="route-checkbox" className="route-checkbox"
disabled={!isProvincialAdmin} disabled={!canEdit}
/> />
<label htmlFor={`route-${route.id}`} className="route-label"> <label htmlFor={`route-${route.id}`} className="route-label">
{route.icon && <i className={`${route.icon} route-icon`}></i>} {route.icon && <i className={`${route.icon} route-icon`}></i>}
@@ -1963,7 +1963,7 @@ export default function RolePermissions() {
type="primary" type="primary"
icon="ri-add-line" icon="ri-add-line"
onClick={() => setShowCreateModal(true)} onClick={() => setShowCreateModal(true)}
disabled={!isProvincialAdmin} disabled={!canEdit}
> >
</Button> </Button>
@@ -2058,11 +2058,11 @@ export default function RolePermissions() {
<div className="permissions-tab"> <div className="permissions-tab">
{/* v3.8: 固定头部区域 */} {/* v3.8: 固定头部区域 */}
<div className="permissions-tab-header"> <div className="permissions-tab-header">
{/* v3.3: 权限提示(省级管理员可修改) */} {/* 权限提示(省级管理员和地区管理员可修改) */}
{!isProvincialAdmin && ( {!canEdit && (
<div className="form-notice warning" style={{ marginBottom: '12px' }}> <div className="form-notice warning" style={{ marginBottom: '12px' }}>
<i className="ri-information-line"></i> <i className="ri-information-line"></i>
<span></span> <span></span>
</div> </div>
)} )}
<div className="permissions-header"> <div className="permissions-header">
@@ -2097,7 +2097,7 @@ export default function RolePermissions() {
type="primary" type="primary"
icon={savingPermissions ? "ri-loader-4-line spin" : "ri-save-line"} icon={savingPermissions ? "ri-loader-4-line spin" : "ri-save-line"}
onClick={handleSavePermissions} onClick={handleSavePermissions}
disabled={!isProvincialAdmin || savingPermissions} disabled={!canEdit || savingPermissions}
> >
{savingPermissions ? '保存中...' : '保存菜单与接口权限'} {savingPermissions ? '保存中...' : '保存菜单与接口权限'}
</Button> </Button>