fix: tighten route permission guards

This commit is contained in:
wren
2026-05-06 20:06:41 +08:00
parent 8fcd79b608
commit e7bac9a33f
8 changed files with 409 additions and 70 deletions
+11 -37
View File
@@ -1024,14 +1024,24 @@ function buildFallbackRoutes(roleKey: string): {
const mappedRoleKey = mapUserRoleToRoleKey(roleKey);
const fallbackMenus = FALLBACK_MENU_DATA[mappedRoleKey] || FALLBACK_MENU_DATA.common;
const permissionMap: Record<string, string[]> = {};
const safeFallbackMenus = stripDisallowedFallbackRoutes(fallbackMenus);
return {
success: true,
data: normalizeMenuStructure(fallbackMenus.filter(item => isMinimalMenuPath(item.path))),
data: normalizeMenuStructure(safeFallbackMenus.filter(item => isMinimalMenuPath(item.path))),
permissionMap,
};
}
function stripDisallowedFallbackRoutes(menuItems: MenuItem[]): MenuItem[] {
return menuItems
.filter((item) => item.path !== '/rule-groups')
.map((item) => ({
...item,
children: item.children ? stripDisallowedFallbackRoutes(item.children) : undefined,
}));
}
function isLegacyRuleSetsMenu(path: string | undefined): boolean {
return path === '/rules/sets';
}
@@ -1059,41 +1069,5 @@ function normalizeMenuStructure(menuItems: MenuItem[]): MenuItem[] {
const dedupedTopLevelItems = clonedMenuItems.filter(item => !nestedPathSet.has(item.path));
const ruleManagement = dedupedTopLevelItems.find(item => item.path === '/rules');
const systemSettings = dedupedTopLevelItems.find(item => item.path === '/settings');
const syntheticRuleGroupsMenu: MenuItem = {
id: 'rule-groups',
title: '规则组导航',
path: '/rule-groups',
icon: 'ri-folder-open-line',
order: 1,
};
let ruleGroupsMenu: MenuItem = syntheticRuleGroupsMenu;
if (ruleManagement?.children?.length) {
const ruleGroupIndex = ruleManagement.children.findIndex(child => child.path === '/rule-groups');
if (ruleGroupIndex !== -1) {
const [existingRuleGroupsMenu] = ruleManagement.children.splice(ruleGroupIndex, 1);
ruleGroupsMenu = existingRuleGroupsMenu;
ruleManagement.children = ruleManagement.children
.map((child, index) => ({ ...child, order: index + 1 }))
.sort((a, b) => a.order - b.order);
}
}
if (!systemSettings) {
return dedupedTopLevelItems;
}
const settingsChildren = systemSettings.children ? [...systemSettings.children] : [];
if (!settingsChildren.some(child => child.path === '/rule-groups')) {
settingsChildren.unshift({ ...ruleGroupsMenu, order: 1 });
}
systemSettings.children = settingsChildren
.map((child, index) => ({ ...child, order: index + 1 }))
.sort((a, b) => a.order - b.order);
return dedupedTopLevelItems;
}