fix: tighten route permission guards

This commit is contained in:
wren
2026-05-06 20:06:41 +08:00
parent 8fcd79b608
commit e7bac9a33f
8 changed files with 409 additions and 70 deletions
+4
View File
@@ -84,6 +84,10 @@ function riskColor(risk: string): TagColor {
export async function loader({ request }: LoaderFunctionArgs) {
const url = new URL(request.url);
const { getUserSession } = await import("~/api/login/auth.server");
const { frontendJWT, userInfo } = await getUserSession(request);
const { requireRoutePermission } = await import("~/api/auth/check-route-permission.server");
await requireRoutePermission("/rulesTest/list", userInfo?.role || "", frontendJWT || undefined);
const requestedMainType = url.searchParams.get('mainType') || url.searchParams.get('ruleTypeName') || '';
const requestedSubtype = url.searchParams.get('subtype') || url.searchParams.get('documentAttributeType') || '';
const requestedRuleGroup = url.searchParams.get('ruleGroup') || url.searchParams.getAll('ruleGroups')[0] || '';