14 KiB
14 KiB
权限列表
本文档列出DocAuditAI系统中所有权限及其对应的操作。
权限键格式
权限键格式:{module}:{resource}:{action}
- module: 模块名称(如document, system, evaluation)
- resource: 资源名称(如document, user, role)
- action: 操作类型(view, create, update, delete等)
文档管理模块 (document)
| 权限键 | 说明 | 对应操作 |
|---|---|---|
| document:document:view | 查看文档 | GET /postgrest/documents |
| document:document:create | 创建文档 | POST /postgrest/documents |
| document:document:update | 更新文档 | PATCH /postgrest/documents |
| document:document:delete | 删除文档 | DELETE /postgrest/documents |
| document:type:view | 查看文档类型 | GET /postgrest/document_types |
| document:type:create | 创建文档类型 | POST /postgrest/document_types |
| document:type:update | 更新文档类型 | PATCH /postgrest/document_types |
| document:type:delete | 删除文档类型 | DELETE /postgrest/document_types |
| document:metadata:view | 查看文档元数据 | GET /postgrest/document_metadata |
| document:metadata:create | 创建文档元数据 | POST /postgrest/document_metadata |
| document:metadata:update | 更新文档元数据 | PATCH /postgrest/document_metadata |
| document:metadata:delete | 删除文档元数据 | DELETE /postgrest/document_metadata |
评查管理模块 (evaluation)
| 权限键 | 说明 | 对应操作 |
|---|---|---|
| evaluation:result:view | 查看评查结果 | GET /postgrest/evaluation_results |
| evaluation:result:create | 创建评查结果 | POST /postgrest/evaluation_results |
| evaluation:result:update | 更新评查结果 | PATCH /postgrest/evaluation_results |
| evaluation:result:delete | 删除评查结果 | DELETE /postgrest/evaluation_results |
| evaluation:point:view | 查看评查点 | GET /postgrest/evaluation_points |
| evaluation:point:create | 创建评查点 | POST /postgrest/evaluation_points |
| evaluation:point:update | 更新评查点 | PATCH /postgrest/evaluation_points |
| evaluation:point:delete | 删除评查点 | DELETE /postgrest/evaluation_points |
| evaluation:category:view | 查看评查点分类 | GET /postgrest/evaluation_point_categories |
| evaluation:category:create | 创建评查点分类 | POST /postgrest/evaluation_point_categories |
| evaluation:category:update | 更新评查点分类 | PATCH /postgrest/evaluation_point_categories |
| evaluation:category:delete | 删除评查点分类 | DELETE /postgrest/evaluation_point_categories |
| evaluation:rule:view | 查看评查规则 | GET /postgrest/evaluation_rules |
| evaluation:rule:create | 创建评查规则 | POST /postgrest/evaluation_rules |
| evaluation:rule:update | 更新评查规则 | PATCH /postgrest/evaluation_rules |
| evaluation:rule:delete | 删除评查规则 | DELETE /postgrest/evaluation_rules |
交叉评查模块 (crossreview)
| 权限键 | 说明 | 对应操作 |
|---|---|---|
| crossreview:task:view | 查看交叉评查任务 | GET /postgrest/cross_examination_tasks |
| crossreview:task:create | 创建交叉评查任务 | POST /postgrest/cross_examination_tasks |
| crossreview:task:update | 更新交叉评查任务 | PATCH /postgrest/cross_examination_tasks |
| crossreview:task:delete | 删除交叉评查任务 | DELETE /postgrest/cross_examination_tasks |
| crossreview:mapping:view | 查看任务文档映射 | GET /postgrest/cross_task_document_mapping |
| crossreview:mapping:create | 创建任务文档映射 | POST /postgrest/cross_task_document_mapping |
| crossreview:mapping:update | 更新任务文档映射 | PATCH /postgrest/cross_task_document_mapping |
| crossreview:mapping:delete | 删除任务文档映射 | DELETE /postgrest/cross_task_document_mapping |
| crossreview:proposal:view | 查看评分提案 | GET /postgrest/cross_scoring_proposals |
| crossreview:proposal:create | 创建评分提案 | POST /postgrest/cross_scoring_proposals |
| crossreview:proposal:update | 更新评分提案 | PATCH /postgrest/cross_scoring_proposals |
| crossreview:proposal:delete | 删除评分提案 | DELETE /postgrest/cross_scoring_proposals |
| crossreview:vote:view | 查看提案投票 | GET /postgrest/cross_proposal_votes |
| crossreview:vote:create | 创建提案投票 | POST /postgrest/cross_proposal_votes |
| crossreview:vote:update | 更新提案投票 | PATCH /postgrest/cross_proposal_votes |
| crossreview:vote:delete | 删除提案投票 | DELETE /postgrest/cross_proposal_votes |
系统管理模块 (system)
| 权限键 | 说明 | 对应操作 |
|---|---|---|
| system:user:view | 查看用户 | GET /postgrest/sso_users |
| system:user:create | 创建用户 | POST /postgrest/sso_users |
| system:user:update | 更新用户 | PATCH /postgrest/sso_users |
| system:user:delete | 删除用户 | DELETE /postgrest/sso_users |
| system:role:view | 查看角色 | GET /postgrest/roles |
| system:role:create | 创建角色 | POST /postgrest/roles |
| system:role:update | 更新角色 | PATCH /postgrest/roles |
| system:role:delete | 删除角色 | DELETE /postgrest/roles |
| system:route:view | 查看系统路由 | GET /postgrest/sys_routes |
| system:route:create | 创建系统路由 | POST /postgrest/sys_routes |
| system:route:update | 更新系统路由 | PATCH /postgrest/sys_routes |
| system:route:delete | 删除系统路由 | DELETE /postgrest/sys_routes |
| system:user_role:view | 查看用户-角色关联 | GET /postgrest/user_role |
| system:user_role:create | 创建用户-角色关联 | POST /postgrest/user_role |
| system:user_role:update | 更新用户-角色关联 | PATCH /postgrest/user_role |
| system:user_role:delete | 删除用户-角色关联 | DELETE /postgrest/user_role |
| system:role_route:view | 查看角色-路由关联 | GET /postgrest/role_route |
| system:role_route:create | 创建角色-路由关联 | POST /postgrest/role_route |
| system:role_route:update | 更新角色-路由关联 | PATCH /postgrest/role_route |
| system:role_route:delete | 删除角色-路由关联 | DELETE /postgrest/role_route |
| system:permission:view | 查看权限定义 | GET /postgrest/permissions |
| system:permission:create | 创建权限定义 | POST /postgrest/permissions |
| system:permission:update | 更新权限定义 | PATCH /postgrest/permissions |
| system:permission:delete | 删除权限定义 | DELETE /postgrest/permissions |
| system:role_permission:view | 查看角色-权限关联 | GET /postgrest/role_permissions |
| system:role_permission:create | 创建角色-权限关联 | POST /postgrest/role_permissions |
| system:role_permission:update | 更新角色-权限关联 | PATCH /postgrest/role_permissions |
| system:role_permission:delete | 删除角色-权限关联 | DELETE /postgrest/role_permissions |
| system:user_permission:view | 查看用户-权限关联 | GET /postgrest/user_permissions |
| system:user_permission:create | 创建用户-权限关联 | POST /postgrest/user_permissions |
| system:user_permission:update | 更新用户-权限关联 | PATCH /postgrest/user_permissions |
| system:user_permission:delete | 删除用户-权限关联 | DELETE /postgrest/user_permissions |
| system:data_rule:view | 查看数据权限规则 | GET /postgrest/data_permission_rules |
| system:data_rule:create | 创建数据权限规则 | POST /postgrest/data_permission_rules |
| system:data_rule:update | 更新数据权限规则 | PATCH /postgrest/data_permission_rules |
| system:data_rule:delete | 删除数据权限规则 | DELETE /postgrest/data_permission_rules |
| system:audit_log:view | 查看审计日志 | GET /postgrest/permission_audit_logs |
| system:audit_log:create | 创建审计日志 | POST /postgrest/permission_audit_logs |
| system:audit_log:update | 更新审计日志 | PATCH /postgrest/permission_audit_logs |
| system:audit_log:delete | 删除审计日志 | DELETE /postgrest/permission_audit_logs |
| system:jwt_token:view | 查看JWT Token | GET /postgrest/jwt_tokens |
| system:jwt_token:create | 创建JWT Token | POST /postgrest/jwt_tokens |
| system:jwt_token:update | 更新JWT Token | PATCH /postgrest/jwt_tokens |
| system:jwt_token:delete | 删除JWT Token | DELETE /postgrest/jwt_tokens |
报表统计模块 (report)
| 权限键 | 说明 | 对应操作 |
|---|---|---|
| report:summary:view | 查看统计汇总 | GET /postgrest/statistics_summary |
| report:summary:create | 创建统计汇总 | POST /postgrest/statistics_summary |
| report:summary:update | 更新统计汇总 | PATCH /postgrest/statistics_summary |
| report:summary:delete | 删除统计汇总 | DELETE /postgrest/statistics_summary |
预定义角色及其权限
1. 系统管理员
拥有所有权限(71个权限)
2. 文档管理员
- document:document:view
- document:document:create
- document:document:update
- document:document:delete
- document:type:view
- document:type:create
- document:type:update
- document:type:delete
- document:metadata:view
- document:metadata:create
- document:metadata:update
- document:metadata:delete
3. 文档审查员
- document:document:view
- document:document:update
- evaluation:result:view
- evaluation:result:create
- evaluation:result:update
- evaluation:point:view
4. 交叉评查管理员
- crossreview:task:view
- crossreview:task:create
- crossreview:task:update
- crossreview:task:delete
- crossreview:mapping:view
- crossreview:mapping:create
- crossreview:mapping:update
- crossreview:mapping:delete
- crossreview:proposal:view
- crossreview:proposal:create
- crossreview:proposal:update
- crossreview:vote:view
- crossreview:vote:create
- crossreview:vote:update
5. 交叉评查参与者
- crossreview:task:view
- crossreview:mapping:view
- crossreview:proposal:view
- crossreview:proposal:create
- crossreview:vote:view
- crossreview:vote:create
6. 评价点管理员
- evaluation:point:view
- evaluation:point:create
- evaluation:point:update
- evaluation:point:delete
- evaluation:category:view
- evaluation:category:create
- evaluation:category:update
- evaluation:category:delete
- evaluation:rule:view
- evaluation:rule:create
- evaluation:rule:update
- evaluation:rule:delete
7. 报表查看员
- report:summary:view
- document:document:view
- evaluation:result:view
8. 普通用户
- document:document:view
- document:type:view
- evaluation:point:view
- evaluation:category:view
9. 审计员
- system:audit_log:view
- document:document:view
- evaluation:result:view
- crossreview:task:view
前端权限控制示例
示例1:按钮权限控制
<template>
<!-- 只有拥有document:document:delete权限的用户才能看到删除按钮 -->
<button v-permission="'document:document:delete'" @click="deleteDoc">
删除文档
</button>
<!-- 只有系统管理员才能看到 -->
<button v-role="'系统管理员'" @click="showAdminPanel">
管理面板
</button>
</template>
示例2:菜单权限控制
// 菜单配置(根据权限动态生成)
const menuConfig = [
{
name: '文档管理',
permission: 'document:document:view',
children: [
{ name: '文档列表', permission: 'document:document:view', path: '/documents' },
{ name: '新建文档', permission: 'document:document:create', path: '/documents/new' }
]
},
{
name: '评查管理',
permission: 'evaluation:point:view',
children: [
{ name: '评查点配置', permission: 'evaluation:point:view', path: '/evaluation/points' },
{ name: '评查结果', permission: 'evaluation:result:view', path: '/evaluation/results' }
]
},
{
name: '系统管理',
role: '系统管理员', // 只有系统管理员才能看到
children: [
{ name: '用户管理', permission: 'system:user:view', path: '/system/users' },
{ name: '角色管理', permission: 'system:role:view', path: '/system/roles' }
]
}
];
// 过滤菜单(根据用户权限)
function filterMenuByPermission(menu, userPermissions, userRoles) {
return menu.filter(item => {
// 检查角色
if (item.role && !userRoles.includes(item.role)) {
return false;
}
// 检查权限
if (item.permission && !userPermissions.includes(item.permission)) {
return false;
}
// 递归过滤子菜单
if (item.children) {
item.children = filterMenuByPermission(item.children, userPermissions, userRoles);
}
return true;
});
}
示例3:路由守卫
// router.js
import { createRouter, createWebHistory } from 'vue-router';
const router = createRouter({
history: createWebHistory(),
routes: [
{
path: '/documents',
component: DocumentList,
meta: { permission: 'document:document:view' }
},
{
path: '/system/users',
component: UserManagement,
meta: { role: '系统管理员' }
}
]
});
// 全局路由守卫
router.beforeEach((to, from, next) => {
const userInfo = JSON.parse(localStorage.getItem('user_info') || '{}');
// 检查角色
if (to.meta.role && !userInfo.roles?.includes(to.meta.role)) {
alert('无权访问此页面');
next('/');
return;
}
// 检查权限(简化版,实际应维护权限列表)
if (to.meta.permission) {
// TODO: 检查用户是否有该权限
}
next();
});
注意事项
-
权限检查由后端强制执行 即使前端绕过权限控制,后端也会拒绝无权请求。
-
前端权限控制是为了提升用户体验 隐藏用户无权操作的按钮和菜单,避免用户点击后被拒绝。
-
定期同步权限列表 登录时从后端获取用户的完整权限列表,存储到前端状态管理中。
-
角色权限继承 用户通过角色继承权限,也可以直接分配权限(优先级高于角色)。