From 143c1a57bbd88712bfebea3bf7e9bbc8e790f252 Mon Sep 17 00:00:00 2001
From: kkfluous <kkfluous@kdemacbook-air.local>
Date: Thu, 2 Apr 2026 16:48:29 +0800
Subject: [PATCH] =?UTF-8?q?debug:=20=E6=B7=BB=E5=8A=A0=E6=9D=83=E9=99=90?=
 =?UTF-8?q?=E8=BF=87=E6=BB=A4=E6=97=A5=E5=BF=97=E5=AE=9A=E4=BD=8D=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/server/routes/vehicles.ts | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/server/routes/vehicles.ts b/src/server/routes/vehicles.ts
index 6c2a6d5..0f08623 100644
--- a/src/server/routes/vehicles.ts
+++ b/src/server/routes/vehicles.ts
@@ -312,8 +312,15 @@ async function getVehicles(): Promise<Vehicle[]> {
 
 async function getVehiclesForUser(c: Context): Promise<Vehicle[]> {
   const all = await getVehicles();
-  const user = c.get('user') as AuthUser | undefined;
-  return user ? filterByPermission(all, user) : all;
+  // Hono 子路由 context 可能丢失变量，尝试多种方式获取
+  const user = ((c as any).get?.('user') || (c as any).var?.user) as AuthUser | undefined;
+  if (user) {
+    const filtered = filterByPermission(all, user);
+    console.log(`[vehicles] permission: ${user.permissionLevel}, user: ${user.userName}, before: ${all.length}, after: ${filtered.length}`);
+    return filtered;
+  }
+  console.log('[vehicles] WARNING: no user in context, returning all');
+  return all;
 }
 
 function getRegionCounts(vehicles: Vehicle[], regions: readonly string[]): Record<string, number> {