shishengliang/ln-bi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(feedback): 反馈 FAB 菜单加「反馈管理」入口,BI-ADMIN-FEEDBACK 角色可见
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details

Browse Source 
- shared/auth/roles 新增 FEEDBACK_ADMIN_ROLES = ['BI-ADMIN-FEEDBACK']
  + canManageFeedback() helper(含 FULL_ACCESS_ROLES 兜底)
- FeedbackFab 菜单:在「我的反馈」下方加分割线 + 紫色 ⚙ 图标的「反馈管理」
  仅 canManageFeedback 为 true 时渲染,跳到 #/admin/feedback
- 后端守卫:GET /api/feedback/list 与 PATCH /api/feedback/:id 加角色判断
  无权限返回 403。/mine /submit /upload 仍对全部登录用户开放。

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
kkfluous
2026-04-30 14:20:45 +08:00
parent c5541fbbf5
commit 1a3d48b2d1
4 changed files with 39 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/server/routes/feedback/index.ts
View File

@@ -2,6 +2,7 @@ import { Hono } from 'hono';
import type { ResultSetHeader, RowDataPacket } from 'mysql2';
import pool from '../../db.js';
import type { AuthUser } from '../../auth/types.js';
import { canManageFeedback } from '../../auth/types.js';
import { uploadFeedbackImage } from './oss.js';
const app = new Hono();
@@ -127,9 +128,13 @@ app.get('/mine', async (c) => {
return c.json({ items: rows });
});
// GET /api/feedback/list — 管理列表(含全部反馈
// GET /api/feedback/list — 管理列表(仅 BI-ADMIN-FEEDBACK / 全量权限
app.get('/list', async (c) => {
await ensureTable();
const user = (c as { get?: (k: string) => unknown }).get?.('user') as AuthUser | undefined;
if (!canManageFeedback(user?.roles)) {
return c.json({ ok: false, message: '无权限' }, 403);
}
const limit = Math.min(500, Math.max(1, Number(c.req.query('limit')) || 100));
const status = c.req.query('status') || '';
const where: string[] = ['1=1'];
@@ -150,9 +155,13 @@ app.get('/list', async (c) => {
return c.json({ items: rows });
});
// PATCH /api/feedback/:id — 管理:更新状态与回复
// PATCH /api/feedback/:id — 管理:更新状态与回复(仅 BI-ADMIN-FEEDBACK / 全量权限)
app.patch('/:id', async (c) => {
await ensureTable();
const user = (c as { get?: (k: string) => unknown }).get?.('user') as AuthUser | undefined;
if (!canManageFeedback(user?.roles)) {
return c.json({ ok: false, message: '无权限' }, 403);
}
const id = Number(c.req.param('id'));
if (!Number.isFinite(id) || id <= 0) return c.json({ ok: false, message: 'id 不合法' }, 400);
const body = await c.req.json().catch(() => ({})) as { status?: string; reply?: string };