feat(scheduling): role-based access + align list count with qualifiedCount
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
- Gate 智能调度 module on BI-SCHEDULE-OPT role (or full-access roles) via shared canAccessScheduling helper, replacing hardcoded userId allowlist - Thread roles[] through JWT payload → middleware → frontend nav - Add router guard that 403s non-authorized users on /api/scheduling/* - Emit replace_qualified suggestion for every qualified vehicle so list count matches the 已完成考核目标 card; recalc qualifiedCount / hopelessCount post-permission-filter for card↔list consistency Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
kkfluous
19
src/shared/auth/roles.ts
Normal file
19
src/shared/auth/roles.ts
Normal file
@@ -0,0 +1,19 @@
|
||||
// Role constants and role-based access helpers shared between server (JWT
|
||||
// issuance / API guards) and client (nav visibility / module gating).
|
||||
|
||||
/** 全量权限角色名 */
|
||||
export const FULL_ACCESS_ROLES = ['所有权限', '数智中心', 'BI-Leader'];
|
||||
|
||||
/** 部门级权限角色名 */
|
||||
export const DEPT_ACCESS_ROLES = ['BI-Leader-Dep'];
|
||||
|
||||
/** 智能调度模块访问角色 */
|
||||
export const SCHEDULING_ACCESS_ROLES = ['BI-SCHEDULE-OPT'];
|
||||
|
||||
/** 用户是否可访问智能调度模块。全量权限用户默认获得访问。 */
|
||||
export function canAccessScheduling(roles: readonly string[] | null | undefined): boolean {
|
||||
if (!roles || roles.length === 0) return false;
|
||||
return roles.some(r =>
|
||||
SCHEDULING_ACCESS_ROLES.includes(r) || FULL_ACCESS_ROLES.includes(r),
|
||||
);
|
||||
}
|
||||
Reference in New Issue
Block a user