fix(auth): 能源管理仅 BI-LEADER-ENERGY 可访问，移除全量权限旁路

与智能调度的口径一致：模块访问需要专属角色，全量权限角色不再自动通过。本地开发 dev mock 用户已含 BI-LEADER-ENERGY，调试不受影响。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-30 18:02:21 +08:00
parent 26f7d7ab3f
commit 6142af7617
1 changed files with 2 additions and 2 deletions
--- a/src/shared/auth/roles.ts
+++ b/src/shared/auth/roles.ts
@@ -28,8 +28,8 @@ export function canManageFeedback(roles: readonly string[] | null | undefined):
  return roles.some(r => FEEDBACK_ADMIN_ROLES.includes(r) || FULL_ACCESS_ROLES.includes(r));
 }

-/** 用户是否可访问能源管理模块。BI-LEADER-ENERGY 或全量权限角色可访问。 */
+/** 用户是否可访问能源管理模块。仅 BI-LEADER-ENERGY 角色允许访问。 */
 export function canAccessEnergy(roles: readonly string[] | null | undefined): boolean {
  if (!roles || roles.length === 0) return false;
-  return roles.some(r => ENERGY_ACCESS_ROLES.includes(r) || FULL_ACCESS_ROLES.includes(r));
+  return roles.some(r => ENERGY_ACCESS_ROLES.includes(r));
 }