feat(scheduling): enable department/personal permission filtering
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
- Disable BYPASS_AUTH (was true, now false) — backend enforces JWT auth - Scheduling suggestions filtered by department/manager permissions: - full: see all suggestions - department: see only own department's vehicles - personal: see only own managed vehicles - Candidate vehicles (inventory) remain fully visible to all - Summary recalculated after permission filtering - Consistent with mileage module permission model Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
kkfluous
@@ -5,7 +5,7 @@ import type { JwtPayload, AuthUser } from './types.js';
|
||||
const JWT_SECRET = process.env.JWT_SECRET || 'ln-bi-default-secret';
|
||||
|
||||
// 临时:跳过所有认证(保留完整逻辑便于快速恢复)
|
||||
const BYPASS_AUTH = true;
|
||||
const BYPASS_AUTH = false;
|
||||
|
||||
export async function authMiddleware(c: Context, next: Next) {
|
||||
const path = c.req.path;
|
||||
|
||||
Reference in New Issue
Block a user