refactor(scheduling): gate access strictly on BI-SCHEDULE-OPT role
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Remove the implicit fallback that granted scheduling access to any FULL_ACCESS role (所有权限 / 数智中心 / BI-Leader). Access now requires an explicit BI-SCHEDULE-OPT assignment, so the module scope is managed purely via role assignment rather than piggy-backing on admin roles. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
kkfluous
@@ -10,10 +10,8 @@ export const DEPT_ACCESS_ROLES = ['BI-Leader-Dep'];
|
|||||||
/** 智能调度模块访问角色 */
|
/** 智能调度模块访问角色 */
|
||||||
export const SCHEDULING_ACCESS_ROLES = ['BI-SCHEDULE-OPT'];
|
export const SCHEDULING_ACCESS_ROLES = ['BI-SCHEDULE-OPT'];
|
||||||
|
|
||||||
/** 用户是否可访问智能调度模块。全量权限用户默认获得访问。 */
|
/** 用户是否可访问智能调度模块。仅 BI-SCHEDULE-OPT 角色允许访问。 */
|
||||||
export function canAccessScheduling(roles: readonly string[] | null | undefined): boolean {
|
export function canAccessScheduling(roles: readonly string[] | null | undefined): boolean {
|
||||||
if (!roles || roles.length === 0) return false;
|
if (!roles || roles.length === 0) return false;
|
||||||
return roles.some(r =>
|
return roles.some(r => SCHEDULING_ACCESS_ROLES.includes(r));
|
||||||
SCHEDULING_ACCESS_ROLES.includes(r) || FULL_ACCESS_ROLES.includes(r),
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user