shishengliang/ln-bi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(scheduling): gate access strictly on BI-SCHEDULE-OPT role
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details

Browse Source 
Remove the implicit fallback that granted scheduling access to any
FULL_ACCESS role (所有权限 / 数智中心 / BI-Leader). Access now requires
an explicit BI-SCHEDULE-OPT assignment, so the module scope is managed
purely via role assignment rather than piggy-backing on admin roles.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
kkfluous
2026-04-17 15:50:48 +08:00
parent 0c258dd1a2
commit a472e543ce
1 changed files with 2 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/shared/auth/roles.ts
View File

@@ -10,10 +10,8 @@ export const DEPT_ACCESS_ROLES = ['BI-Leader-Dep'];
/** 智能调度模块访问角色 */
export const SCHEDULING_ACCESS_ROLES = ['BI-SCHEDULE-OPT'];
/** 用户是否可访问智能调度模块。全量权限用户默认获得访问。 */
/** 用户是否可访问智能调度模块。仅 BI-SCHEDULE-OPT 角色允许访问。 */
export function canAccessScheduling(roles: readonly string[] | null | undefined): boolean {
if (!roles || roles.length === 0) return false;
return roles.some(r =>
SCHEDULING_ACCESS_ROLES.includes(r) || FULL_ACCESS_ROLES.includes(r),
);
return roles.some(r => SCHEDULING_ACCESS_ROLES.includes(r));
}