ln-bi

Author	SHA1	Message	Date
kkfluous	0193e78f18	fix(auth): 能源管理仅 BI-LEADER-ENERGY 与「所有权限」可访问 All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details 收紧准入：之前 FULL_ACCESS_ROLES（含数智中心 / BI-Leader）会自动通过。现在只接受 BI-LEADER-ENERGY 或「所有权限」两类角色。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-30 18:16:42 +08:00
kkfluous	2a851fc243	feat(auth): 能源管理放开全量权限角色访问 All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details BI-LEADER-ENERGY 之外，FULL_ACCESS_ROLES（所有权限/数智中心/BI-Leader）也可访问能源管理模块。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-30 18:03:05 +08:00
kkfluous	6142af7617	fix(auth): 能源管理仅 BI-LEADER-ENERGY 可访问，移除全量权限旁路 All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details 与智能调度的口径一致：模块访问需要专属角色，全量权限角色不再自动通过。本地开发 dev mock 用户已含 BI-LEADER-ENERGY，调试不受影响。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-30 18:02:21 +08:00
kkfluous	26f7d7ab3f	feat(auth): 能源管理模块需要 BI-LEADER-ENERGY 角色 All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details - 新增 ENERGY_ACCESS_ROLES 与 canAccessEnergy(roles) 守卫（全量权限角色亦可访问） - 后端 /api/energy/* 加模块级守卫：无角色返回 403 - 前端 App.tsx 按角色动态注入 EnergyModule，无权限时主导航不显示 - dev mock 用户（前端 + 后端）追加 BI-LEADER-ENERGY 便于本地调试 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-30 17:55:29 +08:00
kkfluous	1a3d48b2d1	feat(feedback): 反馈 FAB 菜单加「反馈管理」入口，BI-ADMIN-FEEDBACK 角色可见 All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details - shared/auth/roles 新增 FEEDBACK_ADMIN_ROLES = ['BI-ADMIN-FEEDBACK'] + canManageFeedback() helper（含 FULL_ACCESS_ROLES 兜底） - FeedbackFab 菜单：在「我的反馈」下方加分割线 + 紫色 ⚙ 图标的「反馈管理」仅 canManageFeedback 为 true 时渲染，跳到 #/admin/feedback - 后端守卫：GET /api/feedback/list 与 PATCH /api/feedback/:id 加角色判断无权限返回 403。/mine /submit /upload 仍对全部登录用户开放。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-30 14:20:45 +08:00
kkfluous	a472e543ce	refactor(scheduling): gate access strictly on BI-SCHEDULE-OPT role All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details Remove the implicit fallback that granted scheduling access to any FULL_ACCESS role (所有权限 / 数智中心 / BI-Leader). Access now requires an explicit BI-SCHEDULE-OPT assignment, so the module scope is managed purely via role assignment rather than piggy-backing on admin roles. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-17 15:50:48 +08:00
kkfluous	200172f0af	feat(scheduling): role-based access + align list count with qualifiedCount All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details - Gate 智能调度 module on BI-SCHEDULE-OPT role (or full-access roles) via shared canAccessScheduling helper, replacing hardcoded userId allowlist - Thread roles[] through JWT payload → middleware → frontend nav - Add router guard that 403s non-authorized users on /api/scheduling/* - Emit replace_qualified suggestion for every qualified vehicle so list count matches the 已完成考核目标 card; recalc qualifiedCount / hopelessCount post-permission-filter for card↔list consistency Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-17 15:42:21 +08:00

7 Commits