0193e78f18
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
收紧准入:之前 FULL_ACCESS_ROLES(含 数智中心 / BI-Leader)会自动通过。 现在只接受 BI-LEADER-ENERGY 或「所有权限」两类角色。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
37 lines
1.6 KiB
TypeScript
37 lines
1.6 KiB
TypeScript
// Role constants and role-based access helpers shared between server (JWT
|
|
// issuance / API guards) and client (nav visibility / module gating).
|
|
|
|
/** 全量权限角色名 */
|
|
export const FULL_ACCESS_ROLES = ['所有权限', '数智中心', 'BI-Leader'];
|
|
|
|
/** 部门级权限角色名 */
|
|
export const DEPT_ACCESS_ROLES = ['BI-Leader-Dep'];
|
|
|
|
/** 智能调度模块访问角色 */
|
|
export const SCHEDULING_ACCESS_ROLES = ['BI-SCHEDULE-OPT'];
|
|
|
|
/** 反馈管理(管理员)访问角色 */
|
|
export const FEEDBACK_ADMIN_ROLES = ['BI-ADMIN-FEEDBACK'];
|
|
|
|
/** 能源管理模块访问角色 */
|
|
export const ENERGY_ACCESS_ROLES = ['BI-LEADER-ENERGY'];
|
|
|
|
/** 用户是否可访问智能调度模块。仅 BI-SCHEDULE-OPT 角色允许访问。 */
|
|
export function canAccessScheduling(roles: readonly string[] | null | undefined): boolean {
|
|
if (!roles || roles.length === 0) return false;
|
|
return roles.some(r => SCHEDULING_ACCESS_ROLES.includes(r));
|
|
}
|
|
|
|
/** 用户是否可管理反馈。仅 BI-ADMIN-FEEDBACK 或全量权限角色可访问。 */
|
|
export function canManageFeedback(roles: readonly string[] | null | undefined): boolean {
|
|
if (!roles || roles.length === 0) return false;
|
|
return roles.some(r => FEEDBACK_ADMIN_ROLES.includes(r) || FULL_ACCESS_ROLES.includes(r));
|
|
}
|
|
|
|
/** 用户是否可访问能源管理模块。仅 BI-LEADER-ENERGY 或「所有权限」可访问。 */
|
|
const ENERGY_FULL_ACCESS = '所有权限';
|
|
export function canAccessEnergy(roles: readonly string[] | null | undefined): boolean {
|
|
if (!roles || roles.length === 0) return false;
|
|
return roles.some(r => ENERGY_ACCESS_ROLES.includes(r) || r === ENERGY_FULL_ACCESS);
|
|
}
|