From e6aaa18ceb81972931b7ad98336d5e50e07253a4 Mon Sep 17 00:00:00 2001 From: iven Date: Fri, 17 Apr 2026 10:38:05 +0800 Subject: [PATCH] =?UTF-8?q?fix(plugin):=20=E7=A7=BB=E9=99=A4=E6=9D=83?= =?UTF-8?q?=E9=99=90=20fallback=20=E2=80=94=20=E5=BF=85=E9=A1=BB=E6=98=BE?= =?UTF-8?q?=E5=BC=8F=E5=88=86=E9=85=8D=E5=AE=9E=E4=BD=93=E7=BA=A7=E6=9D=83?= =?UTF-8?q?=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 所有 7 个数据 handler 方法不再回退到 plugin.list/plugin.admin 粗粒度权限。现在必须为每个实体显式分配 {plugin}.{entity}.list 或 {plugin}.{entity}.manage 权限,否则返回 403。 --- crates/erp-plugin/src/handler/data_handler.rs | 28 +++++-------------- 1 file changed, 7 insertions(+), 21 deletions(-) diff --git a/crates/erp-plugin/src/handler/data_handler.rs b/crates/erp-plugin/src/handler/data_handler.rs index e224dc7..7427f27 100644 --- a/crates/erp-plugin/src/handler/data_handler.rs +++ b/crates/erp-plugin/src/handler/data_handler.rs @@ -47,9 +47,7 @@ where { let manifest_id = resolve_manifest_id(plugin_id, ctx.tenant_id, &state.db).await?; let fine_perm = compute_permission_code(&manifest_id, &entity, "list"); - if require_permission(&ctx, &fine_perm).is_err() { - require_permission(&ctx, "plugin.list")?; - } + require_permission(&ctx, &fine_perm)?; let page = params.page.unwrap_or(1); let page_size = params.page_size.unwrap_or(20); @@ -107,9 +105,7 @@ where { let manifest_id = resolve_manifest_id(plugin_id, ctx.tenant_id, &state.db).await?; let fine_perm = compute_permission_code(&manifest_id, &entity, "create"); - if require_permission(&ctx, &fine_perm).is_err() { - require_permission(&ctx, "plugin.admin")?; - } + require_permission(&ctx, &fine_perm)?; let result = PluginDataService::create( plugin_id, @@ -146,9 +142,7 @@ where { let manifest_id = resolve_manifest_id(plugin_id, ctx.tenant_id, &state.db).await?; let fine_perm = compute_permission_code(&manifest_id, &entity, "get"); - if require_permission(&ctx, &fine_perm).is_err() { - require_permission(&ctx, "plugin.list")?; - } + require_permission(&ctx, &fine_perm)?; let result = PluginDataService::get_by_id(plugin_id, &entity, id, ctx.tenant_id, &state.db).await?; @@ -179,9 +173,7 @@ where { let manifest_id = resolve_manifest_id(plugin_id, ctx.tenant_id, &state.db).await?; let fine_perm = compute_permission_code(&manifest_id, &entity, "update"); - if require_permission(&ctx, &fine_perm).is_err() { - require_permission(&ctx, "plugin.admin")?; - } + require_permission(&ctx, &fine_perm)?; let result = PluginDataService::update( plugin_id, @@ -220,9 +212,7 @@ where { let manifest_id = resolve_manifest_id(plugin_id, ctx.tenant_id, &state.db).await?; let fine_perm = compute_permission_code(&manifest_id, &entity, "delete"); - if require_permission(&ctx, &fine_perm).is_err() { - require_permission(&ctx, "plugin.admin")?; - } + require_permission(&ctx, &fine_perm)?; PluginDataService::delete( plugin_id, @@ -260,9 +250,7 @@ where { let manifest_id = resolve_manifest_id(plugin_id, ctx.tenant_id, &state.db).await?; let fine_perm = compute_permission_code(&manifest_id, &entity, "list"); - if require_permission(&ctx, &fine_perm).is_err() { - require_permission(&ctx, "plugin.list")?; - } + require_permission(&ctx, &fine_perm)?; // 解析 filter JSON let filter: Option = params @@ -306,9 +294,7 @@ where { let manifest_id = resolve_manifest_id(plugin_id, ctx.tenant_id, &state.db).await?; let fine_perm = compute_permission_code(&manifest_id, &entity, "list"); - if require_permission(&ctx, &fine_perm).is_err() { - require_permission(&ctx, "plugin.list")?; - } + require_permission(&ctx, &fine_perm)?; // 解析 filter JSON let filter: Option = params