fix(health): 客户试用前全局审计修复 — P0 权限旁路 + API 路径 + 事件注册
P0 阻塞修复:
- 修复 PrivateRoute 权限旁路: p.startsWith('auth.') 匹配不到任何权限码,
改为基于实际权限码的路由级检查 (user.manage/role.manage/organization.manage)
- 修复 deviceReadings API 路径: /patients/{id}/device-readings/daily 改为
/vital-signs/daily?patient_id=, 消除 404
P1 重要修复:
- 补全事件注册表: 新增 auth(11) + config(8) + workflow(4) + plugin(2) = 25 条
- article_article_tag 联表新增 tenant_id + deleted_at + 审计列 (迁移 107)
- vital_signs_hourly 新增 deleted_at 支持软删除过滤 (迁移 108)
- 6 个页面添加权限守卫 (AlertDashboard/AlertRuleList/DeviceManage/
AiAnalysisList/AiUsageDashboard)
- DialysisModule 声明 auth 依赖
This commit is contained in:
iven
@@ -68,9 +68,16 @@ function PrivateRoute({ children }: { children: React.ReactNode }) {
|
||||
|
||||
// 路由级权限检查:如果用户对某个模块完全没有权限,重定向到首页
|
||||
const path = window.location.hash.replace('#', '');
|
||||
if (path.startsWith('/users') || path.startsWith('/roles') || path.startsWith('/organizations')) {
|
||||
const hasAuthAccess = permissions.some((p) => p.startsWith('auth.'));
|
||||
if (!hasAuthAccess) return <Navigate to="/" replace />;
|
||||
const routePermissions: Record<string, string[]> = {
|
||||
'/users': ['user.list', 'user.manage'],
|
||||
'/roles': ['role.list', 'role.manage'],
|
||||
'/organizations': ['organization.list', 'organization.manage'],
|
||||
};
|
||||
const matchedPrefix = Object.keys(routePermissions).find((prefix) => path.startsWith(prefix));
|
||||
if (matchedPrefix) {
|
||||
const required = routePermissions[matchedPrefix];
|
||||
const hasAccess = permissions.some((p) => required.some((r) => p === r || p.startsWith(r.split('.')[0] + '.')));
|
||||
if (!hasAccess) return <Navigate to="/" replace />;
|
||||
}
|
||||
|
||||
return <>{children}</>;
|
||||
|
||||
Reference in New Issue
Block a user