fix(health): 修复 5 角色深度测试发现的权限越权和告警端点缺失

- auth: token_service 查询 role_permissions/user_roles 添加 deleted_at 过滤，修复软删除的权限仍被加载到 JWT 的越权漏洞 - health: 新增 GET /health/alerts/{id} 告警详情端点（含 handler + service + 路由） - web: AlertList 操作按钮增加 active 状态判断，修复按钮不显示 - migration: 新增 000127 清理 doctor 角色多余的 health-data.manage/ai.analysis.manage
2026-05-07 13:51:16 +08:00
parent 85a7dacd16
commit 60dc4dba7a
7 changed files with 76 additions and 1 deletions
--- a/apps/web/src/pages/health/AlertList.tsx
+++ b/apps/web/src/pages/health/AlertList.tsx
@@ -200,7 +200,7 @@ export default function AlertList() {
      render: (_: unknown, record: Alert) => (
        <AuthButton code="health.alerts.manage">
          <Space size={4}>
-            {record.status === 'pending' && (
+            {(record.status === 'pending' || record.status === 'active') && (
              <Popconfirm
                title="确认处理该告警？"
                onConfirm={() => handleAcknowledge(record)}
@@ -218,6 +218,7 @@ export default function AlertList() {
              </Popconfirm>
            )}
            {(record.status === 'pending' ||
+              record.status === 'active' ||
              record.status === 'acknowledged') && (
              <Popconfirm
                title="确认忽略该告警？"