iven/hms
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(health): 修复 5 角色深度测试发现的权限越权和告警端点缺失
Some checks failed
CI / security-audit (push) Has been cancelled
Details
CI / rust-check (push) Has been cancelled
Details
CI / rust-test (push) Has been cancelled
Details
CI / frontend-build (push) Has been cancelled
Details

Browse Source 
- auth: token_service 查询 role_permissions/user_roles 添加 deleted_at 过滤,
  修复软删除的权限仍被加载到 JWT 的越权漏洞
- health: 新增 GET /health/alerts/{id} 告警详情端点(含 handler + service + 路由)
- web: AlertList 操作按钮增加 active 状态判断,修复按钮不显示
- migration: 新增 000127 清理 doctor 角色多余的 health-data.manage/ai.analysis.manage
This commit is contained in:
iven
2026-05-07 13:51:16 +08:00
parent 85a7dacd16
commit 60dc4dba7a
7 changed files with 76 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
crates/erp-server/migration/src/lib.rs
View File

@@ -126,6 +126,7 @@ mod m20260505_000123_update_ai_prompts_system_instruction;
mod m20260505_000124_freeze_deferred_menus;
mod m20260506_000125_restructure_menus_and_roles;
mod m20260506_000126_fix_role_permissions_cleanup;
mod m20260507_000127_fix_doctor_extra_permissions;
pub struct Migrator;
@@ -259,6 +260,7 @@ impl MigratorTrait for Migrator {
Box::new(m20260505_000124_freeze_deferred_menus::Migration),
Box::new(m20260506_000125_restructure_menus_and_roles::Migration),
Box::new(m20260506_000126_fix_role_permissions_cleanup::Migration),
Box::new(m20260507_000127_fix_doctor_extra_permissions::Migration),
]
}
}