q792602257/DataMate
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): harden confidential knowledge access checks and sensitivity filtering

Browse Source
This commit is contained in:
Jerry Yan
2026-02-09 17:09:34 +08:00
parent 71f8f7d1c3
commit 2f8645a011
19 changed files with 383 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
scripts/db/zz-auth-init.sql
View File

@@ -99,7 +99,8 @@ VALUES ('perm-dm-read', 'module:data-management:read', '数据管理读取', 'da
('perm-content-use', 'module:content-generation:use', '内容生成功能使用', 'content-generation', 'use', '/api/content-generation/**', 'POST,PUT,PATCH', 1, 1),
('perm-user-manage', 'system:user:manage', '用户管理', 'system', 'manage-user', '/api/auth/users/**', 'GET,POST,PUT,PATCH,DELETE', 1, 1),
('perm-role-manage', 'system:role:manage', '角色管理', 'system', 'manage-role', '/api/auth/roles/**', 'GET,POST,PUT,PATCH,DELETE', 1, 1),
('perm-perm-manage', 'system:permission:manage', '权限管理', 'system', 'manage-permission', '/api/auth/permissions/**', 'GET,POST,PUT,PATCH,DELETE', 1, 1);
('perm-perm-manage', 'system:permission:manage', '权限管理', 'system', 'manage-permission', '/api/auth/permissions/**', 'GET,POST,PUT,PATCH,DELETE', 1, 1),
('perm-km-view-confidential', 'knowledge:view-confidential', '允许查看保密知识', 'knowledge-management', 'view-confidential', '', '', 1, 1);
-- 管理员拥有所有权限
INSERT IGNORE INTO t_auth_role_permissions (role_id, permission_id)