fix: enforce permission-aware navigation

This commit is contained in:
jxxghp
2026-06-09 21:45:51 +08:00
parent d0cac34d08
commit 4691d12faa
42 changed files with 483 additions and 239 deletions

View File

@@ -4,6 +4,20 @@ export interface UserPermissions {
search: boolean // 搜索权限
subscribe: boolean // 订阅权限
manage: boolean // 管理权限
admin?: boolean // 管理员权限,仅用于前端入口标识,实际由 is_superuser 决定
}
export type UserPermissionKey = keyof UserPermissions
export type UserPermissionContext = UserPermissions & { is_superuser?: boolean; [key: string]: unknown }
export type PermissionProtectedItem = { permission?: UserPermissionKey }
// 构造权限检查上下文,统一超级管理员标记与功能权限字段。
export function buildUserPermissionContext(isSuperuser: boolean, permissions: Partial<UserPermissions> = {}): UserPermissionContext {
return {
is_superuser: isSuperuser,
...DEFAULT_PERMISSIONS,
...permissions,
}
}
// 默认权限配置
@@ -12,6 +26,7 @@ export const DEFAULT_PERMISSIONS: UserPermissions = {
search: true,
subscribe: true,
manage: false,
admin: false,
}
// 管理员权限配置
@@ -20,44 +35,51 @@ export const ADMIN_PERMISSIONS: UserPermissions = {
search: true,
subscribe: true,
manage: true,
admin: true,
}
// 权限检查函数
export function hasPermission(userPermissions: any, permission: keyof UserPermissions): boolean {
export function hasPermission(userPermissions: any, permission: UserPermissionKey): boolean {
// 如果用户是超级用户,拥有所有权限
if (userPermissions?.is_superuser === true) {
return true
}
// admin 入口只允许超级管理员,不从普通用户 permissions 字段放行
if (permission === 'admin') {
return false
}
// 检查具体权限
const permissions = userPermissions || {}
return permissions[permission] === true
}
// 批量权限检查
export function hasAnyPermission(userPermissions: any, permissionList: (keyof UserPermissions)[]): boolean {
export function hasAnyPermission(userPermissions: any, permissionList: UserPermissionKey[]): boolean {
return permissionList.some(permission => hasPermission(userPermissions, permission))
}
// 检查是否有所有权限
export function hasAllPermissions(userPermissions: any, permissionList: (keyof UserPermissions)[]): boolean {
export function hasAllPermissions(userPermissions: any, permissionList: UserPermissionKey[]): boolean {
return permissionList.every(permission => hasPermission(userPermissions, permission))
}
// 统一检查带 permission 字段的入口,避免菜单、按钮、快捷入口各自实现判断。
export function hasItemPermission(item: PermissionProtectedItem, userPermissions: any): boolean {
if (!item.permission) {
return true
}
return hasPermission(userPermissions, item.permission)
}
// 根据权限过滤带 permission 字段的入口
export function filterItemsByPermission<T extends PermissionProtectedItem>(items: T[], userPermissions: any): T[] {
return items.filter(item => hasItemPermission(item, userPermissions))
}
// 根据权限过滤菜单项
export function filterMenusByPermission(menus: any[], userPermissions: any): any[] {
return menus.filter(menu => {
// 如果是超级用户,拥有所有权限
if (userPermissions?.is_superuser) {
return true
}
// 如果菜单没有权限要求,默认显示
if (!menu.permission) {
return true
}
// 检查用户是否拥有所需权限
return hasPermission(userPermissions, menu.permission)
})
return filterItemsByPermission(menus, userPermissions)
}