feat(connection): 支持生产连接多项保护策略

- 新增数据编辑、结构编辑、脚本执行和数据导入四类连接级保护配置
- 升级生产连接保护弹窗为多选卡片,并修复选项对齐与勾选态显示
- 按保护类型收口 QueryEditor、DataGrid、表设计、导入与同步目标入口
- 后端统一拦截 SQL 或 Mongo 写操作、结果编辑、结构变更和导入写入
- AI 本地工具与 RPC 执行链路透传连接保护配置并复用后端守卫
- 补充多语言文案、定向测试与需求追踪记录
This commit is contained in:
Syngnat
2026-06-23 17:42:54 +08:00
parent b0a9a995fb
commit adacf0b5c5
35 changed files with 1184 additions and 160 deletions

View File

@@ -751,8 +751,22 @@
"connection_modal.field.defaultDatabase.placeholder": "Например: appdb",
"connection_modal.field.serviceName.placeholder": "Например: ORCLPDB1",
"connection_modal.field.readOnly.label": "Защита прод-подключения",
"connection_modal.field.readOnly.help": "Если включено, для этого подключения разрешены только запросы. Импорт, изменения схемы, запись данных и использование как цели синхронизации будут запрещены.",
"connection_modal.field.readOnly.checkbox": "Пометить это подключение как production и разрешить только запросы",
"connection_modal.field.readOnly.help": "Select only the restrictions you need for result editing, structure changes, script execution, and import or sync flows.",
"connection_modal.field.readOnly.status.enabledCount": "{{count}} restrictions enabled",
"connection_modal.field.readOnly.status.disabled": "No restrictions",
"connection_modal.field.readOnly.compatibility": "Selecting all options matches the legacy query-only production guard.",
"connection_modal.field.readOnly.option.dataEdit.label": "Restrict data edits",
"connection_modal.field.readOnly.option.dataEdit.help": "Block result-grid edits, bulk clear actions, and message publishing writes on this connection.",
"connection_modal.field.readOnly.option.structureEdit.label": "Restrict structure edits",
"connection_modal.field.readOnly.option.structureEdit.help": "Block create, rename, and drop object actions, and open the table designer in read-only mode.",
"connection_modal.field.readOnly.option.scriptExecution.label": "Restrict script execution",
"connection_modal.field.readOnly.option.scriptExecution.help": "Block mutating SQL statements and MongoDB commands from the query editor.",
"connection_modal.field.readOnly.option.dataImport.label": "Restrict data import",
"connection_modal.field.readOnly.option.dataImport.help": "Block file import, bulk load, and using this connection as a sync target.",
"connection_modal.field.readOnly.summary.title": "Current policy",
"connection_modal.field.readOnly.summary.selected": "{{count}} restrictions are enabled. Unchecked abilities still behave like a normal connection.",
"connection_modal.field.readOnly.summary.empty": "When no restriction is selected, this connection behaves like a normal connection.",
"connection_modal.field.readOnly.tip": "Recommended for production, standby, and governed databases. These restrictions only affect GoNavi behavior for the current connection and do not modify server-side permissions.",
"connection_modal.field.clickHouseProtocol.auto": "Авто",
"connection_modal.field.oceanBaseProtocol.label": "Протокол OceanBase",
"connection_modal.field.oceanBaseProtocol.help.primary": "Для арендаторов MySQL выберите MySQL, для арендаторов Oracle выберите Oracle. GoNavi автоматически выбирает режим по порту: для порта OB MySQL wire используется внедрение возможностей OBClient (тот же путь, что и в Navicat), для порта OBProxy Oracle listener используется стандартный TNS.",
@@ -1517,6 +1531,8 @@
"connection_modal.config_section.customDsn.description": "Настройте Пользовательский DSN.",
"connection_modal.config_section.jvmRuntime.title": "Среда JVM",
"connection_modal.config_section.jvmRuntime.description": "Настройте Среда JVM.",
"connection_modal.section.readOnly.title": "Защита прод-подключения",
"connection_modal.section.readOnly.description": "Choose the high-risk production restrictions you want instead of forcing a single read-only switch.",
"connection_modal.field.password": "Пароль",
"sidebar.menu.refresh": "Обновить",
"sidebar.search.scope.object": "Объект",