freedak/RiskAgent
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

数据隔离:销售只可见本人发起的评估(行级权限)

Browse Source 
- listPage 支持 assessorId 过滤;列表端点对已鉴权销售强制按 JWT.uid 过滤(防伪造)
- 看板历史与待办对销售按本人 user.id 过滤;风控/管理层仍可见全部
- 前端 fetchAssessmentsPage 支持 assessorId 参数
This commit is contained in:
freedakgmail
2026-06-13 19:36:28 +08:00
parent 8a1afb0c29
commit a3906fc1b6
4 changed files with 27 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
web/src/api/client.ts
+4
View File
@@ -425,6 +425,7 @@ export async function fetchAssessmentsPage(params: {
readonly status?: string;
readonly q?: string;
readonly archived?: 'active' | 'archived' | 'all';
readonly assessorId?: string;
}): Promise<AssessmentPage> {
const sp = new URLSearchParams();
sp.set('page', String(params.page));
@@ -438,6 +439,9 @@ export async function fetchAssessmentsPage(params: {
if (params.archived !== undefined && params.archived !== 'active') {
sp.set('archived', params.archived);
}
if (params.assessorId !== undefined && params.assessorId !== '') {
sp.set('assessorId', params.assessorId);
}
return request<AssessmentPage>('GET', `/api/assessments?${sp.toString()}`);
}
web/src/pages/Dashboard.tsx
+7 -4
View File
@@ -126,9 +126,12 @@ export function Dashboard(): JSX.Element {
return () => clearTimeout(t);
}, [searchInput]);
// 销售仅可见本人发起的评估(行级数据隔离);风控/管理层可见全部。
const scopeAssessorId = role === '商务/销售' ? user?.id : undefined;
const loadList = useCallback(() => {
setLoading(true);
fetchAssessmentsPage({ page, pageSize, status: statusFilter, q: search, archived: archivedView })
fetchAssessmentsPage({ page, pageSize, status: statusFilter, q: search, archived: archivedView, ...(scopeAssessorId !== undefined ? { assessorId: scopeAssessorId } : {}) })
.then((res) => {
setItems(res.items);
setTotal(res.total);
@@ -136,7 +139,7 @@ export function Dashboard(): JSX.Element {
})
.catch((err: unknown) => setError(err instanceof Error ? err.message : '加载失败'))
.finally(() => setLoading(false));
}, [page, pageSize, statusFilter, search, archivedView]);
}, [page, pageSize, statusFilter, search, archivedView, scopeAssessorId]);
useEffect(() => {
loadList();
@@ -146,7 +149,7 @@ export function Dashboard(): JSX.Element {
fetchSummary().then(setSummary).catch(() => undefined);
const todoStatus = TODO_STATUS[role];
if (todoStatus !== undefined) {
fetchAssessmentsPage({ page: 1, pageSize: 50, status: todoStatus })
fetchAssessmentsPage({ page: 1, pageSize: 50, status: todoStatus, ...(scopeAssessorId !== undefined ? { assessorId: scopeAssessorId } : {}) })
.then((res) => setTodoItems(res.items))
.catch(() => setTodoItems([]));
} else {
@@ -169,7 +172,7 @@ export function Dashboard(): JSX.Element {
} else {
setAssignments({});
}
}, [role, user?.username]);
}, [role, user?.username, user?.id, scopeAssessorId]);
/** 删除一条草稿并刷新草稿箱。 */
const removeDraft = useCallback(async (id: string): Promise<void> => {