From 647f86ec89a11ba7ad953940f78ec34b83f8ab76 Mon Sep 17 00:00:00 2001
From: hailin <hailin.zhao@gdzx.xyz>
Date: Tue, 23 Dec 2025 22:46:15 -0800
Subject: [PATCH] =?UTF-8?q?fix(authorization):=20=E6=9A=82=E6=97=B6?=
 =?UTF-8?q?=E7=A6=81=E6=AD=A2=E6=89=80=E6=9C=89=E7=94=A8=E6=88=B7=E6=9F=A5?=
 =?UTF-8?q?=E7=9C=8B=E7=A7=81=E5=AF=86=E8=B5=84=E6=96=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

由于系统尚未实现权限管理功能，暂时将 checkPrivateProfileAccess
始终返回 false，禁止所有用户查看其他用户的手机号、邮箱等隐私信息。

后续实现权限系统后可恢复原有逻辑。

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .../authorization-application.service.ts      | 34 ++++++++++---------
 1 file changed, 18 insertions(+), 16 deletions(-)

diff --git a/backend/services/authorization-service/src/application/services/authorization-application.service.ts b/backend/services/authorization-service/src/application/services/authorization-application.service.ts
index 7159e147..8fb514d8 100644
--- a/backend/services/authorization-service/src/application/services/authorization-application.service.ts
+++ b/backend/services/authorization-service/src/application/services/authorization-application.service.ts
@@ -3375,31 +3375,33 @@ export class AuthorizationApplicationService {
 
   /**
    * 检查用户是否有权限查看私密资料
-   * 规则：
+   *
+   * 注意：目前系统尚未实现权限管理功能，暂时禁止所有用户查看私密资料。
+   * 后续实现权限系统后，可以根据以下规则开放：
    * - 省区域公司(PROVINCE_COMPANY)可以查看
    * - 省团队(AUTH_PROVINCE_COMPANY)可以查看
    * - 市区域公司(CITY_COMPANY)可以查看
    * - 其他角色不能查看
    */
   private async checkPrivateProfileAccess(
-    requestAccountSequence: string,
+    _requestAccountSequence: string,
     _targetAccountSequence: string,
   ): Promise<boolean> {
-    // 获取请求者的授权
-    const requestorAuthorizations = await this.authorizationRepository.findByAccountSequence(requestAccountSequence)
+    // TODO: 权限系统实现后，取消下面的注释并启用权限检查
+    // const requestorAuthorizations = await this.authorizationRepository.findByAccountSequence(requestAccountSequence)
+    // const privilegedRoleTypes = [
+    //   RoleType.PROVINCE_COMPANY,
+    //   RoleType.AUTH_PROVINCE_COMPANY,
+    //   RoleType.CITY_COMPANY,
+    // ]
+    // return requestorAuthorizations.some(
+    //   (auth) =>
+    //     auth.status === AuthorizationStatus.AUTHORIZED &&
+    //     privilegedRoleTypes.includes(auth.roleType),
+    // )
 
-    // 检查是否有高级权限
-    const privilegedRoleTypes = [
-      RoleType.PROVINCE_COMPANY,
-      RoleType.AUTH_PROVINCE_COMPANY,
-      RoleType.CITY_COMPANY,
-    ]
-
-    return requestorAuthorizations.some(
-      (auth) =>
-        auth.status === AuthorizationStatus.AUTHORIZED &&
-        privilegedRoleTypes.includes(auth.roleType),
-    )
+    // 目前暂时禁止所有用户查看私密资料
+    return false
   }
 
   /**