fix(authorization): 暂时禁止所有用户查看私密资料
由于系统尚未实现权限管理功能,暂时将 checkPrivateProfileAccess 始终返回 false,禁止所有用户查看其他用户的手机号、邮箱等隐私信息。 后续实现权限系统后可恢复原有逻辑。 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
parent
27a4bbfbef
commit
647f86ec89
|
|
@ -3375,31 +3375,33 @@ export class AuthorizationApplicationService {
|
|||
|
||||
/**
|
||||
* 检查用户是否有权限查看私密资料
|
||||
* 规则:
|
||||
*
|
||||
* 注意:目前系统尚未实现权限管理功能,暂时禁止所有用户查看私密资料。
|
||||
* 后续实现权限系统后,可以根据以下规则开放:
|
||||
* - 省区域公司(PROVINCE_COMPANY)可以查看
|
||||
* - 省团队(AUTH_PROVINCE_COMPANY)可以查看
|
||||
* - 市区域公司(CITY_COMPANY)可以查看
|
||||
* - 其他角色不能查看
|
||||
*/
|
||||
private async checkPrivateProfileAccess(
|
||||
requestAccountSequence: string,
|
||||
_requestAccountSequence: string,
|
||||
_targetAccountSequence: string,
|
||||
): Promise<boolean> {
|
||||
// 获取请求者的授权
|
||||
const requestorAuthorizations = await this.authorizationRepository.findByAccountSequence(requestAccountSequence)
|
||||
// TODO: 权限系统实现后,取消下面的注释并启用权限检查
|
||||
// const requestorAuthorizations = await this.authorizationRepository.findByAccountSequence(requestAccountSequence)
|
||||
// const privilegedRoleTypes = [
|
||||
// RoleType.PROVINCE_COMPANY,
|
||||
// RoleType.AUTH_PROVINCE_COMPANY,
|
||||
// RoleType.CITY_COMPANY,
|
||||
// ]
|
||||
// return requestorAuthorizations.some(
|
||||
// (auth) =>
|
||||
// auth.status === AuthorizationStatus.AUTHORIZED &&
|
||||
// privilegedRoleTypes.includes(auth.roleType),
|
||||
// )
|
||||
|
||||
// 检查是否有高级权限
|
||||
const privilegedRoleTypes = [
|
||||
RoleType.PROVINCE_COMPANY,
|
||||
RoleType.AUTH_PROVINCE_COMPANY,
|
||||
RoleType.CITY_COMPANY,
|
||||
]
|
||||
|
||||
return requestorAuthorizations.some(
|
||||
(auth) =>
|
||||
auth.status === AuthorizationStatus.AUTHORIZED &&
|
||||
privilegedRoleTypes.includes(auth.roleType),
|
||||
)
|
||||
// 目前暂时禁止所有用户查看私密资料
|
||||
return false
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Reference in New Issue