web/src/utils/accessControl.js

export const DEFAULT_APP_VIEW_ORDER = [
  'overview',
  'workbench',
  'requests',
  'approval',
  'chat',
  'policies',
  'audit',
  'employees',
  'settings'
]

const ALWAYS_VISIBLE_VIEWS = new Set(['workbench', 'requests', 'chat', 'policies'])
const VIEW_ROLE_RULES = {
  overview: ['finance', 'executive'],
  approval: ['approver'],
  audit: ['auditor'],
  employees: ['manager'],
  settings: ['manager']
}

function normalizedRoleCodes(user) {
  if (!user) {
    return []
  }

  return Array.isArray(user.roleCodes) ? user.roleCodes.filter(Boolean) : []
}

export function isManagerUser(user) {
  return Boolean(user?.isAdmin) || normalizedRoleCodes(user).includes('manager')
}

export function canAccessAppView(user, viewId) {
  if (!viewId || !user) {
    return false
  }

  if (isManagerUser(user)) {
    return true
  }

  if (ALWAYS_VISIBLE_VIEWS.has(viewId)) {
    return true
  }

  const requiredRoles = VIEW_ROLE_RULES[viewId] || []
  const roleCodes = normalizedRoleCodes(user)
  return requiredRoles.some((roleCode) => roleCodes.includes(roleCode))
}

export function getAccessibleViewIds(user) {
  return DEFAULT_APP_VIEW_ORDER.filter((viewId) => canAccessAppView(user, viewId))
}

export function filterNavItemsByAccess(navItems, user) {
  return navItems.filter((item) => canAccessAppView(user, item.id))
}

export function resolveDefaultAuthorizedRoute(user) {
  const firstVisibleView = getAccessibleViewIds(user)[0]
  return { name: `app-${firstVisibleView || 'workbench'}` }
}
feat: add auth module with login and access control 2026-05-07 14:34:42 +08:00			`export const DEFAULT_APP_VIEW_ORDER = [`
			`'overview',`
			`'workbench',`
			`'requests',`
			`'approval',`
			`'chat',`
			`'policies',`
			`'audit',`
feat: add settings page with navigation and access control updates 2026-05-07 15:55:23 +08:00			`'employees',`
			`'settings'`
feat: add auth module with login and access control 2026-05-07 14:34:42 +08:00			`]`

feat: 完善系统配置、安全增强与知识库功能 - .env.example: API基础路径改为相对路径 /api/v1，支持代理转发 - README.md: 完善项目结构与启动说明文档 - docker-compose.yml: 新增Docker编排配置，支持容器化部署 - docker/: 新增Docker部署相关文档与配置 - server_start.sh: 重构启动脚本，添加容器环境检测、隔离虚拟环境路径、环境变量覆盖机制 - deps.py: 完善API依赖注入，增强权限验证逻辑 - admin_secret.py: 优化管理员密钥加密存储与验证 - config.py: 扩展配置管理，支持多环境变量绑定 - security.py: 增强安全模块，完善加密与认证机制 - db/base.py: 优化数据库基础架构与连接管理 - main.py: 更新应用入口，整合新模块路由 - models/: 完善系统模型配置，支持模型设置持久化 - repositories/settings.py: 优化设置仓储层，增强数据持久化 - services/settings.py: 重构设置服务，精简代码结构 - router.py: 更新API路由配置 - endpoints/knowledge.py: 新增知识库API端点 - schemas/knowledge.py: 新增知识库数据模型 - services/knowledge.py: 新增知识库业务逻辑 - storage/knowledge/.index.json: 知识库索引存储 - api.js: 完善API服务层，增强错误处理 - bootstrap.js: 优化前端初始化与引导流程 - useSetupView.js / useSystemState.js: 重构组合式函数 - TopBar.vue: 优化顶部导航栏组件 - SettingsView.vue: 重构设置页面UI，增强用户体验 - SetupView.vue / SetupRouteView.vue: 完善引导流程页面 - PoliciesView.vue: 优化策略视图组件 - vite.config.js: 更新Vite构建配置 - web_start.sh: 完善前端启动脚本 - views/scripts/: 优化各业务视图JS逻辑 - settings-view.css: 重构设置页面样式 - setup-view.css: 完善引导页样式 - policies-view.css: 优化策略页样式 - test_auth_service.py: 完善认证服务测试 - test_settings_persistence.py: 增强设置持久化测试 - document/: 新增开发文档与工作日志 2026-05-09 03:04:09 +00:00			`const ALWAYS_VISIBLE_VIEWS = new Set(['workbench', 'requests', 'chat', 'policies'])`
feat: add auth module with login and access control 2026-05-07 14:34:42 +08:00			`const VIEW_ROLE_RULES = {`
			`overview: ['finance', 'executive'],`
			`approval: ['approver'],`
			`audit: ['auditor'],`
feat: add settings page with navigation and access control updates 2026-05-07 15:55:23 +08:00			`employees: ['manager'],`
			`settings: ['manager']`
feat: add auth module with login and access control 2026-05-07 14:34:42 +08:00			`}`

			`function normalizedRoleCodes(user) {`
			`if (!user) {`
			`return []`
			`}`

			`return Array.isArray(user.roleCodes) ? user.roleCodes.filter(Boolean) : []`
			`}`

			`export function isManagerUser(user) {`
			`return Boolean(user?.isAdmin) \|\| normalizedRoleCodes(user).includes('manager')`
			`}`

			`export function canAccessAppView(user, viewId) {`
			`if (!viewId \|\| !user) {`
			`return false`
			`}`

			`if (isManagerUser(user)) {`
			`return true`
			`}`

			`if (ALWAYS_VISIBLE_VIEWS.has(viewId)) {`
			`return true`
			`}`

			`const requiredRoles = VIEW_ROLE_RULES[viewId] \|\| []`
			`const roleCodes = normalizedRoleCodes(user)`
			`return requiredRoles.some((roleCode) => roleCodes.includes(roleCode))`
			`}`

			`export function getAccessibleViewIds(user) {`
			`return DEFAULT_APP_VIEW_ORDER.filter((viewId) => canAccessAppView(user, viewId))`
			`}`

			`export function filterNavItemsByAccess(navItems, user) {`
			`return navItems.filter((item) => canAccessAppView(user, item.id))`
			`}`

			`export function resolveDefaultAuthorizedRoute(user) {`
			`const firstVisibleView = getAccessibleViewIds(user)[0]`
			return { name: `app-${firstVisibleView \|\| 'workbench'}` }
			`}`