fix:bug
All checks were successful
构建并部署前端到测试环境 / build-and-deploy (push) Successful in 1m5s

This commit is contained in:
sexygoat
2026-05-14 09:50:34 +08:00
parent 7f15843da0
commit f9fe76ff99
28 changed files with 1440 additions and 2518 deletions

View File

@@ -0,0 +1,25 @@
# Change: Update agent asset action button permissions
## Why
The login response already returns button-level permission codes, but the agent asset list still renders IoT card and device action buttons without using those codes. This leaves action visibility disconnected from backend authorization and makes button exposure inconsistent with the authenticated session.
## What Changes
- Define agent asset-list behavior for consuming button permission codes returned from `POST /api/auth/login`
- Require each IoT card action button and device action button in the agent asset list to be bound to an explicit H5 permission code:
- IoT卡停机`asset:card_stop_h5`
- IoT卡复机`asset:card_start_h5`
- 设备停机:`asset:device_stop_h5`
- 设备复机:`asset:device_start_h5`
- Hide action buttons when the current session does not contain the corresponding permission code
- Keep asset status text and detail-page entry visible even when action buttons are hidden
## Impact
- Affected specs:
- `agent-asset-list`
- Affected code:
- `src/api/auth.ts`
- `src/pages/common/login/index.vue`
- `src/pages/agent-system/assets/index.vue`

View File

@@ -0,0 +1,46 @@
## ADDED Requirements
### Requirement: Agent Asset Action Buttons SHALL Respect Session Button Permissions
The agent asset list SHALL use the backend-provided button permission codes from the authenticated session to determine whether IoT card and device action buttons are rendered. The page SHALL use the following H5-specific permission-code mapping:
- IoT卡停机`asset:card_stop_h5`
- IoT卡复机`asset:card_start_h5`
- 设备停机:`asset:device_stop_h5`
- 设备复机:`asset:device_start_h5`
#### Scenario: Login response returns button permission codes
- **WHEN** `POST /api/auth/login` succeeds
- **THEN** the frontend SHALL treat the response `buttons` array as the source of button-level permissions for the authenticated session
- **AND** the session data used by the agent asset list SHALL preserve those button permission codes
#### Scenario: Asset action has its mapped H5 permission code and the code is present
- **WHEN** an IoT card or device action button in the agent asset list has one of the mapped H5 permission codes
- **AND** that permission code exists in the current session `buttons` array
- **THEN** the corresponding action button SHALL be rendered
#### Scenario: Asset action has its mapped H5 permission code and the code is absent
- **WHEN** an IoT card or device action button in the agent asset list has one of the mapped H5 permission codes
- **AND** that permission code does not exist in the current session `buttons` array
- **THEN** the corresponding action button SHALL NOT be rendered
#### Scenario: Session includes only a subset of asset action permissions
- **WHEN** the current session `buttons` array contains permission codes for only some of the asset actions
- **THEN** only the matching asset action buttons SHALL be shown
- **AND** non-matching asset action buttons SHALL remain hidden
#### Scenario: Session includes unrelated button codes
- **WHEN** the current session `buttons` array includes unrelated button codes such as `device:clear_series`
- **THEN** no asset action button SHALL become visible unless its own mapped H5 permission code is also present
#### Scenario: Action permissions are absent but the list item remains accessible
- **WHEN** the current session does not grant any asset action button permissions for a list item
- **THEN** the asset status text SHALL still be shown
- **AND** the detail-page entry affordance for the list item SHALL remain available
- **AND** the page SHALL NOT render placeholder or disabled action buttons in place of the hidden ones

View File

@@ -0,0 +1,16 @@
## 1. Spec
- [x] 1.1 Review `docs/权限按钮.md` and confirm the login response is the source of button permission codes
- [x] 1.2 Add OpenSpec proposal, tasks, and `agent-asset-list` delta spec for action-button permissions
- [x] 1.3 Validate the new change with strict OpenSpec validation
## 2. Implementation
- [x] 2.1 Extend login response typing and session persistence for the backend-provided `buttons` array
- [x] 2.2 Define explicit H5 permission-code mapping for agent asset-list IoT card and device action buttons:
- `asset:card_stop_h5`
- `asset:card_start_h5`
- `asset:device_stop_h5`
- `asset:device_start_h5`
- [x] 2.3 Gate asset-list action-button rendering by the current session button permissions
- [x] 2.4 Verify card and device action visibility for sessions with and without matching button permission codes

View File

@@ -29,6 +29,5 @@ The current agent-side asset experience exposes too much low-value information,
- `agent-asset-detail`
- Affected code:
- `src/pages/agent-system/assets/index.vue`
- `src/pages/agent-system/asset-search/index.vue`
- `src/pages/agent-system/asset-detail/index.vue`
- `src/api/assets.ts`

View File

@@ -49,8 +49,7 @@ This project is a Uni-app based agent and enterprise management frontend for IoT
- Asset identifiers may be ICCID or VirtualNo depending on the resource and entry point.
- Agent-side pages currently include:
- asset list: `src/pages/agent-system/assets/index.vue`
- asset search/detail: `src/pages/agent-system/asset-search/index.vue`
- secondary asset detail page: `src/pages/agent-system/asset-detail/index.vue`
- asset detail: `src/pages/agent-system/asset-detail/index.vue`
- Package display and realtime status are important parts of the asset detail experience.
## Important Constraints