feat(user,permission): add BWP toggle and business button control (#813)#830
Merged
Conversation
…rentUser hook, remove projectDirector enum - Redux store (user slice): add businessWritePermission boolean field with default true, add updateBusinessWritePermission action, read from API response in useUserInfo hook - useCurrentUser hook: return businessWritePermission from store, remove projectDirector from userRoles computation - enum: remove SystemRole.projectDirector and OpPermissionTypeUid.project_director - permissionManifest.ts: remove projectDirector from PROJECT_MANAGER IMPORT/EXPORT/CREATE roles - SystemRoleTagList: remove project_director color case Refs: dms-ee#813
…Director removal - Add businessWritePermission to user store test initial state and all assertions - Add test case for updateBusinessWritePermission action - Remove SystemRole.projectDirector from all test userRoles objects - Update mockCurrentUserReturn: replace project_director with system_administrator, remove projectDirector from userRoles, add businessWritePermission - Update SystemRoleTagList test: remove project_director test case Refs: dms-ee#813
…panels - Add BWP Switch control in UserForm, visible when role is system_administrator or when editing admin account - Switch defaults to true (on), resets to true when role switches back to system_administrator - UpdateUser submits business_write_permission field, reads initial value from API response using safe type assertion (API types not yet regenerated) - AddUser submits business_write_permission field for new users - Non-system-administrator roles force business_write_permission=true on submit - Add zh-CN/en-US i18n keys for BWP label and description text
…orkbench entry - Create useBusinessWritePermission hook for shared BWP disable check - Workflow detail: disable approve/reject/exec buttons when BWP=false - Data export detail: disable approve/reject/export buttons when BWP=false - Structure comparison: disable execute comparison and generate SQL buttons when BWP=false - CloudBeaver: disable jump to workbench button and auto-redirect when BWP=false - Operation logs viewing remains accessible when BWP=false
…moval - useBusinessWritePermission hook: 5 table-driven test cases (admin/sysAdmin/normal user with BWP on/off) - Enum removal: 2 tests verifying projectDirector removed from SystemRole and permissionManifest - UserForm BWP Switch: 5 tests (show/hide by role, admin always shows, role switch reset, default value) - CloudBeaver BWP: 2 tests (button disabled, auto-redirect blocked when BWP=false) - Mock utility: add mockUseBusinessWritePermission for test reuse
…or removal - UpdateUser test: add business_write_permission:true to expected API call - useUserInfo test: update dispatch count for new BWP dispatch action - Project test: fix role mock to use systemAdministrator instead of removed projectDirector - usePermission snapshot: regenerate after projectDirector removal from permission manifest - UserList snapshot: regenerate after project_director tag color removal
…tor role
The BWP (business write permission) switch was defaulting to OFF (false)
when first selecting "系统管理员" in the add user panel, violating AC-1.2.7
which requires it to default to ON (true).
Root cause: the condition `prevUid !== undefined` in UserForm prevented
setFieldValue('businessWritePermission', true) from firing on the first
role selection (prevUid starts as undefined). Removed the guard so the
default-ON logic triggers on any transition to system_administrator,
including the initial selection.
Updated AddUser test to expect business_write_permission: true in the
API payload (already sent by AddUser component for non-sysadmin roles).
…sibility 1. UserForm: skip BWP reset to true on initial form load (prevUid===undefined), so editing a user with BWP=off correctly shows the switch as off. 2. Permission system: add businessWrite flag to PermissionDetail type and mark business write actions (create workflow, create export, clone, batch close) in permission manifest. When BWP is off for admin/sysAdmin, checkActionPermission skips role-based and is_admin shortcuts for businessWrite actions, while preserving project-level permission checks (projectManager, dbServicePermission). Fixes #813
…perations when BWP=off Switch from blacklist to whitelist strategy: mark ~60 actions across DATA_MASKING, SQL_EXEC_WORKFLOW, SQL_MANAGEMENT, VERSION_MANAGEMENT, SQL_MANAGEMENT_CONF, SQL_AUDIT, SQL_OPTIMIZATION, PIPELINE_CONFIGURATION, DATA_SOURCE_COMPARISON, PLUGIN_AUDIT, PROVISION, DB_SERVICE.CREATE_AUDIT_PLAN with businessWrite: true. Only project-config operations (datasource CRUD, member, workflow template, push rule, whitelist, exception) remain allowed when BWP is off. Also simplify checkActionPermission to immediately return false when businessWrite=true and isBusinessWriteDisabled, removing skipAdminCheck from checkDbServicePermission. Issue: #813
…hide admin role selector 1. Admin user edit: hide platform role selector for admin since admin is always a system administrator (issue #813 fix-1) 2. BWP=off button behavior: change from hiding buttons (via permissions returning false) to disabling them (via buttonProps.disabled=true) to preserve page structure per AC-1.8.1~AC-1.8.4 requirements. - Remove BWP check from checkActionPermission (controls visibility) - Add checkActionDisabledByBWP function (controls disabled state) - Update parse2TableActionPermissions and parse2TableToolbarActionPermissions to set disabled on buttons - Update PermissionControl to clone children with disabled=true when BWP blocks but role/permissions pass
…ist actions Wire up BWP disabled check for edit/delete/lock buttons in the version management table, so these buttons are properly disabled (not hidden) when BWP=off.
…elf immediately - useBusinessWritePermission: when BWP=off, check if user is project manager in the current project (bindProjects.is_manager). If yes, isBusinessWriteDisabled returns false so project-scoped business buttons remain usable (AC-1.4.3/AC-1.8.5). Hook is safe outside project routes: projectID='' means no override. - UpdateUser: after successful self-update, call updateUserInfo() to refresh Redux store immediately so BWP changes take effect without page reload (fix-4.3). - Add test cases for project-level permission override scenarios. Closes #813
… project_name The hook previously only matched bindProjects entries by project_id, which failed when the URL route param contained the project name (e.g. "default") instead of the numeric UID (e.g. "700300"). Now find() checks both project_id and project_name to handle both navigation patterns. Fixes project admin BWP override not taking effect (AC-1.4.3, AC-1.8.5).
…813) - SqlAuditTags: disable add-tag button and tag closable when BWP is off - AuditResultList EditText: render plain text instead of editable when BWP is off - StageNode: disable addExistingWorkflow/createWorkflow/updateInfo/offlineExecuted buttons when BWP is off - DatabaseAccount List: add isBusinessWriteDisabled to row-level action buttons
…not just is_manager (#813) When BWP=off, the hook now checks userOperationPermissions.op_permission_list for any data-source-level or project-level permissions in the current project, in addition to the existing is_manager check. This ensures that users with project roles (e.g., "development engineer" with create_workflow permission) can still use business write buttons within their authorized scope (AC-1.4.3, AC-1.8.5).
father build with babel transformer does not emit .d.ts files despite tsconfig having declaration:true. Add explicit tsc --emitDeclarationOnly steps for both es/ and lib/ outputs after father build to ensure downstream packages can resolve TypeScript declarations. Refs: #813
…ct roles (#813) When BWP=off and user has project-level authorization (e.g. data-source-level role "development engineer"), previously ALL businessWrite buttons were enabled regardless of the user's actual permissions. Now checkActionDisabledByBWP verifies that the user has the specific permission for each action (dbServicePermission or projectPermission). Buttons for features not covered by the user's role (e.g. data export, data masking) remain disabled. Changes: - useBusinessWritePermission: export isBWPOff flag for per-action checks - checkActionDisabledByBWP: check specific action permissions when BWP=off with project-level auth, instead of blanket enable/disable - parse2TableActionPermissions: pass record context for per-row BWP checks - Update 8 components to use per-action checkActionDisabledByBWP instead of blanket isBusinessWriteDisabled boolean - Add dbServicePermission (sql_query) to CLOUD_BEAVER.EXPORT manifest entry
…813) When a user is directly specified as an approver/executor/exporter in a workflow template node and the workflow transitions to that user, the corresponding action buttons (approve/reject/execute/export) should be enabled even if the user has BWP=off. The backend already handles this correctly by checking assignee membership, but the frontend was unconditionally disabling buttons based on BWP status without considering whether the current user is in the workflow step's assignee list. Fix: combine the BWP disable check with the assignee visibility check so that buttons are only disabled when BOTH BWP says disabled AND the user is NOT in the current step's assignee/candidate set.
… buttons (#813) PermissionControl independently calls checkActionDisabledByBWP and force-sets disabled=true on child elements, overriding the disabled state computed by useWorkflowDetailAction/useActionButtonState hooks which already account for workflow assignee membership. Add skipBWPCheck prop to PermissionControl to let workflow detail action buttons delegate BWP logic entirely to their hooks. Affected components: - SQL workflow detail: approve, reject, batch exec, manual exec buttons - Data export workflow detail: approve, reject, execute buttons
Coverage report
Test suite run success3711 tests passing in 814 suites. Report generated by 🧪jest coverage report action from 386a318 |
LZS911
approved these changes
May 14, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Frontend implementation of Business Write Permission feature:
Fixes actiontech/dms-ee#813