refactor: RBAC权限系统重构 + UI组件拆分 + 测试修复 + 架构文档

- RBAC: 新增30个权限点、DataScope行级权限、requirePermission守卫，所有57+ Server Action接入权限校验 - UI拆分: exam-form(1623行→11文件)、textbook-reader(744行→7文件)，均降至300行以内 - 测试: 新增5个单元测试文件(19用例)，修复4个集成测试文件(38用例全部通过) - 架构文档: 新增架构影响地图(004/005)、标准功能清单(006)、差距审计报告(007) - 项目规则: 架构图优先规则，改码必同步图 - 安全: rehype-sanitize净化、AES加密API Key、权限路由守卫 - 无障碍: skip-link、aria-label、prefers-reduced-motion - 性能: next/font优化、next/image、代码分割
2026-06-16 23:38:33 +08:00
parent 99f116cb64
commit 125f7ec54c
75 changed files with 9480 additions and 3289 deletions
--- a/src/modules/layout/components/app-sidebar.tsx
+++ b/src/modules/layout/components/app-sidebar.tsx
@@ -3,7 +3,6 @@
 import * as React from "react"
 import Link from "next/link"
 import { usePathname } from "next/navigation"
-import { useSession } from "next-auth/react"
 import { ChevronRight } from "lucide-react"

 import {
@@ -19,6 +18,8 @@ import {
  TooltipTrigger,
 } from "@/shared/components/ui/tooltip"
 import { cn } from "@/shared/lib/utils"
+import { usePermission } from "@/shared/hooks"
+import { Permissions, type Permission } from "@/shared/types/permissions"
 import { useSidebar } from "./sidebar-provider"
 import { NAV_CONFIG, Role } from "../config/navigation"

@@ -29,10 +30,31 @@ interface AppSidebarProps {
 export function AppSidebar({ mode }: AppSidebarProps) {
  const { expanded, toggleSidebar, isMobile } = useSidebar()
  const pathname = usePathname()
-  const { data } = useSession()
-  const currentRole = (data?.user?.role ?? "teacher") as Role
+  const { permissions, hasRole } = usePermission()

-  const navItems = NAV_CONFIG[currentRole] ?? NAV_CONFIG.teacher
+  // Determine which role's nav config to use based on permissions
+  let currentRole: Role = "teacher"
+  if (permissions.includes(Permissions.SCHOOL_MANAGE)) {
+    currentRole = "admin"
+  } else if (permissions.includes(Permissions.HOMEWORK_SUBMIT) && !permissions.includes(Permissions.EXAM_CREATE)) {
+    currentRole = "student"
+  } else if (hasRole("parent")) {
+    currentRole = "parent"
+  }
+
+  const allNavItems = NAV_CONFIG[currentRole] ?? NAV_CONFIG.teacher
+
+  // Filter nav items by permission
+  const navItems = allNavItems.filter((item) => {
+    if (!item.permission) return true
+    return permissions.includes(item.permission as Permission)
+  }).map((item) => ({
+    ...item,
+    items: item.items?.filter((subItem) => {
+      if (!subItem.permission) return true
+      return permissions.includes(subItem.permission as Permission)
+    }),
+  }))

  // Ensure consistent state for hydration
  if (!expanded && mode === 'mobile') return null