refactor(grades,diagnostic): 成绩和学情诊断模块审计修复

P0-1: 10 个页面补充 requirePermission 权限校验 P0-2: diagnostic/data-access-reports.ts 移除直查 users 表，改用 getUserNamesByIds P0-3: 新增 grade/grades/diagnostic 三组 i18n 翻译文件（zh-CN/en） P0-4: 新增 /management/grade 重定向页面 P1-2: 抽取 toNumber/normalize/buildScopeClassFilter 到 lib/grade-utils.ts P1-3: 为 12 个 Action 新增 Zod safeParse 校验（schema.ts +12 查询 schema） P1-4: 修复 as 断言违规，改用类型守卫函数 P2-2: 移除 diagnostic 组件中 Tailwind 任意值同步更新架构图文档 004 和 005
2026-06-22 16:23:34 +08:00
parent 20691f53ce
commit 45ee1ae43c
29 changed files with 2276 additions and 186 deletions
--- a/src/app/(dashboard)/teacher/diagnostic/student/[studentId]/page.tsx
+++ b/src/app/(dashboard)/teacher/diagnostic/student/[studentId]/page.tsx
@@ -1,7 +1,8 @@
 import type { JSX } from "react"
 import { notFound } from "next/navigation"
 import { Stethoscope } from "lucide-react"
-import { getAuthContext } from "@/shared/lib/auth-guard"
+import { requirePermission } from "@/shared/lib/auth-guard"
+import { Permissions } from "@/shared/types/permissions"
 import {
  getStudentMasterySummary,
  getKnowledgePointStats,
@@ -18,7 +19,7 @@ export default async function StudentDiagnosticPage({
  params: Promise<{ studentId: string }>
 }): Promise<JSX.Element> {
  const { studentId } = await params
-  const ctx = await getAuthContext()
+  const ctx = await requirePermission(Permissions.DIAGNOSTIC_READ)

  // DataScope 二次校验：学生只能看自己，家长只能看子女
  if (ctx.dataScope.type === "class_members" && ctx.userId !== studentId) {