feat: 新增备课模块并修复全模块 P0/P1/P2 缺陷
Some checks failed
Security / deep-security-scan (push) Failing after 20m5s
DR Drill / dr-drill (push) Failing after 1m31s
CI / scheduled-backup (push) Failing after 1m31s
CI / backup-verify (push) Has been skipped
CI / weekly-dr-drill (push) Failing after 0s
CI / build-deploy (push) Has been cancelled
CI / security-scan (push) Has been cancelled
Some checks failed
Security / deep-security-scan (push) Failing after 20m5s
DR Drill / dr-drill (push) Failing after 1m31s
CI / scheduled-backup (push) Failing after 1m31s
CI / backup-verify (push) Has been skipped
CI / weekly-dr-drill (push) Failing after 0s
CI / build-deploy (push) Has been cancelled
CI / security-scan (push) Has been cancelled
主要变更: - 新增 lesson-preparation 模块: 备课编辑器、节点编辑、AI 建议、知识点选择、版本历史、作业发布 - 新增 shared 通用组件: charts/question-bank-filters/schedule-list/ui (chip-nav/filter-bar/page-header/stat-card/stat-item) - 新增 student/admin 端 loading.tsx 与 error.tsx, 优化加载与错误态体验 - 新增 teacher/lesson-plans 页面 (列表/新建/编辑) - 新增 drizzle 迁移 0002_tiny_lionheart 及 snapshot - 新增 textbooks/schema.ts 与 exams/utils/normalize-structure.ts - 修复 Tiptap v3 SSR hydration 崩溃 (rich-text-block immediatelyRender: false) - 重构多模块 data-access/actions/组件, 修复权限校验与类型规范 - 同步架构文档 004/005 反映新增模块、导出、依赖关系 - 归档 bugs/* 测试报告与 e2e 测试脚本 (admin/parent/student/teacher web_test)
This commit is contained in:
SpecialX
@@ -1,10 +1,7 @@
|
||||
import { notFound } from "next/navigation"
|
||||
import { eq } from "drizzle-orm"
|
||||
|
||||
import { requireAuth } from "@/shared/lib/auth-guard"
|
||||
import { db } from "@/shared/db"
|
||||
import { parentStudentRelations } from "@/shared/db/schema"
|
||||
import { getChildDashboardData } from "@/modules/parent/data-access"
|
||||
import { verifyParentChildRelation, getChildDashboardData } from "@/modules/parent/data-access"
|
||||
import { ChildDetailHeader } from "@/modules/parent/components/child-detail-header"
|
||||
import { ChildDetailPanel } from "@/modules/parent/components/child-detail-panel"
|
||||
import { EmptyState } from "@/shared/components/ui/empty-state"
|
||||
@@ -20,17 +17,15 @@ export default async function ChildDetailPage({
|
||||
const { studentId } = await params
|
||||
const ctx = await requireAuth()
|
||||
|
||||
// Verify the student is linked to the current parent
|
||||
const [relation] = await db
|
||||
.select({
|
||||
id: parentStudentRelations.id,
|
||||
relation: parentStudentRelations.relation,
|
||||
})
|
||||
.from(parentStudentRelations)
|
||||
.where(eq(parentStudentRelations.studentId, studentId))
|
||||
.limit(1)
|
||||
// 校验当前家长与该子女存在关系(同时按 parentId + studentId 过滤,防止跨家庭信息泄露)
|
||||
const relation = await verifyParentChildRelation(studentId, ctx.userId)
|
||||
|
||||
if (!relation) {
|
||||
// dataScope 二次校验:admin/其他角色可能通过 requireAuth,但需确认 dataScope 包含该子女
|
||||
const isInScope =
|
||||
ctx.dataScope.type === "all" ||
|
||||
(ctx.dataScope.type === "children" && ctx.dataScope.childrenIds.includes(studentId))
|
||||
|
||||
if (!relation || !isInScope) {
|
||||
return (
|
||||
<div className="p-6 md:p-8">
|
||||
<EmptyState
|
||||
@@ -43,21 +38,7 @@ export default async function ChildDetailPage({
|
||||
)
|
||||
}
|
||||
|
||||
// Double-check the parent owns this relation
|
||||
if (ctx.dataScope.type === "children" && !ctx.dataScope.childrenIds.includes(studentId)) {
|
||||
return (
|
||||
<div className="p-6 md:p-8">
|
||||
<EmptyState
|
||||
icon={ShieldAlert}
|
||||
title="Access denied"
|
||||
description="You do not have permission to view this student's data."
|
||||
className="border-none shadow-none"
|
||||
/>
|
||||
</div>
|
||||
)
|
||||
}
|
||||
|
||||
const child = await getChildDashboardData(studentId, relation.relation)
|
||||
const child = await getChildDashboardData(studentId, relation)
|
||||
if (!child) {
|
||||
notFound()
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user