SpecialX
|
868ac5f9cf
|
feat(dashboard): 仪表盘模块审计重构 — 权限校验 + i18n + 逻辑抽离
基于 dashboard-audit-report.md 审计结论,对仪表盘模块进行 P0/P1 级修复:
- 新增 4 个 dashboard 权限点(DASHBOARD_ADMIN/TEACHER/STUDENT/PARENT_READ),补充到 permissions.ts 和角色-权限映射
- 新建 actions.ts:4 个 Server Action 均调用 requirePermission() 校验权限,消除 admin 页面零鉴权、teacher/student/parent 仅 requireAuth 的安全隐患
- 根重定向页 /dashboard 改用 resolvePermissions() + 权限点判断,不再 role === xxx 硬编码
- 新建 lib/dashboard-utils.ts:抽取 toWeekday / countStudentAssignments / sortUpcomingAssignments / filterTodaySchedule / computeTeacherMetrics / getGreetingKey 纯函数,与 UI 分离,便于单测
- 新建 messages/{zh-CN,en}/dashboard.json 翻译文件,i18n request.ts 加载 dashboard 命名空间;所有视图组件接入 useTranslations / getTranslations,消除中英混杂硬编码
- 重构 4 个角色 page.tsx:通过 actions 获取数据,generateMetadata 使用 i18n
- 同步更新架构图 004 / 005 文档(dashboard exports / permissions / 文件清单)
|
2026-06-22 15:50:56 +08:00 |
|
SpecialX
|
978d9a8309
|
feat: 新增备课模块并修复全模块 P0/P1/P2 缺陷
Security / deep-security-scan (push) Failing after 20m5s
DR Drill / dr-drill (push) Failing after 1m31s
CI / scheduled-backup (push) Failing after 1m31s
CI / backup-verify (push) Has been skipped
CI / weekly-dr-drill (push) Failing after 0s
CI / build-deploy (push) Has been cancelled
CI / security-scan (push) Has been cancelled
主要变更:
- 新增 lesson-preparation 模块: 备课编辑器、节点编辑、AI 建议、知识点选择、版本历史、作业发布
- 新增 shared 通用组件: charts/question-bank-filters/schedule-list/ui (chip-nav/filter-bar/page-header/stat-card/stat-item)
- 新增 student/admin 端 loading.tsx 与 error.tsx, 优化加载与错误态体验
- 新增 teacher/lesson-plans 页面 (列表/新建/编辑)
- 新增 drizzle 迁移 0002_tiny_lionheart 及 snapshot
- 新增 textbooks/schema.ts 与 exams/utils/normalize-structure.ts
- 修复 Tiptap v3 SSR hydration 崩溃 (rich-text-block immediatelyRender: false)
- 重构多模块 data-access/actions/组件, 修复权限校验与类型规范
- 同步架构文档 004/005 反映新增模块、导出、依赖关系
- 归档 bugs/* 测试报告与 e2e 测试脚本 (admin/parent/student/teacher web_test)
|
2026-06-22 01:06:16 +08:00 |
|
SpecialX
|
49291fcc31
|
refactor: fix all P0/P1/P2 bugs and architecture issues
Bug fixes (from bugs/ directory):
- Fix cross-module DB queries in 9 modules (homework, grades, parent, diagnostic, elective, proctoring, notifications, scheduling, classes) by routing through data-access functions
- Fix shared/lib <-> auth circular dependency via new session.ts module
- Fix divide-by-zero guard in grades data-access
- Fix audit export data truncation (paginated fetch for full datasets)
- Fix missing transactions in homework grading and elective lottery
- Fix missing revalidatePath in course-plans actions
- Fix frontend permission checks using requirePermission instead of requireAuth
- Fix dashboard role routing using session.user.roles
- Fix student auth pattern (migrate getDemoStudentUser to users module)
- Fix ActionState return type handling in components
Code quality fixes:
- Remove 60+ as type assertions (replace with type guards)
- Remove non-null assertions (use optional chaining or explicit checks)
- Convert dynamic imports to static imports (grades, diagnostic)
- Add React.cache() wrapping for read functions
- Parallelize independent queries with Promise.all
- Add explicit return types to 30+ arrow functions
- Replace any with unknown + type guards
- Fix import type for type-only imports
- Add Zod validation schemas for classes and diagnostic modules
- Extract duplicate code (normalizeRoleName, normalizeBcryptHash, logger IP extraction)
- Add console.error to silent catch blocks
- Fix permission naming consistency (exam:proctor_read -> exam:proctor:read)
Architecture doc sync:
- Update 004_architecture_impact_map.md and 005_architecture_data.json
- Update management-modules-audit.md for P0-7 cross-module fix
Moved deleted proctoring event route to deletes/ folder.
|
2026-06-19 05:13:34 +08:00 |
|