Skip to content

feat(plugin-security): A4 — managed_by 三态统一 + listView 露出 (#2920)#2934

Merged
os-zhuang merged 4 commits into
mainfrom
claude/authz-a4-managed-by-tristate
Jul 15, 2026
Merged

feat(plugin-security): A4 — managed_by 三态统一 + listView 露出 (#2920)#2934
os-zhuang merged 4 commits into
mainfrom
claude/authz-a4-managed-by-tristate

Conversation

@os-zhuang

@os-zhuang os-zhuang commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

A4 — 权限来源三态统一 + 露出(framework 侧)

Tracking: #2920. 跨仓配对 PR:objectstack-ai/objectui#2501

管理员现在能用同一套词表分清权限集/岗位/能力是「平台发的 / 应用发的 / 自己建的」。三个 RBAC 目录对象的 managed_by 此前各说各话,本 PR 统一为 platform / package / admin(以 sys_capability 为准)。

改动

  • sys_permission_set.managed_by / sys_position.managed_bytext → 约束 select,选项 platform / package / admindefaultValue: 'admin'readonly —— 与 sys_capability 完全一致。
  • 写入端收敛到规范词表
    • 内置身份/受众锚点岗位(bootstrapBuiltinRoles):managed_by: 'system''platform'
    • 环境/Studio 自建权限集(upsertEnvPermissionSet 创建路径):'user''admin'
    • 声明式包权限集('package')与平台能力('platform')本就是规范值,未动。
  • sys_position 四个 listViewactive / default_positions / custom / all_positions)补上 managed_by 列,与 capability/permission-set 视图对齐;并加入 highlightFields
  • i18nmanaged_by 字段 + 选项标签(platform/package/admin),三对象 × 四语言(en / zh-CN / ja-JP / es-ES)补齐;顺带补 sys_capability 的 scope 选项标签。

历史数据兼容策略(无破坏性 migration)

关键取舍:没有一处运行时逻辑对分歧的旧值分支——所有访问决策只读 'package' / 'platform'(两者跨三对象本就一致、未改),因此这次是纯展示词表重命名,永不改变任何鉴权结果

  • 内置岗位、声明式包权限集在下次 bootstrap upsert 时自愈到规范值。
  • 残留旧值(环境自建集的 'user'、旧岗位的 system/config/user)由新增的幂等 kernel:ready 协调器 normalizeManagedByVocab 重写(system→platformconfig→packageuser→admin)。字段为 readonly,故以 isSystem 上下文写入。
  • 之所以选协调器而非一次性 migration 脚本:本 kernel 的既定约定就是「幂等 bootstrap 即 migration」(bootstrapBuiltinRoles / bootstrapDeclaredPermissions 等皆如此),与之保持一致。

验证

  • pnpm --filter @objectstack/plugin-security test —— 341 passed(16 files)
  • pnpm --filter @objectstack/plugin-security build —— ESM/CJS/DTS 均通过。
  • 新增 normalize-managed-by.test.ts(重写正确性 + 幂等 + 空 ql 容错);rbac-objects.test.ts 新增三对象词表一致性 + 岗位视图列断言;projection/anchor 测试的创建路径断言随写入端更新(useradminsystemplatform)。

存疑点

  • managed_bytextselectselect 只在写入时校验选项、读取不校验,故残留旧值行仅在协调器跑到前展示原始字符串,无硬失败。
  • 未改 security-plugin 的 package 伪造闸(仍只认 'package'),亦未改对象级 managedBy: 'config'(那是 schema 保护级别,与记录级 managed_by 字段无关)。

🤖 Generated with Claude Code

https://claude.ai/code/session_019QRUvVfpvSycAHMMF2xTxs

Unify the record-level provenance vocabulary across sys_capability,
sys_permission_set and sys_position onto platform / package / admin.

- sys_permission_set.managed_by and sys_position.managed_by: text -> select
  (options platform/package/admin, defaultValue admin, readonly), matching
  sys_capability.
- Writers re-stamped: built-in positions seed managed_by:'platform' (was
  'system'); env/Studio-authored permission sets project managed_by:'admin'
  (was 'user').
- sys_position list views (active/default_positions/custom/all_positions) now
  surface the managed_by column.
- No destructive migration: no runtime path branches on the legacy values
  (every access decision keys on 'package'/'platform'), so the rename never
  changes an authorization outcome. Built-ins/declared sets self-heal on their
  bootstrap upsert; new idempotent kernel:ready reconciler normalizeManagedByVocab
  rewrites residual legacy rows (system->platform, config->package, user->admin).
- i18n: managed_by field + option labels added for all three objects across
  en / zh-CN / ja-JP / es-ES.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_019QRUvVfpvSycAHMMF2xTxs
@vercel

vercel Bot commented Jul 14, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
spec Ready Ready Preview, Comment Jul 15, 2026 12:15am

Request Review

@github-actions

github-actions Bot commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

📓 Docs Drift Check

This PR changes 2 package(s): @objectstack/dogfood, @objectstack/plugin-security.

12 hand-written doc(s) reference the affected code and may need an implementation-accuracy re-verification:

  • content/docs/getting-started/cli.mdx (via @objectstack/plugin-security)
  • content/docs/permissions/access-recipes.mdx (via packages/plugins/plugin-security)
  • content/docs/permissions/authorization.mdx (via packages/dogfood, packages/plugins/plugin-security)
  • content/docs/permissions/delegated-administration.mdx (via packages/dogfood)
  • content/docs/permissions/explain.mdx (via @objectstack/plugin-security)
  • content/docs/permissions/permissions-matrix.mdx (via packages/plugins/plugin-security)
  • content/docs/permissions/sharing-rules.mdx (via @objectstack/plugin-security)
  • content/docs/plugins/index.mdx (via @objectstack/plugin-security)
  • content/docs/plugins/packages.mdx (via @objectstack/plugin-security)
  • content/docs/releases/implementation-status.mdx (via @objectstack/plugin-security)
  • content/docs/ui/audience-based-interfaces.mdx (via packages/plugins/plugin-security)
  • content/docs/ui/dashboards.mdx (via @objectstack/plugin-security)

Advisory only. To re-verify, run the docs-accuracy-audit workflow scoped to these files:
node scripts/docs-audit/affected-docs.mjs origin/main → pass the list as args.docs.

…A4 vocab)

A4 unified record-level managed_by onto platform/package/admin; env-authored
permission sets now project as 'admin' (formerly 'user'). Update the two
showcase-permission-projection assertions the vocab change made stale.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_019QRUvVfpvSycAHMMF2xTxs
claude added 2 commits July 14, 2026 23:50
…ed-by-tristate

# Conflicts:
#	packages/plugins/plugin-security/src/security-plugin.ts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

documentation Improvements or additions to documentation size/l tests tooling

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants