fix: policy always checked regardless of caller-provided floors

Redesign addVisitor four-phase flow: - Phase1: ALWAYS query person detail (orgIds for policy lookup) - Phase2: candidate = caller floors or org floorList - Phase3: ALWAYS check policy; intersect candidate with allow - Phase4: empty set validation Fixes UC-02 bypass: policy was entirely skipped when caller provided floorIds. Now policy always constrains. Bump v2.0.19
2026-06-11 17:30:29 +08:00 · 2026-05-05 19:47:01 +08:00
parent c5febc9905
commit f7da04caea
42 changed files with 2584 additions and 43 deletions
@@ -0,0 +1,10 @@
+artifact=cw-elevator-application-V1.0.0.20211103.jar
+bundle_dir_name=cw-elevator-application-V2.0.18.20260505
+directory=/media/zebra/9e8fa357-7db6-4d70-88ed-d5de5a059a663/星河湾星中星/源码/maven-cw-elevator-application/releases/cw-elevator-application-V2.0.18.20260505
+built_at=2026-05-05T19:28:12+08:00
+java_home=/usr/lib/jvm/java-8-openjdk-amd64
+java_version_line=openjdk version "1.8.0_482"
+java_version_line=OpenJDK Runtime Environment (build 1.8.0_482-8u482-ga~us1-0ubuntu1~22.04-b08)
+java_version_line=OpenJDK 64-Bit Server VM (build 25.482-b08, mixed mode)
+git_rev=c5febc99055822f83061ee58d78d3cfdc66dff51
+git_branch=release/cw-elevator-v1-lib-min-risk