fix: policy always checked regardless of caller-provided floors

Redesign addVisitor four-phase flow:
- Phase1: ALWAYS query person detail (orgIds for policy lookup)
- Phase2: candidate = caller floors or org floorList
- Phase3: ALWAYS check policy; intersect candidate with allow
- Phase4: empty set validation
Fixes UC-02 bypass: policy was entirely skipped when caller
provided floorIds. Now policy always constrains.
Bump v2.0.19

maven-cw-elevator-application/releases/cw-elevator-application-V2.0.19.20260505/ddl/tenant_visitor_floor_policy.sql

@@ -0,0 +1,27 @@
+-- 租户访客默认楼层策略（电梯应用库）
+-- 设计说明：docs/business/租户访客默认楼层-数据库配置阶段技术设计.md
+
+CREATE TABLE IF NOT EXISTS tenant_visitor_floor_policy (
+  id              VARCHAR(32)  NOT NULL COMMENT '主键',
+  business_id     VARCHAR(64)  NOT NULL COMMENT '机构/租户 ID',
+  policy_type     VARCHAR(32)  NOT NULL DEFAULT 'INTERSECT_ALLOWLIST' COMMENT '策略类型',
+  allow_zone_ids  TEXT         NULL COMMENT 'JSON 数组，zoneId 列表',
+  building_id     VARCHAR(64)  NULL COMMENT '预留：楼栋维度；租户默认填 NULL',
+  enabled         TINYINT(1)   NOT NULL DEFAULT 1 COMMENT '1 启用 0 停用',
+  policy_version  BIGINT       NOT NULL DEFAULT 1 COMMENT '配置版本号',
+  remark          VARCHAR(256) NULL,
+  created_by      VARCHAR(64)  NULL,
+  created_at      BIGINT       NULL,
+  updated_by      VARCHAR(64)  NULL,
+  updated_at      BIGINT       NULL,
+  PRIMARY KEY (id),
+  UNIQUE KEY uk_biz_building (business_id, building_id),
+  KEY idx_business_enabled (business_id, enabled)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='租户访客默认楼层策略（与组织 floorList 求交）';
+
+-- 示例（实施时替换占位符后执行）
+-- INSERT INTO tenant_visitor_floor_policy
+-- (id, business_id, policy_type, allow_zone_ids, building_id, enabled, policy_version, remark, created_at, updated_at)
+-- VALUES
+-- (REPLACE(UUID(),'-',''), 'REPLACE_WITH_BUSINESS_ID', 'INTERSECT_ALLOWLIST',
+--  '["REPLACE_ZONE_A","REPLACE_ZONE_B"]', NULL, 1, 1, '实施录入', UNIX_TIMESTAMP(NOW())*1000, UNIX_TIMESTAMP(NOW())*1000);

maven-cw-elevator-application/releases/cw-elevator-application-V2.0.19.20260505/ddl/tenant_visitor_floor_policy_init_guangfa_fund.sql

@@ -0,0 +1,47 @@
+-- 广发基金租户：访客默认楼层策略初始化（电梯库 cw-elevator-application）
+--
+-- 字段说明：allow_zone_ids 为 JSON 数组，元素使用 code_elevator_area.zone_id（snowflake 格式），
+-- 与 PersonResult.floorList 和 image_rule_ref.zone_id 同一套 ID。
+--
+-- 数据来源（现场查询 192.168.3.12:3307）：
+--   org_id：component-organization.cw_is_organization
+--     NAME='[28-38F]广发基金管理有限公司' -> ID = 488b8ad049bb43408a6fbcc50bcb89ac
+--   28F zone_id：cw-elevator-application.code_elevator_area
+--     zone_id = 605560545117995008（zone_name=28F，code=0x1C）
+--
+-- 重复执行：使用固定 id + ON DUPLICATE KEY UPDATE，幂等。
+
+SET NAMES utf8mb4;
+
+INSERT INTO tenant_visitor_floor_policy (
+  id,
+  org_id,
+  business_id,
+  policy_type,
+  allow_zone_ids,
+  building_id,
+  enabled,
+  policy_version,
+  remark,
+  created_at,
+  updated_at
+) VALUES (
+  'gf_vstr_policy_guangfa_fund_001x',
+  '488b8ad049bb43408a6fbcc50bcb89ac',
+  '2524639890ba4f2cba9ba1a4eeaa4015',
+  'INTERSECT_ALLOWLIST',
+  '["605560545117995008"]',
+  NULL,
+  1,
+  1,
+  '广发基金：访客与 floorList 求交后仅保留 allowlist（默认仅 28F zone）。',
+  UNIX_TIMESTAMP(NOW()) * 1000,
+  UNIX_TIMESTAMP(NOW()) * 1000
+) ON DUPLICATE KEY UPDATE
+  org_id          = VALUES(org_id),
+  policy_type     = VALUES(policy_type),
+  allow_zone_ids  = VALUES(allow_zone_ids),
+  enabled         = VALUES(enabled),
+  policy_version  = policy_version + 1,
+  remark          = VALUES(remark),
+  updated_at      = VALUES(updated_at);

maven-cw-elevator-application/releases/cw-elevator-application-V2.0.19.20260505/ddl/tenant_visitor_floor_policy_init_property_mgmt_6f.sql

@@ -0,0 +1,186 @@
+-- 物业公司租户：访客默认楼层策略初始化（电梯库 cw-elevator-application）
+-- 访客不传 floorIds 时，默认仅开放 6F，与被访人 floorList 求交。
+--
+-- 数据来源（192.168.3.12:3307）：
+--   org_id：component-organization.cw_is_organization
+--     星河湾物业管理有限公司     → 64fdc8eaf5824df5a1329819af29b79f
+--     星河湾物业管理公司         → 8fc3f910bd834198a539832017fe920e
+--     星河湾物管公司             → cc760fdf9c384a0cbf4951ccf2c6452e
+--     星中心物业管理公司         → f216235e54ca42bfa0379e69b3754aff
+--     星中心物业服务中心         → 95818575a2284db6833289474d33671f
+--     星中心物管公司             → 348328d755624b3491cd307a3109f36a
+--     物业管理总部               → dde6cc9a4f6b4f5490d03e26fb016200
+--   6F zone_id：cw-elevator-application.code_elevator_area
+--     zone_id = 605560541473144832（code=0x06）
+--
+-- 重复执行：使用固定 id + ON DUPLICATE KEY UPDATE。
+
+SET NAMES utf8mb4;
+
+-- ============================================================
+-- 1. 星河湾物业管理有限公司
+-- ============================================================
+INSERT INTO tenant_visitor_floor_policy (
+  id, business_id, org_id, policy_type, allow_zone_ids,
+  building_id, enabled, policy_version, remark, created_at, updated_at
+) VALUES (
+  'pm_6f_vstr_policy_001',
+  '2524639890ba4f2cba9ba1a4eeaa4015',
+  '64fdc8eaf5824df5a1329819af29b79f',
+  'INTERSECT_ALLOWLIST',
+  '["605560541473144832"]',
+  NULL, 1, 1,
+  '星河湾物业管理有限公司：访客默认仅开放 6F。',
+  UNIX_TIMESTAMP(NOW()) * 1000,
+  UNIX_TIMESTAMP(NOW()) * 1000
+) ON DUPLICATE KEY UPDATE
+  policy_type     = VALUES(policy_type),
+  allow_zone_ids  = VALUES(allow_zone_ids),
+  enabled         = VALUES(enabled),
+  policy_version  = policy_version + 1,
+  remark          = VALUES(remark),
+  updated_at      = VALUES(updated_at);
+
+-- ============================================================
+-- 2. 星河湾物业管理公司
+-- ============================================================
+INSERT INTO tenant_visitor_floor_policy (
+  id, business_id, org_id, policy_type, allow_zone_ids,
+  building_id, enabled, policy_version, remark, created_at, updated_at
+) VALUES (
+  'pm_6f_vstr_policy_002',
+  '2524639890ba4f2cba9ba1a4eeaa4015',
+  '8fc3f910bd834198a539832017fe920e',
+  'INTERSECT_ALLOWLIST',
+  '["605560541473144832"]',
+  NULL, 1, 1,
+  '星河湾物业管理公司：访客默认仅开放 6F。',
+  UNIX_TIMESTAMP(NOW()) * 1000,
+  UNIX_TIMESTAMP(NOW()) * 1000
+) ON DUPLICATE KEY UPDATE
+  policy_type     = VALUES(policy_type),
+  allow_zone_ids  = VALUES(allow_zone_ids),
+  enabled         = VALUES(enabled),
+  policy_version  = policy_version + 1,
+  remark          = VALUES(remark),
+  updated_at      = VALUES(updated_at);
+
+-- ============================================================
+-- 3. 星河湾物管公司
+-- ============================================================
+INSERT INTO tenant_visitor_floor_policy (
+  id, business_id, org_id, policy_type, allow_zone_ids,
+  building_id, enabled, policy_version, remark, created_at, updated_at
+) VALUES (
+  'pm_6f_vstr_policy_003',
+  '2524639890ba4f2cba9ba1a4eeaa4015',
+  'cc760fdf9c384a0cbf4951ccf2c6452e',
+  'INTERSECT_ALLOWLIST',
+  '["605560541473144832"]',
+  NULL, 1, 1,
+  '星河湾物管公司：访客默认仅开放 6F。',
+  UNIX_TIMESTAMP(NOW()) * 1000,
+  UNIX_TIMESTAMP(NOW()) * 1000
+) ON DUPLICATE KEY UPDATE
+  policy_type     = VALUES(policy_type),
+  allow_zone_ids  = VALUES(allow_zone_ids),
+  enabled         = VALUES(enabled),
+  policy_version  = policy_version + 1,
+  remark          = VALUES(remark),
+  updated_at      = VALUES(updated_at);
+
+-- ============================================================
+-- 4. 星中心物业管理公司
+-- ============================================================
+INSERT INTO tenant_visitor_floor_policy (
+  id, business_id, org_id, policy_type, allow_zone_ids,
+  building_id, enabled, policy_version, remark, created_at, updated_at
+) VALUES (
+  'pm_6f_vstr_policy_004',
+  '2524639890ba4f2cba9ba1a4eeaa4015',
+  'f216235e54ca42bfa0379e69b3754aff',
+  'INTERSECT_ALLOWLIST',
+  '["605560541473144832"]',
+  NULL, 1, 1,
+  '星中心物业管理公司：访客默认仅开放 6F。',
+  UNIX_TIMESTAMP(NOW()) * 1000,
+  UNIX_TIMESTAMP(NOW()) * 1000
+) ON DUPLICATE KEY UPDATE
+  policy_type     = VALUES(policy_type),
+  allow_zone_ids  = VALUES(allow_zone_ids),
+  enabled         = VALUES(enabled),
+  policy_version  = policy_version + 1,
+  remark          = VALUES(remark),
+  updated_at      = VALUES(updated_at);
+
+-- ============================================================
+-- 5. 星中心物业服务中心
+-- ============================================================
+INSERT INTO tenant_visitor_floor_policy (
+  id, business_id, org_id, policy_type, allow_zone_ids,
+  building_id, enabled, policy_version, remark, created_at, updated_at
+) VALUES (
+  'pm_6f_vstr_policy_005',
+  '2524639890ba4f2cba9ba1a4eeaa4015',
+  '95818575a2284db6833289474d33671f',
+  'INTERSECT_ALLOWLIST',
+  '["605560541473144832"]',
+  NULL, 1, 1,
+  '星中心物业服务中心：访客默认仅开放 6F。',
+  UNIX_TIMESTAMP(NOW()) * 1000,
+  UNIX_TIMESTAMP(NOW()) * 1000
+) ON DUPLICATE KEY UPDATE
+  policy_type     = VALUES(policy_type),
+  allow_zone_ids  = VALUES(allow_zone_ids),
+  enabled         = VALUES(enabled),
+  policy_version  = policy_version + 1,
+  remark          = VALUES(remark),
+  updated_at      = VALUES(updated_at);
+
+-- ============================================================
+-- 6. 星中心物管公司
+-- ============================================================
+INSERT INTO tenant_visitor_floor_policy (
+  id, business_id, org_id, policy_type, allow_zone_ids,
+  building_id, enabled, policy_version, remark, created_at, updated_at
+) VALUES (
+  'pm_6f_vstr_policy_006',
+  '2524639890ba4f2cba9ba1a4eeaa4015',
+  '348328d755624b3491cd307a3109f36a',
+  'INTERSECT_ALLOWLIST',
+  '["605560541473144832"]',
+  NULL, 1, 1,
+  '星中心物管公司：访客默认仅开放 6F。',
+  UNIX_TIMESTAMP(NOW()) * 1000,
+  UNIX_TIMESTAMP(NOW()) * 1000
+) ON DUPLICATE KEY UPDATE
+  policy_type     = VALUES(policy_type),
+  allow_zone_ids  = VALUES(allow_zone_ids),
+  enabled         = VALUES(enabled),
+  policy_version  = policy_version + 1,
+  remark          = VALUES(remark),
+  updated_at      = VALUES(updated_at);
+
+-- ============================================================
+-- 7. 物业管理总部
+-- ============================================================
+INSERT INTO tenant_visitor_floor_policy (
+  id, business_id, org_id, policy_type, allow_zone_ids,
+  building_id, enabled, policy_version, remark, created_at, updated_at
+) VALUES (
+  'pm_6f_vstr_policy_007',
+  '2524639890ba4f2cba9ba1a4eeaa4015',
+  'dde6cc9a4f6b4f5490d03e26fb016200',
+  'INTERSECT_ALLOWLIST',
+  '["605560541473144832"]',
+  NULL, 1, 1,
+  '物业管理总部：访客默认仅开放 6F。',
+  UNIX_TIMESTAMP(NOW()) * 1000,
+  UNIX_TIMESTAMP(NOW()) * 1000
+) ON DUPLICATE KEY UPDATE
+  policy_type     = VALUES(policy_type),
+  allow_zone_ids  = VALUES(allow_zone_ids),
+  enabled         = VALUES(enabled),
+  policy_version  = policy_version + 1,
+  remark          = VALUES(remark),
+  updated_at      = VALUES(updated_at);