starRiverProperty

huangping/starRiverProperty

Fork 0

mirror of https://github.com/hpd840321/starRiverProperty.git synced 2026-06-10 17:00:30 +08:00

Commit Graph

Author	SHA1	Message	Date
反编译工作区	1cac12d940	docs: add initialization flow analysis to policy design doc - Add §7 initialization flow: /component/person/detail call chain from decompiled component-organization source - Document floorList assembly in ImgPersonServiceImpl (via elevatorFeignClient.listByImageId) - Analyze init vs submit consistency: gap when policy exists	2026-05-05 19:57:01 +08:00
反编译工作区	f7da04caea	fix: policy always checked regardless of caller-provided floors Redesign addVisitor four-phase flow: - Phase1: ALWAYS query person detail (orgIds for policy lookup) - Phase2: candidate = caller floors or org floorList - Phase3: ALWAYS check policy; intersect candidate with allow - Phase4: empty set validation Fixes UC-02 bypass: policy was entirely skipped when caller provided floorIds. Now policy always constrains. Bump v2.0.19	2026-05-05 19:47:01 +08:00

Author

SHA1

Message

Date

反编译工作区

1cac12d940

docs: add initialization flow analysis to policy design doc

- Add §7 initialization flow: /component/person/detail call chain
  from decompiled component-organization source
- Document floorList assembly in ImgPersonServiceImpl (via
  elevatorFeignClient.listByImageId)
- Analyze init vs submit consistency: gap when policy exists

2026-05-05 19:57:01 +08:00

反编译工作区

f7da04caea

fix: policy always checked regardless of caller-provided floors

Redesign addVisitor four-phase flow:
- Phase1: ALWAYS query person detail (orgIds for policy lookup)
- Phase2: candidate = caller floors or org floorList
- Phase3: ALWAYS check policy; intersect candidate with allow
- Phase4: empty set validation
Fixes UC-02 bypass: policy was entirely skipped when caller
provided floorIds. Now policy always constrains.
Bump v2.0.19

2026-05-05 19:47:01 +08:00

2 Commits