NB-076
2f61ad7f1a
- 项目级 skill: .claude/skills/code-review/ (398行SKILL.md + 参考文件) - 自动触发: AI修改.py/.cbl/.cpy/.lark后自动review - CLAUDE.md: 定义触发规则、review流程、严重级别 - .code-review.yaml: tier=standard, 高风险模块配置 效果: clone即用, 每次代码变更后自动审查, 防止低质量代码入库 Co-Authored-By: Claude <noreply@anthropic.com>
29 lines
1.2 KiB
Markdown
29 lines
1.2 KiB
Markdown
# Permission Module — Manual Review Checklist
|
|
|
|
## RBAC Model
|
|
- [ ] Roles and permissions clearly defined and documented
|
|
- [ ] No permission inheritance cycles
|
|
- [ ] Super admin role cannot be accidentally assigned to regular users
|
|
- [ ] Role changes are logged
|
|
|
|
## Authorization Enforcement
|
|
- [ ] Every protected endpoint checks permissions (not just login state)
|
|
- [ ] Resource-level permissions: user can only access own data
|
|
- [ ] Admin endpoints segregated from user endpoints (different middleware chain)
|
|
|
|
## Horizontal Escalation
|
|
- [ ] User A cannot access User B's resources by changing ID in request
|
|
- [ ] Resource ownership verified on every request (not just at list level)
|
|
- [ ] Bulk operations check permissions per-item, not just the batch endpoint
|
|
|
|
## Vertical Escalation
|
|
- [ ] Regular users cannot perform admin actions
|
|
- [ ] Role checks happen server-side (not trusting client-claimed role)
|
|
- [ ] Privileged operations require re-authentication
|
|
|
|
## Token Strategy
|
|
- [ ] Access token: short-lived (15-60 min)
|
|
- [ ] Refresh token: long-lived, stored securely (httpOnly cookie)
|
|
- [ ] Token rotation on refresh (old refresh token invalidated)
|
|
- [ ] Token revocation mechanism (logout invalidates all user tokens)
|