openxiangda 1.0.11 → 1.0.12

package/lib/cli.js

@@ -1325,6 +1325,9 @@ async function permission(args) {
       fail('用法: openxiangda permission page-group-create <groupCode> --name <text> [--menu-codes <menuCode...>|--page-codes <pageCode...>|--form-codes <formCode...>|--menu-ids <id...>]');
     }
     const target = getWorkspaceTarget(config, profileName, flags);
+    const roles = splitList(flags.roles);
+    const menuFormUuids = resolvePagePermissionMenuTargets(target.bound, flags);
+    const runtimeAliasTargets = resolvePagePermissionRuntimeAliasTargets(target.bound, flags);
     const data = await requestWithAuth(
       config,
       target.profileName,
@@ -1333,14 +1336,38 @@ async function permission(args) {
         method: 'POST',
         body: {
           name,
-          roles: splitList(flags.roles),
-          menuFormUuids: resolvePagePermissionMenuTargets(target.bound, flags),
+          roles,
+          menuFormUuids,
         },
       }
     );
     if (data?.id) savePagePermissionGroupResource(target, groupCode, data.id, { name });
-    if (flags.json) return writeJson(data);
-    print(JSON.stringify(data, null, 2));
+    let runtimeAliasData = null;
+    if (runtimeAliasTargets.length > 0) {
+      const runtimeAliasGroupCode = `${groupCode}__runtime_aliases`;
+      const runtimeAliasName = `${name}（运行时别名）`;
+      runtimeAliasData = await requestWithAuth(
+        config,
+        target.profileName,
+        `/openxiangda-api/v1/apps/${encodeURIComponent(target.appType)}/page-permission-groups`,
+        {
+          method: 'POST',
+          body: {
+            name: runtimeAliasName,
+            roles,
+            menuFormUuids: runtimeAliasTargets,
+          },
+        }
+      );
+      if (runtimeAliasData?.id) {
+        savePagePermissionGroupResource(target, runtimeAliasGroupCode, runtimeAliasData.id, {
+          name: runtimeAliasName,
+        });
+      }
+    }
+    const output = runtimeAliasData ? { ...data, runtimeAliasGroup: runtimeAliasData } : data;
+    if (flags.json) return writeJson(output);
+    print(JSON.stringify(output, null, 2));
     return;
   }
 
@@ -1920,24 +1947,44 @@ function resolveMenuPermissionTargets(bound, menuCode) {
   const menuEntry = bound.resources?.menus?.[menuCode];
   const menuId = resolveMenuId(bound, menuCode);
   if (menuEntry?.formUuid) return [menuEntry.formUuid];
-  // Custom code pages are checked by three platform surfaces: the admin tree
-  // uses menu IDs, /view uses route keys, and bootstrap uses legacy PAGE IDs.
-  if (menuEntry?.pageId || menuEntry?.pageCode || menuEntry?.routeKey || menuEntry?.legacyFormUuid) {
-    return unique([menuId, ...resolveCodePagePermissionAliases(bound, menuEntry)]);
-  }
   return [menuId];
 }
 
 function resolvePagePermissionTargets(bound, pageCode) {
+  const menuEntry = findPagePermissionMenuEntry(bound, pageCode);
+  if (menuEntry?.menuId) {
+    return [menuEntry.menuId];
+  }
+  fail(`页面 ${pageCode} 未找到已绑定菜单。请先发布/创建菜单，或直接传 --menu-codes/--menu-ids。`);
+}
+
+function resolvePagePermissionRuntimeAliasTargets(bound, flags = {}) {
+  const fromMenuCodes = splitList(flags['menu-codes']).flatMap(code => resolveMenuPermissionRuntimeAliases(bound, code));
+  const fromPageCodes = splitList(flags['page-codes']).flatMap(code => resolvePagePermissionRuntimeAliases(bound, code));
+  return unique([...fromMenuCodes, ...fromPageCodes].filter(Boolean));
+}
+
+function resolveMenuPermissionRuntimeAliases(bound, menuCode) {
+  const menuEntry = bound.resources?.menus?.[menuCode];
+  if (!menuEntry || menuEntry.formUuid) return [];
+  if (menuEntry.pageId || menuEntry.pageCode || menuEntry.routeKey || menuEntry.legacyFormUuid) {
+    return resolveCodePagePermissionAliases(bound, menuEntry);
+  }
+  return [];
+}
+
+function resolvePagePermissionRuntimeAliases(bound, pageCode) {
+  const menuEntry = findPagePermissionMenuEntry(bound, pageCode);
+  if (menuEntry?.menuId) return resolveCodePagePermissionAliases(bound, menuEntry, pageCode);
+  fail(`页面 ${pageCode} 未找到已绑定菜单。请先发布/创建菜单，或直接传 --menu-codes/--menu-ids。`);
+}
+
+function findPagePermissionMenuEntry(bound, pageCode) {
   const pageId = resolveOptionalPageId(bound, pageCode);
-  const menuEntry = findMenuEntry(bound, entry => {
+  return findMenuEntry(bound, entry => {
     if (!entry) return false;
     return entry.pageId === pageId || entry.pageCode === pageCode || entry.routeKey === pageCode;
   });
-  if (menuEntry?.menuId) {
-    return unique([menuEntry.menuId, ...resolveCodePagePermissionAliases(bound, menuEntry, pageCode)]);
-  }
-  fail(`页面 ${pageCode} 未找到已绑定菜单。请先发布/创建菜单，或直接传 --menu-codes/--menu-ids。`);
 }
 
 function resolveCodePagePermissionAliases(bound, menuEntry = {}, pageCode) {

package/openxiangda-skills/references/openxiangda-api.md

@@ -369,11 +369,11 @@ Body:
 {
   "name": "销售可见页面",
   "roles": ["sales"],
-  "menuFormUuids": ["FORM_XXX", "MENU_ID_FOR_CODE_PAGE", "CODE_PAGE_ROUTE_KEY", "PAGE_LEGACY_FORM_UUID"]
+  "menuFormUuids": ["FORM_XXX", "MENU_ID_FOR_CODE_PAGE"]
 }
 ```
 
-An empty `menuFormUuids` array means all menus/pages are visible to the matched roles. For form menus this field can contain form UUIDs. For custom code page menus, OpenXiangda CLI `--page-codes` / `--menu-codes` writes the actual menu ID used by the platform admin tree, the route key used by `/view`, and the legacy `PAGE_...` alias used by custom-page bootstrap.
+An empty `menuFormUuids` array means all menus/pages are visible to the matched roles. For form menus this field can contain form UUIDs. For custom code page menus, the user-facing permission group should contain only the actual menu ID used by the platform admin tree. Because the current `/view` runtime guard also checks route keys and legacy `PAGE_...` aliases, OpenXiangda CLI `--page-codes` / `--menu-codes` creates a companion `（运行时别名）` page permission group for those aliases instead of mixing them into the editable menu group.
 
 ### GET `/apps/:appType/page-permission-groups/:groupId`
 

package/openxiangda-skills/references/permissions-settings.md

@@ -19,14 +19,26 @@ Role IDs are platform-specific. Store them only in `.openxiangda/state.json` und
 ## Page Permission Groups
 
 Page permission groups map role codes to visible menu targets. Form menus use their `FORM_...`
-form UUIDs; custom code page/display menus need the menu ID, route key, and legacy `PAGE_...`
-alias because current platform surfaces check different identifiers:
+form UUIDs. Custom code page/display menus need split targets because current platform
+surfaces check different identifiers: the admin edit tree expects menu IDs, while `/view`
+runtime checks route keys and legacy `PAGE_...` aliases.
 
 ```json
 {
   "name": "销售页面",
   "roles": ["sales"],
-  "menuFormUuids": ["FORM_CUSTOMER", "FORM_ORDER", "MENU_ID_FOR_CODE_PAGE", "CODE_PAGE_ROUTE_KEY", "PAGE_LEGACY_FORM_UUID"]
+  "menuFormUuids": ["FORM_CUSTOMER", "FORM_ORDER", "MENU_ID_FOR_CODE_PAGE"]
+}
+```
+
+For custom code pages, keep the user-facing group editable by storing only menu IDs, then add a
+companion runtime alias group with the same roles:
+
+```json
+{
+  "name": "销售页面（运行时别名）",
+  "roles": ["sales"],
+  "menuFormUuids": ["CODE_PAGE_ROUTE_KEY", "PAGE_LEGACY_FORM_UUID"]
 }
 ```
 
@@ -35,7 +47,7 @@ Rules:
 - `roles: []` means all roles can match.
 - `menuFormUuids: []` means all menus/pages are visible to matched roles.
 - Prefer `--form-codes` in CLI for form menus so each profile resolves its own form UUIDs.
-- Prefer `--page-codes` or `--menu-codes` in CLI for custom code page menus. The CLI writes the menu ID for the admin tree, the route key for `/view`, and the legacy `PAGE_...` alias for custom-page bootstrap.
+- Prefer `--page-codes` or `--menu-codes` in CLI for custom code page menus. The CLI writes menu IDs to the editable group and creates the companion `（运行时别名）` group automatically.
 
 ## Form Permission Groups
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "openxiangda",
-  "version": "1.0.11",
+  "version": "1.0.12",
   "description": "OpenXiangda CLI, workspace build tools, runtime SDK, and form components.",
   "private": false,
   "bin": {