{ "title": "龙虾供应链配送系统 v0.1 接口权限审计清单", "updatedAt": "2026-04-26 19:05", "summary": { "total": 107, "guarded": 98, "publicRead": 7, "publicPost": 2, "highRiskGuarded": 44, "highRiskOpen": 1, "mediumRiskOpen": 1, "pendingWrite": 0 }, "rules": [ "公开 POST 仅保留登录 /xia-api/auth/login 与客户反馈提交 /xia-api/feedback。", "商品、定价、生产化检查、反馈队列、审计日志、财务、结算、提成、门店/供应商、订单、配送、履约、签收等业务读写接口均需后台 token。", "公开 GET 保留健康检查、系统说明、权限矩阵、客户反馈状态查询等低风险入口。" ], "records": [ { "method": "GET", "path": "/xia-api/health", "apiPath": "/api/health", "permission": "", "guardLabel": "", "controller": "healthController(config)", "exposure": "公开/只读测试入口", "risk": "低" }, { "method": "GET", "path": "/xia-api/system/modules", "apiPath": "/api/system/modules", "permission": "", "guardLabel": "", "controller": "systemController()", "exposure": "公开/只读测试入口", "risk": "低" }, { "method": "GET", "path": "/xia-api/system/dashboard", "apiPath": "/api/system/dashboard", "permission": "", "guardLabel": "", "controller": "systemDashboardController()", "exposure": "公开/只读测试入口", "risk": "低" }, { "method": "GET", "path": "/xia-api/auth", "apiPath": "/api/auth", "permission": "", "guardLabel": "", "controller": "authOverviewController()", "exposure": "公开/只读测试入口", "risk": "低" }, { "method": "POST", "path": "/xia-api/auth/login", "apiPath": "/api/auth/login", "permission": "", "guardLabel": "", "controller": "loginController()", "exposure": "公开登录入口", "risk": "中" }, { "method": "GET", "path": "/xia-api/auth/me", "apiPath": "/api/auth/me", "permission": "", "guardLabel": "", "controller": "meController()", "exposure": "公开/只读测试入口", "risk": "低" }, { "method": "GET", "path": "/xia-api/auth/audit-logs", "apiPath": "/api/auth/audit-logs", "permission": "rbac:view", "guardLabel": "auth.audit-logs", "controller": "auditLogsController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "GET", "path": "/xia-api/auth/permission-matrix", "apiPath": "/api/auth/permission-matrix", "permission": "", "guardLabel": "", "controller": "permissionMatrixController()", "exposure": "公开/只读测试入口", "risk": "低" }, { "method": "GET", "path": "/xia-api/auth/access-check/finance", "apiPath": "/api/auth/access-check/finance", "permission": "finance:manage", "guardLabel": "finance.guard-demo", "controller": "accessCheckController(\"finance:manage\", \"财务与提成接口守卫\")", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "GET", "path": "/xia-api/auth/access-check/production", "apiPath": "/api/auth/access-check/production", "permission": "production:readiness", "guardLabel": "production.guard-demo", "controller": "accessCheckController(\"production:readiness\", \"生产化检查接口守卫\")", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "GET", "path": "/xia-api/production-readiness", "apiPath": "/api/production-readiness", "permission": "production:readiness", "guardLabel": "production-readiness.view", "controller": "productionReadinessController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "POST", "path": "/xia-api/production-readiness/:itemKey/status", "apiPath": "/api/production-readiness/:itemKey/status", "permission": "production:readiness", "guardLabel": "production-readiness.update", "controller": "productionReadinessUpdateController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "GET", "path": "/xia-api/feedback", "apiPath": "/api/feedback", "permission": "feedback:manage", "guardLabel": "feedback.queue", "controller": "feedbackListController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "POST", "path": "/xia-api/feedback", "apiPath": "/api/feedback", "permission": "", "guardLabel": "", "controller": "feedbackCreateController()", "exposure": "客户公开提交入口", "risk": "高" }, { "method": "GET", "path": "/xia-api/feedback/:feedbackNo", "apiPath": "/api/feedback/:feedbackNo", "permission": "", "guardLabel": "", "controller": "feedbackDetailController()", "exposure": "公开/只读测试入口", "risk": "低" }, { "method": "POST", "path": "/xia-api/feedback/:feedbackNo/status", "apiPath": "/api/feedback/:feedbackNo/status", "permission": "feedback:manage", "guardLabel": "feedback.status-update", "controller": "feedbackStatusController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "GET", "path": "/xia-api/stores", "apiPath": "/api/stores", "permission": "stores:manage", "guardLabel": "stores.view", "controller": "storesOverviewController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "GET", "path": "/xia-api/stores/:storeId", "apiPath": "/api/stores/:storeId", "permission": "stores:manage", "guardLabel": "stores.detail", "controller": "storeDetailController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "POST", "path": "/xia-api/stores/:storeId/audit", "apiPath": "/api/stores/:storeId/audit", "permission": "stores:manage", "guardLabel": "stores.audit", "controller": "storeAuditController()", "exposure": "受 RBAC 守卫保护", "risk": "中" }, { "method": "GET", "path": "/xia-api/suppliers", "apiPath": "/api/suppliers", "permission": "suppliers:manage", "guardLabel": "suppliers.view", "controller": "suppliersOverviewController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "GET", "path": "/xia-api/suppliers/:supplierId", "apiPath": "/api/suppliers/:supplierId", "permission": "suppliers:manage", "guardLabel": "suppliers.detail", "controller": "supplierDetailController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "POST", "path": "/xia-api/suppliers/:supplierId/approve", "apiPath": "/api/suppliers/:supplierId/approve", "permission": "suppliers:manage", "guardLabel": "suppliers.approve", "controller": "supplierApproveController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "GET", "path": "/xia-api/fulfillment-orders", "apiPath": "/api/fulfillment-orders", "permission": "fulfillment:manage", "guardLabel": "fulfillment.view", "controller": "fulfillmentOrdersController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "GET", "path": "/xia-api/fulfillment-orders/:fulfillmentNo", "apiPath": "/api/fulfillment-orders/:fulfillmentNo", "permission": "fulfillment:manage", "guardLabel": "fulfillment.detail", "controller": "fulfillmentOrderDetailController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "POST", "path": "/xia-api/fulfillment-orders/:fulfillmentNo/accept", "apiPath": "/api/fulfillment-orders/:fulfillmentNo/accept", "permission": "fulfillment:manage", "guardLabel": "fulfillment.accept", "controller": "fulfillmentAcceptController()", "exposure": "受 RBAC 守卫保护", "risk": "中" }, { "method": "POST", "path": "/xia-api/fulfillment-orders/:fulfillmentNo/exception-report", "apiPath": "/api/fulfillment-orders/:fulfillmentNo/exception-report", "permission": "fulfillment:manage", "guardLabel": "fulfillment.exception-report", "controller": "fulfillmentExceptionController()", "exposure": "受 RBAC 守卫保护", "risk": "中" }, { "method": "GET", "path": "/xia-api/products", "apiPath": "/api/products", "permission": "products:release", "guardLabel": "products.view", "controller": "productsOverviewController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "POST", "path": "/xia-api/products/:productId/toggle-status", "apiPath": "/api/products/:productId/toggle-status", "permission": "products:release", "guardLabel": "products.toggle-status", "controller": "productToggleController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/products/:productId/repricing-preview", "apiPath": "/api/products/:productId/repricing-preview", "permission": "products:release", "guardLabel": "products.repricing-preview", "controller": "productRepricingPreviewController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/products/:productId/repricing-version", "apiPath": "/api/products/:productId/repricing-version", "permission": "products:release", "guardLabel": "products.repricing-version", "controller": "productRepricingVersionController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/products/:productId/repricing-publish", "apiPath": "/api/products/:productId/repricing-publish", "permission": "products:release", "guardLabel": "products.repricing-publish", "controller": "productRepricingPublishController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/products/:productId/release-tracking", "apiPath": "/api/products/:productId/release-tracking", "permission": "products:release", "guardLabel": "products.release-tracking", "controller": "productReleaseTrackingController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/products/:productId/release-approve", "apiPath": "/api/products/:productId/release-approve", "permission": "products:release", "guardLabel": "products.release-approve", "controller": "productReleaseApproveController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/products/:productId/release-revise", "apiPath": "/api/products/:productId/release-revise", "permission": "products:release", "guardLabel": "products.release-revise", "controller": "productReleaseReviseController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/products/:productId/release-approval-flow", "apiPath": "/api/products/:productId/release-approval-flow", "permission": "products:release", "guardLabel": "products.release-approval-flow", "controller": "productReleaseApprovalFlowController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/products/:productId/release-blockers", "apiPath": "/api/products/:productId/release-blockers", "permission": "products:release", "guardLabel": "products.release-blockers", "controller": "productReleaseBlockersController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/products/:productId/release-resolve-blockers", "apiPath": "/api/products/:productId/release-resolve-blockers", "permission": "products:release", "guardLabel": "products.release-resolve-blockers", "controller": "productReleaseResolveBlockersController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/products/:productId/release-sync-job", "apiPath": "/api/products/:productId/release-sync-job", "permission": "products:release", "guardLabel": "products.release-sync-job", "controller": "productReleaseSyncJobController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/products/:productId/release-sync-result", "apiPath": "/api/products/:productId/release-sync-result", "permission": "products:release", "guardLabel": "products.release-sync-result", "controller": "productReleaseSyncResultController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/products/:productId/release-sync-exception", "apiPath": "/api/products/:productId/release-sync-exception", "permission": "products:release", "guardLabel": "products.release-sync-exception", "controller": "productReleaseSyncExceptionController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/products/:productId/release-sync-retry", "apiPath": "/api/products/:productId/release-sync-retry", "permission": "products:release", "guardLabel": "products.release-sync-retry", "controller": "productReleaseSyncRetryController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/products/:productId/release-sync-failure-summary", "apiPath": "/api/products/:productId/release-sync-failure-summary", "permission": "products:release", "guardLabel": "products.release-sync-failure-summary", "controller": "productReleaseSyncFailureSummaryController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/products/:productId/withdraw-release", "apiPath": "/api/products/:productId/withdraw-release", "permission": "products:release", "guardLabel": "products.withdraw-release", "controller": "productReleaseWithdrawController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "GET", "path": "/xia-api/products/:productId", "apiPath": "/api/products/:productId", "permission": "products:release", "guardLabel": "products.detail", "controller": "productDetailController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "GET", "path": "/xia-api/pricing", "apiPath": "/api/pricing", "permission": "pricing:manage", "guardLabel": "pricing.view", "controller": "pricingOverviewController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "GET", "path": "/xia-api/pricing/rules/:ruleId", "apiPath": "/api/pricing/rules/:ruleId", "permission": "pricing:manage", "guardLabel": "pricing.rule-detail", "controller": "pricingRuleDetailController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "POST", "path": "/xia-api/pricing/rules/:ruleId/preview-impact", "apiPath": "/api/pricing/rules/:ruleId/preview-impact", "permission": "pricing:manage", "guardLabel": "pricing.preview-impact", "controller": "pricingRulePreviewController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/pricing/rules/:ruleId/update-config", "apiPath": "/api/pricing/rules/:ruleId/update-config", "permission": "pricing:manage", "guardLabel": "pricing.update-config", "controller": "pricingRuleUpdateController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/pricing/rules/:ruleId/validate-config", "apiPath": "/api/pricing/rules/:ruleId/validate-config", "permission": "pricing:manage", "guardLabel": "pricing.validate-config", "controller": "pricingRuleValidateController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/pricing/rules/:ruleId/publish-version", "apiPath": "/api/pricing/rules/:ruleId/publish-version", "permission": "pricing:manage", "guardLabel": "pricing.publish-version", "controller": "pricingRulePublishController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/pricing/rules/:ruleId/preview-linked-impact", "apiPath": "/api/pricing/rules/:ruleId/preview-linked-impact", "permission": "pricing:manage", "guardLabel": "pricing.preview-linked-impact", "controller": "pricingRuleLinkedImpactController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/pricing/rules/:ruleId/batch-publish", "apiPath": "/api/pricing/rules/:ruleId/batch-publish", "permission": "pricing:manage", "guardLabel": "pricing.batch-publish", "controller": "pricingRuleBatchPublishController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/pricing/rules/:ruleId/compare-linked", "apiPath": "/api/pricing/rules/:ruleId/compare-linked", "permission": "pricing:manage", "guardLabel": "pricing.compare-linked", "controller": "pricingRuleCompareController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "GET", "path": "/xia-api/pricing/batches/:batchNo/audit", "apiPath": "/api/pricing/batches/:batchNo/audit", "permission": "pricing:manage", "guardLabel": "pricing.batch-audit", "controller": "pricingBatchAuditController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "GET", "path": "/xia-api/pricing/batches/:batchNo/checklist", "apiPath": "/api/pricing/batches/:batchNo/checklist", "permission": "pricing:manage", "guardLabel": "pricing.batch-checklist", "controller": "pricingBatchChecklistController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "GET", "path": "/xia-api/pricing/batches/:batchNo/approval-flow", "apiPath": "/api/pricing/batches/:batchNo/approval-flow", "permission": "pricing:manage", "guardLabel": "pricing.batch-approval-flow", "controller": "pricingBatchApprovalFlowController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "GET", "path": "/xia-api/pricing/batches/:batchNo/blockers", "apiPath": "/api/pricing/batches/:batchNo/blockers", "permission": "pricing:manage", "guardLabel": "pricing.batch-blockers", "controller": "pricingBatchBlockersController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "POST", "path": "/xia-api/pricing/batches/:batchNo/approval", "apiPath": "/api/pricing/batches/:batchNo/approval", "permission": "pricing:manage", "guardLabel": "pricing.batch-approval", "controller": "pricingBatchApprovalController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/pricing/batches/:batchNo/retry-release", "apiPath": "/api/pricing/batches/:batchNo/retry-release", "permission": "pricing:manage", "guardLabel": "pricing.retry-release", "controller": "pricingBatchRetryController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/pricing/batches/:batchNo/withdraw-release", "apiPath": "/api/pricing/batches/:batchNo/withdraw-release", "permission": "pricing:manage", "guardLabel": "pricing.withdraw-release", "controller": "pricingBatchWithdrawController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/pricing/rules/:ruleId/rollback-version", "apiPath": "/api/pricing/rules/:ruleId/rollback-version", "permission": "pricing:manage", "guardLabel": "pricing.rollback-version", "controller": "pricingRuleRollbackController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/pricing/rules/:ruleId/toggle-status", "apiPath": "/api/pricing/rules/:ruleId/toggle-status", "permission": "pricing:manage", "guardLabel": "pricing.toggle-status", "controller": "pricingRuleToggleController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "GET", "path": "/xia-api/pricing/lobster-effective-price", "apiPath": "/api/pricing/lobster-effective-price", "permission": "pricing:manage", "guardLabel": "pricing.lobster-effective-price", "controller": "pricingLobsterEffectivePriceController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "GET", "path": "/xia-api/pricing/freight-rules/current", "apiPath": "/api/pricing/freight-rules/current", "permission": "pricing:manage", "guardLabel": "pricing.freight-rules", "controller": "pricingFreightRulesController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "POST", "path": "/xia-api/pricing/order-preview", "apiPath": "/api/pricing/order-preview", "permission": "orders:manage", "guardLabel": "pricing.order-preview", "controller": "pricingPreviewController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "GET", "path": "/xia-api/orders", "apiPath": "/api/orders", "permission": "orders:manage", "guardLabel": "orders.view", "controller": "ordersOverviewController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "GET", "path": "/xia-api/orders/list", "apiPath": "/api/orders/list", "permission": "orders:manage", "guardLabel": "orders.list", "controller": "ordersListController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "GET", "path": "/xia-api/orders/:orderNo", "apiPath": "/api/orders/:orderNo", "permission": "orders:manage", "guardLabel": "orders.detail", "controller": "orderDetailController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "POST", "path": "/xia-api/orders/:orderNo/split-preview", "apiPath": "/api/orders/:orderNo/split-preview", "permission": "orders:manage", "guardLabel": "orders.split-preview", "controller": "orderSplitPreviewController()", "exposure": "受 RBAC 守卫保护", "risk": "中" }, { "method": "POST", "path": "/xia-api/orders/:orderNo/fulfillment-plan", "apiPath": "/api/orders/:orderNo/fulfillment-plan", "permission": "orders:manage", "guardLabel": "orders.fulfillment-plan", "controller": "orderFulfillmentPlanController()", "exposure": "受 RBAC 守卫保护", "risk": "中" }, { "method": "POST", "path": "/xia-api/orders/:orderNo/exception-summary", "apiPath": "/api/orders/:orderNo/exception-summary", "permission": "orders:manage", "guardLabel": "orders.exception-summary", "controller": "orderExceptionSummaryController()", "exposure": "受 RBAC 守卫保护", "risk": "中" }, { "method": "POST", "path": "/xia-api/orders/preview", "apiPath": "/api/orders/preview", "permission": "orders:manage", "guardLabel": "orders.preview", "controller": "orderPreviewController()", "exposure": "受 RBAC 守卫保护", "risk": "中" }, { "method": "POST", "path": "/xia-api/orders", "apiPath": "/api/orders", "permission": "orders:manage", "guardLabel": "orders.submit", "controller": "orderSubmitController()", "exposure": "受 RBAC 守卫保护", "risk": "中" }, { "method": "GET", "path": "/xia-api/delivery", "apiPath": "/api/delivery", "permission": "delivery:manage", "guardLabel": "delivery.view", "controller": "deliveryOverviewController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "GET", "path": "/xia-api/delivery/orders", "apiPath": "/api/delivery/orders", "permission": "delivery:manage", "guardLabel": "delivery.orders", "controller": "deliveryListController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "GET", "path": "/xia-api/delivery/orders/:deliveryNo", "apiPath": "/api/delivery/orders/:deliveryNo", "permission": "delivery:manage", "guardLabel": "delivery.detail", "controller": "deliveryDetailController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "POST", "path": "/xia-api/delivery/orders/:deliveryNo/handover", "apiPath": "/api/delivery/orders/:deliveryNo/handover", "permission": "delivery:manage", "guardLabel": "delivery.handover", "controller": "deliveryHandoverController()", "exposure": "受 RBAC 守卫保护", "risk": "中" }, { "method": "POST", "path": "/xia-api/delivery/orders/:deliveryNo/exception-report", "apiPath": "/api/delivery/orders/:deliveryNo/exception-report", "permission": "delivery:manage", "guardLabel": "delivery.exception-report", "controller": "deliveryExceptionController()", "exposure": "受 RBAC 守卫保护", "risk": "中" }, { "method": "POST", "path": "/xia-api/delivery/orders/:deliveryNo/sign-summary", "apiPath": "/api/delivery/orders/:deliveryNo/sign-summary", "permission": "delivery:manage", "guardLabel": "delivery.sign-summary", "controller": "deliverySignSummaryController()", "exposure": "受 RBAC 守卫保护", "risk": "中" }, { "method": "POST", "path": "/xia-api/delivery/orders/:deliveryNo/route-plan", "apiPath": "/api/delivery/orders/:deliveryNo/route-plan", "permission": "delivery:manage", "guardLabel": "delivery.route-plan", "controller": "deliveryRoutePlanController()", "exposure": "受 RBAC 守卫保护", "risk": "中" }, { "method": "POST", "path": "/xia-api/delivery/orders", "apiPath": "/api/delivery/orders", "permission": "delivery:manage", "guardLabel": "delivery.create", "controller": "deliveryCreateController()", "exposure": "受 RBAC 守卫保护", "risk": "中" }, { "method": "GET", "path": "/xia-api/signing", "apiPath": "/api/signing", "permission": "signing:submit", "guardLabel": "signing.view", "controller": "signingOverviewController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "GET", "path": "/xia-api/signing/pending", "apiPath": "/api/signing/pending", "permission": "signing:submit", "guardLabel": "signing.pending", "controller": "signingPendingController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "GET", "path": "/xia-api/signing/:signNo", "apiPath": "/api/signing/:signNo", "permission": "signing:submit", "guardLabel": "signing.detail", "controller": "signingDetailController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "POST", "path": "/xia-api/signing", "apiPath": "/api/signing", "permission": "signing:submit", "guardLabel": "signing.submit", "controller": "signingSubmitController()", "exposure": "受 RBAC 守卫保护", "risk": "中" }, { "method": "GET", "path": "/xia-api/finance", "apiPath": "/api/finance", "permission": "finance:manage", "guardLabel": "finance.view", "controller": "financeOverviewController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "GET", "path": "/xia-api/finance/store-wallet", "apiPath": "/api/finance/store-wallet", "permission": "finance:manage", "guardLabel": "finance.store-wallet", "controller": "storeWalletController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "GET", "path": "/xia-api/finance/store-bills", "apiPath": "/api/finance/store-bills", "permission": "finance:manage", "guardLabel": "finance.store-bills", "controller": "storeBillsController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "GET", "path": "/xia-api/finance/store-bills/:billNo", "apiPath": "/api/finance/store-bills/:billNo", "permission": "finance:manage", "guardLabel": "finance.store-bill-detail", "controller": "storeBillDetailController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "POST", "path": "/xia-api/finance/store-bills/:billNo/remind", "apiPath": "/api/finance/store-bills/:billNo/remind", "permission": "finance:manage", "guardLabel": "finance.bill-remind", "controller": "storeBillRemindController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/finance/store-bills/:billNo/collection-summary", "apiPath": "/api/finance/store-bills/:billNo/collection-summary", "permission": "finance:manage", "guardLabel": "finance.collection-summary", "controller": "storeBillCollectionSummaryController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "GET", "path": "/xia-api/finance/supplier-settlements", "apiPath": "/api/finance/supplier-settlements", "permission": "finance:manage", "guardLabel": "finance.supplier-settlements", "controller": "supplierSettlementsController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "GET", "path": "/xia-api/finance/supplier-settlements/:settlementNo", "apiPath": "/api/finance/supplier-settlements/:settlementNo", "permission": "finance:manage", "guardLabel": "finance.supplier-settlement-detail", "controller": "supplierSettlementDetailController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "POST", "path": "/xia-api/finance/supplier-settlements/:settlementNo/confirm", "apiPath": "/api/finance/supplier-settlements/:settlementNo/confirm", "permission": "finance:manage", "guardLabel": "finance.supplier-confirm", "controller": "supplierSettlementConfirmController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/finance/supplier-settlements/:settlementNo/check", "apiPath": "/api/finance/supplier-settlements/:settlementNo/check", "permission": "finance:manage", "guardLabel": "finance.supplier-check", "controller": "supplierSettlementCheckController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/finance/supplier-settlements/:settlementNo/mark-paid", "apiPath": "/api/finance/supplier-settlements/:settlementNo/mark-paid", "permission": "finance:manage", "guardLabel": "finance.supplier-mark-paid", "controller": "supplierSettlementMarkPaidController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/finance/supplier-settlements/:settlementNo/payout-summary", "apiPath": "/api/finance/supplier-settlements/:settlementNo/payout-summary", "permission": "finance:manage", "guardLabel": "finance.supplier-payout-summary", "controller": "supplierSettlementPayoutSummaryController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "GET", "path": "/xia-api/commissions", "apiPath": "/api/commissions", "permission": "finance:manage", "guardLabel": "commissions.view", "controller": "commissionsOverviewController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "GET", "path": "/xia-api/commissions/rules/active", "apiPath": "/api/commissions/rules/active", "permission": "commission:config", "guardLabel": "commission.rules-view", "controller": "commissionRulesController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "POST", "path": "/xia-api/commissions/rules/active/update", "apiPath": "/api/commissions/rules/active/update", "permission": "commission:config", "guardLabel": "commission.rule-update", "controller": "commissionRuleUpdateController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "GET", "path": "/xia-api/commissions/bindings", "apiPath": "/api/commissions/bindings", "permission": "commission:config", "guardLabel": "commission.bindings-view", "controller": "commissionBindingsController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "POST", "path": "/xia-api/commissions/bindings", "apiPath": "/api/commissions/bindings", "permission": "commission:config", "guardLabel": "commission.binding-create", "controller": "commissionBindingCreateController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/commissions/bindings/:bindingNo/update", "apiPath": "/api/commissions/bindings/:bindingNo/update", "permission": "commission:config", "guardLabel": "commission.binding-update", "controller": "commissionBindingUpdateController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/commissions/bindings/:bindingNo/delete", "apiPath": "/api/commissions/bindings/:bindingNo/delete", "permission": "commission:config", "guardLabel": "commission.binding-delete", "controller": "commissionBindingDeleteController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "GET", "path": "/xia-api/commissions/statements", "apiPath": "/api/commissions/statements", "permission": "finance:manage", "guardLabel": "commission.statements-view", "controller": "commissionStatementsController()", "exposure": "受 RBAC 守卫保护", "risk": "低" }, { "method": "POST", "path": "/xia-api/commissions/:commissionNo/review", "apiPath": "/api/commissions/:commissionNo/review", "permission": "finance:manage", "guardLabel": "commission.review", "controller": "commissionReviewController()", "exposure": "受 RBAC 守卫保护", "risk": "高" }, { "method": "POST", "path": "/xia-api/commissions/:commissionNo/payout", "apiPath": "/api/commissions/:commissionNo/payout", "permission": "finance:manage", "guardLabel": "commission.payout", "controller": "commissionPayoutController()", "exposure": "受 RBAC 守卫保护", "risk": "高" } ] }