实现示例type Access = { scope: string; publish: boolean; read: boolean; actors: string[] } function validScope(s: string): boolean { return /^@[a-z0-9_\-]+$/.test(s) } function leastPrivilege(a: Access): boolean { return a.publish ? a.actors.length <= 3 : true } function evaluate(list: Access[]): { ok: boolean; errors: string[] } { const errors: string[] = [] for (const a of list) { if (!validScope(a.scope)) errors.push(`scope:${a.scope}`) if (!leastPrivilege(a)) errors.push(`actors:${a.scope}`) if (!a.read) errors.push(`read:${a.scope}`) } return { ok: errors.length === 0, errors } } 审计与发布治理审计作用域与权限变更;发布权限需双人审批与到期复核。出现异常时启用受控回退与冻结策略。
投稿
微信公众账号
微信扫一扫加关注
评论 返回
顶部
发表评论 取消回复