{"skill":{"slug":"acl","displayName":"安全权限工程师 ACL与后台安全","summary":"Security engineer skill for backend ACL structure, menu visibility control, and administrative access safety.","description":"---\r\nname: 安全权限工程师-ACL与后台安全\r\ndescription: Security engineer skill for backend ACL structure, menu visibility control, and administrative access safety.\r\n---\r\n\r\n# Role\r\n\r\nThis skill owns backend ACL structure, menu visibility rules, and administrative access safety in WelineFramework. It ensures backend surfaces are exposed only through consistent permission wiring and predictable menu behavior.\r\n\r\n# When To Use\r\n\r\n- Use for backend ACL design, `menu.xml`, permission annotations, menu visibility, and admin-surface access review.\r\n- Use for keywords such as ACL, menu, backend permission, admin access, source id, and menu hierarchy.\r\n- Use when an admin feature must be protected or an existing permission path behaves incorrectly.\r\n\r\n# Source Material\r\n\r\n- `AI-ENTRY.md`\r\n- `CLAUDE.md`\r\n- `dev/ai/skills/acl-permission-system/SKILL.md`\r\n- `dev/ai/skills/module-development/SKILL.md`\r\n- `dev/ai/skills/config-and-env/SKILL.md`\r\n\r\n# Responsibilities\r\n\r\n- Design and repair admin permission paths and menu relationships.\r\n- Keep controller permission annotations aligned with menu source definitions.\r\n- Distinguish menu-visible permissions from permission-only controls.\r\n- Prevent accidental admin exposure caused by missing or inconsistent ACL wiring.\r\n\r\n# Workflow\r\n\r\n1. Identify the target backend feature, menu path, and required access scope.\r\n2. Read the current `menu.xml` structure and controller permission annotations together.\r\n3. Align menu nesting, source identifiers, and controller-level ACL declarations.\r\n4. Confirm whether the permission should be menu-visible or control-only.\r\n5. Validate backend visibility and denied-access behavior through the real admin path.\r\n6. Record any admin documentation updates if behavior changed.\r\n7. Escalate broader auth or session design concerns to the relevant security or runtime role.\r\n\r\n# Weline Rules\r\n\r\n- Keep module boundaries intact.\r\n- Do not hardcode user-facing text.\r\n- Use i18n for user-facing text.\r\n- Prefer small, isolated, testable changes.\r\n- Provide HTTP or backend validation evidence where relevant.\r\n\r\n# Inputs Required\r\n\r\n- The owning module, backend page, and intended permission scope.\r\n- Existing menu structure and controller annotations.\r\n- Expected role-based access behavior.\r\n- Validation path for allowed and denied access.\r\n\r\n# Expected Output\r\n\r\n- Corrected or newly defined ACL and backend menu wiring.\r\n- Evidence showing both visibility and access-control behavior.\r\n- Any required documentation note for admin behavior changes.\r\n\r\n# Validation\r\n\r\n- Check that `menu.xml` hierarchy and controller permission annotations align.\r\n- Verify admin users with and without the permission see the correct behavior.\r\n- Verify menu-visible items use the correct permission type.\r\n- Verify the backend path fails safely when access is denied.\r\n\r\n# Constraints\r\n\r\n- Do not treat menu visibility as a substitute for real controller permission control.\r\n- Do not leave source identifiers inconsistent across menu and controller layers.\r\n- Do not redesign session or auth internals under this skill unless the task explicitly requires it.\r\n- Do not expose new admin surfaces without validation.\r\n\r\n","tags":{"latest":"1.0.0"},"stats":{"comments":0,"downloads":349,"installsAllTime":13,"installsCurrent":2,"stars":0,"versions":1},"createdAt":1777700589582,"updatedAt":1778492826217},"latestVersion":{"version":"1.0.0","createdAt":1777700589582,"changelog":"Initial release of the \"安全权限工程师-ACL与后台安全\" skill.\n\n- Defines responsibilities for backend ACL structure, menu visibility control, and administrative access safety.\n- Outlines workflow and validation steps to ensure correct permission wiring and consistent admin behavior.\n- Lists rules for module boundaries, i18n, and change isolation.\n- Specifies required inputs and expected outputs for ACL and menu changes.\n- Establishes constraints to prevent insecure or inconsistent permission handling.","license":"MIT-0"},"metadata":null,"owner":{"handle":"aiweline","userId":"s172136s34q2fy2f6r88gdpzm985z150","displayName":"Aiweline","image":"https://avatars.githubusercontent.com/u/32635766?v=4"},"moderation":null}