From 16ffdfc114add0f4afa4a4fdeeaeca3dcc19534d Mon Sep 17 00:00:00 2001
From: yuliang_guo <anonymous@qq.com>
Date: Thu, 29 Jan 2026 17:29:42 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E7=99=BB=E5=BD=95=E5=90=8E=E8=B7=B3?=
 =?UTF-8?q?=E8=BD=AC=E5=89=8D=E6=A3=80=E6=9F=A5=E7=9B=AE=E6=A0=87=E9=A1=B5?=
 =?UTF-8?q?=E9=9D=A2=E6=9D=83=E9=99=90?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 frontend/src/views/login/index.vue | 28 ++++++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/frontend/src/views/login/index.vue b/frontend/src/views/login/index.vue
index 044fb7e..5690209 100644
--- a/frontend/src/views/login/index.vue
+++ b/frontend/src/views/login/index.vue
@@ -183,7 +183,18 @@ const handleLogin = async () => {
           ElMessage.success('登录成功')
 
           // 跳转到用户默认页面或指定的重定向页面
-          const redirect = new URLSearchParams(window.location.search).get('redirect') || authManager.getDefaultRoute()
+          const defaultRoute = authManager.getDefaultRoute()
+          let redirect = new URLSearchParams(window.location.search).get('redirect') || defaultRoute
+          
+          // 检查 redirect 目标是否有权限访问
+          const userRole = authManager.getUserRole()
+          if (redirect && userRole) {
+            if ((redirect.startsWith('/admin') && userRole !== 'admin') ||
+                (redirect.startsWith('/manager') && !['admin', 'manager'].includes(userRole)) ||
+                (redirect.startsWith('/analysis') && !['admin', 'manager'].includes(userRole))) {
+              redirect = defaultRoute
+            }
+          }
           router.push(redirect)
         } else {
           ElMessage.error(response.message || '登录失败')
@@ -249,7 +260,20 @@ const handleDingtalkLoginSuccess = async (response: any) => {
   
   // 跳转到用户角色对应的默认页面
   const defaultRoute = authManager.getDefaultRoute()
-  const redirect = new URLSearchParams(window.location.search).get('redirect') || defaultRoute
+  let redirect = new URLSearchParams(window.location.search).get('redirect') || defaultRoute
+  
+  // 检查 redirect 目标是否有权限访问
+  const userRole = authManager.getUserRole()
+  if (redirect && userRole) {
+    // 检查是否尝试访问需要更高权限的页面
+    if ((redirect.startsWith('/admin') && userRole !== 'admin') ||
+        (redirect.startsWith('/manager') && !['admin', 'manager'].includes(userRole)) ||
+        (redirect.startsWith('/analysis') && !['admin', 'manager'].includes(userRole))) {
+      console.log('[钉钉登录] redirect 目标需要更高权限，改为默认页面')
+      redirect = defaultRoute
+    }
+  }
+  
   console.log('[钉钉登录] 跳转到:', redirect)
   router.push(redirect)
 }