fix: update operator description

src/backend/services/web/risk/admin.py

@@ -75,6 +75,6 @@ class TicketNodeAdmin(admin.ModelAdmin):
 
 @admin.register(TicketPermission)
 class TicketPermissionAdmin(admin.ModelAdmin):
-    list_display = ["id", "risk_id", "action", "operator"]
-    search_fields = ["risk_id", "operator"]
+    list_display = ["id", "risk_id", "action", "user"]
+    search_fields = ["risk_id", "user"]
     list_filter = ["action"]

src/backend/services/web/risk/constants.py

@@ -217,7 +217,7 @@ def fields(self):
     OPERATOR = Field(
         field_name="operator",
         alias_name="operator",
-        description=gettext_lazy("负责人"),
+        description=gettext_lazy("责任人"),
         field_type=FIELD_TYPE_TEXT,
         is_text=True,
         is_analyzed=True,

src/backend/services/web/risk/handlers/ticket.py

@@ -46,7 +46,13 @@
 )
 from services.web.risk.handlers.risk import RiskHandler
 from services.web.risk.handlers.rule import RiskRuleHandler
-from services.web.risk.models import ProcessApplication, Risk, RiskRule, TicketNode
+from services.web.risk.models import (
+    ProcessApplication,
+    Risk,
+    RiskRule,
+    TicketNode,
+    UserType,
+)
 from services.web.strategy_v2.models import Strategy
 
 
@@ -132,6 +138,7 @@ def run(self, *args, **kwargs) -> None:
         self.record_history(process_result=process_result, *args, **kwargs)
         self.auth_current_operator()
         self.notice_current_operator()
+        self.auth_notice_user()
         self.post_process(process_result=process_result, *args, **kwargs)
 
     def pre_check(self, *args, **kwargs) -> None:
@@ -208,7 +215,21 @@ def auth_current_operator(self) -> None:
         if not self.risk.current_operator or not isinstance(self.risk.current_operator, list):
             return
 
-        self.risk.auth_operators(action=ActionEnum.LIST_RISK.id, operators=self.risk.current_operator)
+        self.risk.auth_users(
+            action=ActionEnum.LIST_RISK.id, users=self.risk.current_operator, user_type=UserType.OPERATOR
+        )
+
+    def auth_notice_user(self) -> None:
+        """
+        向关注人授权
+        """
+
+        if not self.risk.notice_users or not isinstance(self.risk.notice_users, list):
+            return
+
+        self.risk.auth_users(
+            action=ActionEnum.LIST_RISK.id, users=self.risk.notice_users, user_type=UserType.NOTICE_USER
+        )
 
     def notice_current_operator(self) -> None:
         """

src/backend/services/web/risk/migrations/0027_alter_ticketpermission_unique_together_and_more.py

@@ -0,0 +1,45 @@
+# Generated by Django 4.2.19 on 2025-07-04 06:45
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ('risk', '0026_risk_created_at_risk_created_by_risk_updated_at_and_more'),
+    ]
+
+    operations = [
+        migrations.AlterUniqueTogether(
+            name='ticketpermission',
+            unique_together=set(),
+        ),
+        migrations.AddField(
+            model_name='ticketpermission',
+            name='user',
+            field=models.CharField(db_index=True, max_length=255, verbose_name='User'),
+        ),
+        migrations.AddField(
+            model_name='ticketpermission',
+            name='user_type',
+            field=models.CharField(
+                choices=[('operator', 'Operator'), ('notice_user', 'Notice User')],
+                db_index=True,
+                max_length=32,
+                verbose_name='User Type',
+            ),
+        ),
+        migrations.RunPython(
+            code=lambda apps, schema_editor: apps.get_model('risk', 'TicketPermission')
+            .objects.all()
+            .update(user=models.F('operator'), user_type='operator'),
+            reverse_code=lambda apps, schema_editor: None,
+        ),
+        migrations.AlterUniqueTogether(
+            name='ticketpermission',
+            unique_together={('risk_id', 'action', 'user', 'user_type')},
+        ),
+        migrations.RemoveField(
+            model_name='ticketpermission',
+            name='operator',
+        ),
+    ]

src/backend/services/web/risk/models.py

@@ -54,6 +54,11 @@ def generate_risk_id() -> str:
     return risk_id
 
 
+class UserType(models.TextChoices):
+    OPERATOR = "operator"
+    NOTICE_USER = "notice_user"
+
+
 class Risk(OperateRecordModel):
     """
     Risk
@@ -120,7 +125,9 @@ def load_authed_risks(cls, action: Union[ActionMeta, str]) -> QuerySet:
 
         q = Q(
             risk_id__in=TicketPermission.objects.filter(
-                operator=get_request_username(), action=ActionEnum.LIST_RISK.id
+                user_type__in=[UserType.NOTICE_USER, UserType.OPERATOR],
+                user=get_request_username(),
+                action=ActionEnum.LIST_RISK.id,
             ).values("risk_id")
         )
 
@@ -154,13 +161,14 @@ def last_history(self) -> Union["TicketNode", None]:
                 return node
         return TicketNode()
 
-    def auth_operators(self, action: str, operators: List[str]) -> None:
+    def auth_users(self, action: str, users: List[str], user_type: str = UserType.OPERATOR) -> None:
         """
-        授权处理人查看权限
+        授权相关用户查询权限
         """
-
         TicketPermission.objects.bulk_create(
-            objs=[TicketPermission(risk_id=self.risk_id, action=action, operator=operator) for operator in operators],
+            objs=[
+                TicketPermission(risk_id=self.risk_id, action=action, user_type=user_type, user=user) for user in users
+            ],
             ignore_conflicts=True,
         )
 
@@ -346,11 +354,12 @@ class TicketPermission(models.Model):
 
     risk_id = models.CharField(gettext_lazy("Risk ID"), max_length=255, db_index=True)
     action = models.CharField(gettext_lazy("Action"), max_length=32, db_index=True)
-    operator = models.CharField(gettext_lazy("Operator"), max_length=255, db_index=True)
+    user = models.CharField(gettext_lazy("User"), max_length=255, db_index=True)
     authorized_at = models.DateTimeField(gettext_lazy("Authorized Time"), auto_now_add=True)
+    user_type = models.CharField(gettext_lazy("User Type"), choices=UserType.choices, max_length=32, db_index=True)
 
     class Meta:
         verbose_name = gettext_lazy("Ticket Permission")
         verbose_name_plural = verbose_name
         ordering = ["-id"]
-        unique_together = [["risk_id", "action", "operator"]]
+        unique_together = [["risk_id", "action", "user", "user_type"]]

src/backend/services/web/risk/permissions.py

@@ -15,13 +15,12 @@
 We undertake not to change the open source license (MIT license) applicable
 to the current version of the project delivered to anyone in the future.
 """
-
 from django.shortcuts import get_object_or_404
 
 from apps.permission.handlers.actions import ActionEnum
 from apps.permission.handlers.drf import IAMPermission, InstanceActionPermission
 from apps.permission.handlers.resource_types import ResourceEnum
-from services.web.risk.models import Risk, TicketPermission
+from services.web.risk.models import Risk, TicketPermission, UserType
 
 
 class RiskViewPermission(InstanceActionPermission):
@@ -42,12 +41,16 @@ def has_risk_permission(self, risk_id: str, operator: str) -> bool:
 
     def has_risk_local_permission(self, risk_id: str, operator: str) -> bool:
         """
-        校验本地风险权限
+        校验本地风险权限。
         """
-
         return all(
             [
-                TicketPermission.objects.filter(risk_id=risk_id, action=action.id, operator=operator).exists()
+                TicketPermission.objects.filter(
+                    user_type__in=[UserType.NOTICE_USER, UserType.OPERATOR],
+                    risk_id=risk_id,
+                    action=action.id,
+                    user=operator,
+                ).exists()
                 for action in self.actions
             ]
         )