feat(supervisor): redact sensitive fields in overview

2026-04-16 11:57:24 +08:00
parent 55d84576f3
commit 6cd6424561
1 changed files with 3 additions and 0 deletions
@@ -180,6 +180,9 @@ func (s *Service) GetSupervisorOverview(ctx context.Context, supervisorUID int,
 			// 对单个 owner 的失败做降级，不影响其他人的展示
 			continue
 		}
+		// 权限边界：监督视图只展示必要字段，避免泄露备注/梦想目标等更私密的信息。
+		home.DailyStatus.Note = nil
+		home.Goal = nil
 		items = append(items, SupervisorOwnerSummary{
 			Owner: owner,
 			Home:  home,