Month: 2025-07 — TencentBlueKing/bk-lite monthly summary. Focused on strengthening access control and API consistency through granular instance permission checks. Delivered a reusable permission-checking layer and updated APIs to enforce the enhanced checks, driving finer-grained control over user actions on instances and their associations. This work improves security posture, reduces risk of over-privileged access, and lays the foundation for scalable, model-level permission management. Details: - Key feature delivered: Granular Instance Permission Checks and API Updates. Implemented new utility functions for single and batch association permission checks, refactored permission logic to use these utilities, and updated multiple API endpoints to leverage the enhanced checks. - Commit reference: f2c9622e1343325a1541a81dbcdbfcf385db9426 - Bug/issue notes: Permissions for full-text search and global search surfaced as problematic during this work; verification is pending and model permission controls are planned for the next sprint. Impact: Strengthened security posture, improved API consistency, and laid foundation for scalable permission management; decreased risk of over-privileged actions and improved auditability. Technologies/skills demonstrated: Permission engineering, utility design for single/batch checks, code refactoring, API optimization, commit-level traceability.