feat(admin): Add user management and upgrade to module permission system

Features - User Management (Phase 4.1):
- Database: Add user_modules table for fine-grained module permissions
- Database: Add 4 user permissions (view/create/edit/delete) to role_permissions
- Backend: UserService (780 lines) - CRUD with tenant isolation
- Backend: UserController + UserRoutes (648 lines) - 13 API endpoints
- Backend: Batch import users from Excel
- Frontend: UserListPage (412 lines) - list/filter/search/pagination
- Frontend: UserFormPage (341 lines) - create/edit with module config
- Frontend: UserDetailPage (393 lines) - details/tenant/module management
- Frontend: 3 modal components (592 lines) - import/assign/configure
- API: GET/POST/PUT/DELETE /api/admin/users/* endpoints

Architecture Upgrade - Module Permission System:
- Backend: Add getUserModules() method in auth.service
- Backend: Login API returns modules array in user object
- Frontend: AuthContext adds hasModule() method
- Frontend: Navigation filters modules based on user.modules
- Frontend: RouteGuard checks requiredModule instead of requiredVersion
- Frontend: Remove deprecated version-based permission system
- UX: Only show accessible modules in navigation (clean UI)
- UX: Smart redirect after login (avoid 403 for regular users)

Fixes:
- Fix UTF-8 encoding corruption in ~100 docs files
- Fix pageSize type conversion in userService (String to Number)
- Fix authUser undefined error in TopNavigation
- Fix login redirect logic with role-based access check
- Update Git commit guidelines v1.2 with UTF-8 safety rules

Database Changes:
- CREATE TABLE user_modules (user_id, tenant_id, module_code, is_enabled)
- ADD UNIQUE CONSTRAINT (user_id, tenant_id, module_code)
- INSERT 4 permissions + role assignments
- UPDATE PUBLIC tenant with 8 module subscriptions

Technical:
- Backend: 5 new files (~2400 lines)
- Frontend: 10 new files (~2500 lines)
- Docs: 1 development record + 2 status updates + 1 guideline update
- Total: ~4900 lines of code

Status: User management 100% complete, module permission system operational

docs/07-运维文档/02-环境变量配置模板.md

@@ -1,18 +1,18 @@
 # 环境变量配置模板 (.env)
 
-> **<EFBFBD><EFBFBD>﹝霂湔<EFBFBD>嚗?* <20>祆<EFBFBD>獢<EFBFBD><E78DA2>靘𥕦<E99D98><F0A595A6>渡<EFBFBD> `.env` <EFBFBD>滨蔭璅⊥踎  
-> **雿輻鍂<EFBFBD>孵<EFBFBD>嚗?* 憭滚<E686AD>隞乩<E99A9E><E4B9A9><EFBFBD>捆<EFBFBD>?`backend/.env` <20><>辣銝哨<E98A9D>撟嗅‵<E59785>亦<EFBFBD>摰鮋<E691B0>蝵桀<E89DB5>? 
-> **<EFBFBD>𥕦遣<EFBFBD>交<EFBFBD>嚗?* 2025-11-09
+> **文档说明：** 本文档提供完整的 `.env` 配置模板  
+> **使用方式：** 复制以下内容到 `backend/.env` 文件中，并填入真实配置值  
+> **创建日期：** 2025-11-09
 
 ---
 
 ## 📋 完整配置模板
 
-撠<EFBFBD>誑銝见<EFBFBD>摰孵<EFBFBD><EFBFBD>嗅<EFBFBD> `AIclinicalresearch/backend/.env` <EFBFBD><EFBFBD>辣嚗?
+将以下内容复制到 `AIclinicalresearch/backend/.env` 文件：
 
 ```env
 # ================================
-# <EFBFBD>滚𦛚<EFBFBD>券<EFBFBD>蝵?
+# 服务器配置
 # ================================
 PORT=3001
 HOST=0.0.0.0
@@ -20,7 +20,7 @@ NODE_ENV=development
 LOG_LEVEL=info
 
 # ================================
-# <EFBFBD>唳旿摨㯄<EFBFBD>蝵?
+# 数据库配置
 # ================================
 DATABASE_URL=postgresql://postgres:your_password@localhost:5432/ai_clinical_research
 
@@ -46,7 +46,7 @@ DEEPSEEK_BASE_URL=https://api.deepseek.com
 # ---------- Qwen (通过阿里云DashScope) ----------
 DASHSCOPE_API_KEY=sk-your-dashscope-api-key
 
-# ---------- Gemini (<EFBFBD>舫<EFBFBD>? ----------
+# ---------- Gemini (可选) ----------
 GEMINI_API_KEY=your-gemini-api-key
 
 # ================================
@@ -55,7 +55,7 @@ GEMINI_API_KEY=your-gemini-api-key
 # CloseAI是一个API代理平台，提供稳定的OpenAI和Claude访问
 # 官网：https://platform.openai-proxy.org
 
-# 蝏煺<EFBFBD>API Key嚗<EFBFBD><EFBFBD><EFBFBD>嗥鍂鈭窻penAI<EFBFBD>龦laude嚗?
+# 统一API Key（同时用于OpenAI和Claude）
 CLOSEAI_API_KEY=sk-your-closeai-api-key
 
 # OpenAI端点
@@ -69,7 +69,7 @@ CLOSEAI_CLAUDE_BASE_URL=https://api.openai-proxy.org/anthropic
 # - Claude: claude-sonnet-4-5-20250929, claude-3-5-sonnet-20241022
 
 # ================================
-# Dify<EFBFBD>滨蔭嚗<EFBFBD>䰻霂<EFBFBD><EFBFBD>RAG撘閙<EFBFBD>嚗?
+# Dify配置（知识库RAG引擎）
 # ================================
 DIFY_API_KEY=app-your-dify-api-key
 DIFY_API_URL=http://localhost/v1
@@ -88,7 +88,7 @@ CORS_ORIGIN=http://localhost:5173
 # ================================
 # 注意事项
 # ================================
-# 1. 霂瑕<EFBFBD> your-* <EFBFBD>牐<EFBFBD>蝚行𤜯<EFBFBD>Ｖ蛹<EFBFBD>笔<EFBFBD><EFBFBD><EFBFBD><EFBFBD>蝵桀<EFBFBD>?
+# 1. 请将 your-* 占位符替换为真实的配置值
 # 2. .env 文件包含敏感信息，不要提交到 git 仓库
 # 3. 生产环境请使用强密码和独立的 API Key
 # 4. JWT_SECRET 建议使用 32 位以上随机字符串
@@ -106,7 +106,7 @@ CLOSEAI_OPENAI_BASE_URL=https://api.openai-proxy.org/v1
 CLOSEAI_CLAUDE_BASE_URL=https://api.openai-proxy.org/anthropic
 ```
 
-**<EFBFBD>舐鍂璅∪<EFBFBD>嚗?*
+**可用模型：**
 - OpenAI: `gpt-5-pro`
 - Claude: `claude-sonnet-4-5-20250929`
 
@@ -120,18 +120,18 @@ CLOSEAI_CLAUDE_BASE_URL=https://api.openai-proxy.org/anthropic
 cd AIclinicalresearch/backend
 # 复制模板
 copy .env.example .env  # Windows
-# <EFBFBD>?
+# 或
 cp .env.example .env    # Linux/Mac
 ```
 
 ### 2. 填入真实配置
 
-<EFBFBD>枏<EFBFBD> `backend/.env` <EFBFBD><EFBFBD>辣嚗峕𤜯<EFBFBD>Ｗ<EFBFBD>雿滨泵嚗?
+打开 `backend/.env` 文件，替换占位符：
 
-**敹<EFBFBD>◆<EFBFBD>滨蔭嚗?*
-- `DATABASE_URL` - <EFBFBD>唳旿摨栞<EFBFBD><EFBFBD>?
+**必须配置：**
+- `DATABASE_URL` - 数据库连接
 - `DEEPSEEK_API_KEY` - DeepSeek API（主力模型）
-- `CLOSEAI_API_KEY` - CloseAI API嚗㇉penAI+Claude嚗?
+- `CLOSEAI_API_KEY` - CloseAI API（OpenAI+Claude）
 
 **可选配置：**
 - `DASHSCOPE_API_KEY` - Qwen模型
@@ -154,7 +154,7 @@ npm run dev
 
 ### 不要提交到Git
 
-蝖株恕 `.gitignore` <EFBFBD><EFBFBD>鉄嚗?
+确认 `.gitignore` 包含：
 ```gitignore
 # 环境变量文件
 .env
@@ -164,14 +164,14 @@ npm run dev
 
 ### API Key安全
 
-1. **摰𡁏<EFBFBD>頧格揢嚗?* 瘥?銝芣<E98A9D><E88AA3>湔揢銝<E68FA2>甈，PI Key
-2. **<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>撠誩<EFBFBD>嚗?* <20>芣<EFBFBD>鈭<EFBFBD><E988AD>閬<EFBFBD><E996AC><EFBFBD><EFBFBD><EFBFBD>
-3. **<EFBFBD>祉<EFBFBD>撖<EFBFBD>𤨎嚗?* 撘<><E69298>?瘚贝<E7989A>/<2F>煺漣雿輻鍂銝滚<E98A9D><E6BB9A><EFBFBD>ey
-4. **<EFBFBD>烐綉雿輻鍂嚗?* 摰𡁏<E691B0>璉<EFBFBD><E79289>丕PI靚<49>鍂<EFBFBD>誩<EFBFBD>韐寧鍂
+1. **定期轮换：** 每3个月更换一次API Key
+2. **权限最小化：** 只授予必要的权限
+3. **独立密钥：** 开发/测试/生产使用不同的Key
+4. **监控使用：** 定期检查API调用量和费用
 
-### 瘜<EFBFBD>蠧摨娍<EFBFBD>?
+### 泄露应急
 
-憒<EFBFBD><EFBFBD>API Key銝齿<EFBFBD>瘜<EFBFBD>蠧嚗?
+如果API Key不慎泄露：
 1. 立即在服务商后台禁用/删除该Key
 2. 生成新的API Key
 3. 更新 `.env` 文件
@@ -181,21 +181,21 @@ npm run dev
 
 ## 🔍 配置验证清单
 
-<EFBFBD>函蔡<EFBFBD>滩窈蝖株恕嚗?
+部署前请确认：
 
-- [ ] <EFBFBD>?DATABASE_URL <EFBFBD>滨蔭甇<EFBFBD>＆銝𥪜虾餈墧𦻖
-- [ ] <EFBFBD>?DEEPSEEK_API_KEY 撌脤<EFBFBD>蝵?
-- [ ] <EFBFBD>?CLOSEAI_API_KEY 撌脤<EFBFBD>蝵殷<EFBFBD><EFBFBD>其<EFBFBD>GPT-5<EFBFBD>龦laude-4.5嚗?
-- [ ] <EFBFBD>?JWT_SECRET 撌脖耨<EFBFBD>嫣蛹撘箏<EFBFBD><EFBFBD>?
-- [ ] <EFBFBD>?CORS_ORIGIN 撌脰挽蝵格迤蝖桃<EFBFBD><EFBFBD>滨垢<EFBFBD>啣<EFBFBD>
-- [ ] <EFBFBD>?.env <EFBFBD><EFBFBD>辣撌脫溶<EFBFBD>惩<EFBFBD> .gitignore
-- [ ] <EFBFBD>?<3F><><EFBFBD>㗇<EFBFBD><E39787>煺縑<E785BA>舀𧊋<E88880>𣂷漱<F0A382B7>蚣it
+- [ ] ✅ DATABASE_URL 配置正确且可连接
+- [ ] ✅ DEEPSEEK_API_KEY 已配置
+- [ ] ✅ CLOSEAI_API_KEY 已配置（用于GPT-5和Claude-4.5）
+- [ ] ✅ JWT_SECRET 已修改为强密码
+- [ ] ✅ CORS_ORIGIN 已设置正确的前端地址
+- [ ] ✅ .env 文件已添加到 .gitignore
+- [ ] ✅ 所有敏感信息未提交到Git
 
 ---
 
 **参考文档：**
-- [01-<EFBFBD>臬<EFBFBD><EFBFBD>滨蔭<EFBFBD><EFBFBD><EFBFBD>.md](./01-<EFBFBD>臬<EFBFBD><EFBFBD>滨蔭<EFBFBD><EFBFBD><EFBFBD>.md) - 霂衣<E99C82><E8A1A3><EFBFBD><EFBFBD>蝵株秩<E6A0AA>?
-- [<EFBFBD>唳旿摨栞<EFBFBD><EFBFBD>仿<EFBFBD>蝵孫(../09-<2D>嗆<EFBFBD>摰墧鴌/02-<2D>唳旿摨栞<E691A8><E6A09E>仿<EFBFBD>蝵?md) - <EFBFBD>唳旿摨㮖<EFBFBD>憿寥<EFBFBD>蝵?
+- [01-环境配置指南.md](./01-环境配置指南.md) - 详细的配置说明
+- [数据库连接配置](../09-架构实施/02-数据库连接配置.md) - 数据库专项配置