feat(admin): Add user management and upgrade to module permission system

Features - User Management (Phase 4.1):
- Database: Add user_modules table for fine-grained module permissions
- Database: Add 4 user permissions (view/create/edit/delete) to role_permissions
- Backend: UserService (780 lines) - CRUD with tenant isolation
- Backend: UserController + UserRoutes (648 lines) - 13 API endpoints
- Backend: Batch import users from Excel
- Frontend: UserListPage (412 lines) - list/filter/search/pagination
- Frontend: UserFormPage (341 lines) - create/edit with module config
- Frontend: UserDetailPage (393 lines) - details/tenant/module management
- Frontend: 3 modal components (592 lines) - import/assign/configure
- API: GET/POST/PUT/DELETE /api/admin/users/* endpoints

Architecture Upgrade - Module Permission System:
- Backend: Add getUserModules() method in auth.service
- Backend: Login API returns modules array in user object
- Frontend: AuthContext adds hasModule() method
- Frontend: Navigation filters modules based on user.modules
- Frontend: RouteGuard checks requiredModule instead of requiredVersion
- Frontend: Remove deprecated version-based permission system
- UX: Only show accessible modules in navigation (clean UI)
- UX: Smart redirect after login (avoid 403 for regular users)

Fixes:
- Fix UTF-8 encoding corruption in ~100 docs files
- Fix pageSize type conversion in userService (String to Number)
- Fix authUser undefined error in TopNavigation
- Fix login redirect logic with role-based access check
- Update Git commit guidelines v1.2 with UTF-8 safety rules

Database Changes:
- CREATE TABLE user_modules (user_id, tenant_id, module_code, is_enabled)
- ADD UNIQUE CONSTRAINT (user_id, tenant_id, module_code)
- INSERT 4 permissions + role assignments
- UPDATE PUBLIC tenant with 8 module subscriptions

Technical:
- Backend: 5 new files (~2400 lines)
- Frontend: 10 new files (~2500 lines)
- Docs: 1 development record + 2 status updates + 1 guideline update
- Total: ~4900 lines of code

Status: User management 100% complete, module permission system operational

docs/09-架构实施/migration-scripts/README.md

@@ -1,8 +1,8 @@
 # Schema迁移脚本使用指南
 
-> **<EFBFBD><EFBFBD>𧋦嚗?* V1.0  
-> **<EFBFBD>𥕦遣<EFBFBD>交<EFBFBD>嚗?* 2025-11-09  
-> **餈<EFBFBD>宏<EFBFBD>格<EFBFBD>嚗?* 隞簵ublic schema餈<EFBFBD>宏<EFBFBD>?0銝芷<E98A9D>蝳艋chema
+> **版本：** V1.0  
+> **创建日期：** 2025-11-09  
+> **迁移目标：** 从public schema迁移到10个隔离Schema
 
 ---
 
@@ -10,13 +10,13 @@
 
 | # | 脚本名称 | 说明 | 预计时间 | 前置依赖 |
 |---|---------|------|---------|---------|
-| 1 | `001-create-all-10-schemas.sql` | <EFBFBD>𥕦遣10銝杵chema嚗?霂衣<E99C82>+7蝛綽<E89D9B> | 5蝘?| <20>?|
-| 2 | `002-migrate-platform.sql` | 餈<EFBFBD>宏platform_schema嚗?銝芾”嚗鮁sers嚗?| 15<EFBFBD><EFBFBD><EFBFBD> | 001 |
-| 3 | `003-migrate-aia.sql` | 餈<EFBFBD>宏aia_schema嚗?銝芾”嚗𡁜笆霂萘㮾<E89098>喉<EFBFBD> | 30<EFBFBD><EFBFBD><EFBFBD> | 001, 002 |
-| 4 | `004-migrate-pkb.sql` | 餈<EFBFBD>宏pkb_schema嚗?銝芾”嚗𡁶䰻霂<E4B0BB><E99C82><EFBFBD>詨<EFBFBD>嚗?| 30<EFBFBD><EFBFBD><EFBFBD> | 001, 002 |
-| 5 | `005-validate-all.sql` | <EFBFBD>典<EFBFBD>撉諹<EFBFBD><EFBFBD>峕㺭<EFBFBD>桀<EFBFBD><EFBFBD>湔<EFBFBD>扳<EFBFBD><EFBFBD>?| 10<EFBFBD><EFBFBD><EFBFBD> | 001-004 |
+| 1 | `001-create-all-10-schemas.sql` | 创建10个Schema（3详细+7空） | 5秒 | 无 |
+| 2 | `002-migrate-platform.sql` | 迁移platform_schema（1个表：users） | 15分钟 | 001 |
+| 3 | `003-migrate-aia.sql` | 迁移aia_schema（5个表：对话相关） | 30分钟 | 001, 002 |
+| 4 | `004-migrate-pkb.sql` | 迁移pkb_schema（5个表：知识库相关） | 30分钟 | 001, 002 |
+| 5 | `005-validate-all.sql` | 全局验证和数据完整性检查 | 10分钟 | 001-004 |
 
-**<EFBFBD>餉恣嚗?* 蝥?.5撠𤩺𧒄
+**总计：** 约1.5小时
 
 ---
 
@@ -24,19 +24,19 @@
 
 ### 前置准备
 
-1. **憭<EFBFBD>遢<EFBFBD>唳旿摨橒<EFBFBD>撘箇<EFBFBD>撱箄悅嚗?*
+1. **备份数据库（强烈建议）**
    ```bash
    pg_dump -U postgres -d your_database > backup_$(date +%Y%m%d_%H%M%S).sql
    ```
 
-2. **蝖株恕<EFBFBD>唳旿摨栞<EFBFBD><EFBFBD>?*
+2. **确认数据库连接**
    ```bash
    # 确保DATABASE_URL环境变量正确
    echo $DATABASE_URL
-   # <EFBFBD>𡝗䰻<EFBFBD>?.env <EFBFBD><EFBFBD>辣
+   # 或查看 .env 文件
    ```
 
-3. **蝖株恕敶枏<EFBFBD>銵函<EFBFBD><EFBFBD>?*
+3. **确认当前表结构**
    ```sql
    SELECT tablename FROM pg_tables WHERE schemaname = 'public';
    ```
@@ -59,7 +59,8 @@ psql $DATABASE_URL -f 004-migrate-pkb.sql
 psql $DATABASE_URL -f 005-validate-all.sql
 ```
 
-#### <EFBFBD>寞<EFBFBD>2嚗帋<EFBFBD>甈⊥<EFBFBD>扳<EFBFBD>銵峕<EFBFBD><EFBFBD>㕑<EFBFBD><EFBFBD>?
+#### 方法2：一次性执行所有脚本
+
 ```bash
 # 创建执行脚本
 cat 001-create-all-10-schemas.sql \
@@ -70,16 +71,18 @@ cat 001-create-all-10-schemas.sql \
     | psql $DATABASE_URL
 ```
 
-#### <EFBFBD>寞<EFBFBD>3嚗帋蝙<EFBFBD>冽㺭<EFBFBD>桀<EFBFBD>摰Ｘ<EFBFBD>蝡荔<EFBFBD>憒<EFBFBD>Beaver<EFBFBD><EFBFBD>gAdmin嚗?
+#### 方法3：使用数据库客户端（如DBeaver、pgAdmin）
+
 1. 打开数据库客户端
 2. 连接到目标数据库
 3. 依次打开并执行每个SQL文件
 
 ---
 
-## <EFBFBD>?撉諹<E69289>皜<EFBFBD><E79A9C>
+## ✅ 验证清单
+
+### 执行001后
 
-### <20>扯<EFBFBD>001<30>?
 - [ ] 10个Schema全部创建成功
 - [ ] 每个Schema都有注释说明
 
@@ -91,17 +94,21 @@ WHERE nspname LIKE '%_schema'
 ORDER BY nspname;
 ```
 
-### <EFBFBD>扯<EFBFBD>002<EFBFBD>?
-- [ ] platform_schema.users銵典<E98AB5>撱箸<E692B1><E7AEB8>?- [ ] <20>唳旿隞簵ublic.users摰峕㟲餈<E39FB2>宏
-- [ ] 4銝芰揣撘訫<EFBFBD>撱箸<EFBFBD><EFBFBD>?
+### 执行002后
+
+- [ ] platform_schema.users表创建成功
+- [ ] 数据从public.users完整迁移
+- [ ] 4个索引创建成功
+
 ```sql
 -- 验证SQL
 SELECT COUNT(*) AS public_count FROM public.users;
 SELECT COUNT(*) AS platform_count FROM platform_schema.users;
 ```
 
-### <EFBFBD>扯<EFBFBD>003<EFBFBD>?
-- [ ] aia_schema<6D>?銝芾”<E88ABE>𥕦遣<F0A595A6>𣂼<EFBFBD>
+### 执行003后
+
+- [ ] aia_schema的5个表创建成功
 - [ ] 数据完整迁移
 - [ ] 外键约束正确建立
 
@@ -111,8 +118,9 @@ SELECT COUNT(*) FROM aia_schema.projects;
 SELECT COUNT(*) FROM aia_schema.conversations;
 ```
 
-### <EFBFBD>扯<EFBFBD>004<EFBFBD>?
-- [ ] pkb_schema<6D>?銝芾”<E88ABE>𥕦遣<F0A595A6>𣂼<EFBFBD>
+### 执行004后
+
+- [ ] pkb_schema的5个表创建成功
 - [ ] 包含Phase 2全文阅读字段
 - [ ] 数据完整迁移
 
@@ -122,16 +130,20 @@ SELECT COUNT(*) FROM pkb_schema.knowledge_bases;
 SELECT COUNT(*) FROM pkb_schema.documents;
 ```
 
-### <EFBFBD>扯<EFBFBD>005<EFBFBD>?
-- [ ] <20><><EFBFBD>㗇㺭<E39787>桅<EFBFBD>撖寞<E69296>銝<EFBFBD><E98A9D>?- [ ] 頝沒chema憭㚚睸撘閧鍂<E996A7>㗇<EFBFBD>
-- [ ] <EFBFBD>䭾㺭<EFBFBD>桐腺憭?
+### 执行005后
+
+- [ ] 所有数据量对比一致
+- [ ] 跨Schema外键引用有效
+- [ ] 无数据丢失
+
 ---
 
-## <EFBFBD><EFBFBD> 餈<>宏<EFBFBD>擧㺭<E693A7>桀<EFBFBD>撣?
+## 📊 迁移后数据分布
+
 ### Platform Schema
 ```
 platform_schema
-<EFBFBD>婙<EFBFBD><EFBFBD><EFBFBD> users (1銵?
+└── users (1表)
 ```
 
 ### AIA Schema
@@ -141,7 +153,7 @@ aia_schema
 ├── conversations
 ├── messages
 ├── general_conversations
-<EFBFBD>婙<EFBFBD><EFBFBD><EFBFBD> general_messages (5銵?
+└── general_messages (5表)
 ```
 
 ### PKB Schema
@@ -151,13 +163,13 @@ pkb_schema
 ├── documents
 ├── batch_tasks
 ├── batch_results
-<EFBFBD>婙<EFBFBD><EFBFBD><EFBFBD> task_templates (5銵?
+└── task_templates (5表)
 ```
 
-### 蝛搴chema嚗?銝迎<E98A9D>
+### 空Schema（7个）
 ```
 asl_schema      (AI智能文献 - Week 3设计)
-common_schema   (<EFBFBD>𡁶鍂<EFBFBD>賢<EFBFBD>撅?
+common_schema   (通用能力层)
 dc_schema       (数据清洗)
 rvw_schema      (审稿系统)
 admin_schema    (运营管理)
@@ -172,19 +184,25 @@ st_schema       (统计分析工具)
 ### 1. 事务保护
 
 所有迁移脚本都使用了事务（BEGIN/COMMIT）：
-- <EFBFBD>𣂼<EFBFBD>嚗𡁜<EFBFBD><EFBFBD>冽<EFBFBD>鈭?- 憭梯揖嚗朞䌊<E69C9E>典<EFBFBD>皛𡄯<E79A9B><F0A184AF>𣳇<EFBFBD><F0A3B387><EFBFBD><EFBFBD>蝘?
-### 2. 撟<><E6929F><EFBFBD>?
+- 成功：全部提交
+- 失败：自动回滚，无部分迁移
+
+### 2. 幂等性
+
 所有脚本支持重复执行：
 - 使用 `IF NOT EXISTS` 创建对象
 - 使用 `ON CONFLICT DO NOTHING` 插入数据
 
 ### 3. public schema保留
 
-餈<EFBFBD>宏<EFBFBD>?*銝滢<E98A9D><E6BBA2>𣳇膄** public schema銝剔<EFBFBD><EFBFBD>蠘”嚗?- <20>笔<EFBFBD>嚗𡁏䲮靘踹<E99D98>皛𡁜<E79A9B>撖寞<E69296>撉諹<E69289>
-- 皜<EFBFBD><EFBFBD>嚗𡁜<EFBFBD><EFBFBD><EFBFBD><EFBFBD>厰<EFBFBD>霂<EFBFBD><EFBFBD>朞<EFBFBD><EFBFBD>𠬍<EFBFBD><EFBFBD>滚<EFBFBD>摰𡁏糓<EFBFBD>血<EFBFBD><EFBFBD>?
+迁移后**不会删除** public schema中的原表：
+- 原因：方便回滚和对比验证
+- 清理：待所有验证通过后，再决定是否删除
+
 ### 4. 外键约束
 
-<EFBFBD>舀<EFBFBD>頝沒chema憭㚚睸嚗?- <20><><EFBFBD>劐<EFBFBD><E58A90>∟”撘閧鍂 `platform_schema.users(id)`
+支持跨Schema外键：
+- 所有业务表引用 `platform_schema.users(id)`
 - PostgreSQL原生支持，无需特殊配置
 
 ---
@@ -193,9 +211,9 @@ st_schema       (统计分析工具)
 
 ### 问题1：连接被拒绝
 
-**<EFBFBD>躰秤嚗?* `connection refused`
+**错误：** `connection refused`
 
-**閫<EFBFBD><EFBFBD>嚗?*
+**解决：**
 ```bash
 # 检查PostgreSQL服务
 sudo systemctl status postgresql
@@ -204,24 +222,29 @@ sudo systemctl status postgresql
 sudo systemctl start postgresql
 ```
 
-### <EFBFBD>桅<EFBFBD>2嚗𡁏<EFBFBD><EFBFBD>𣂷<EFBFBD>頞?
-**<2A>躰秤嚗?* `permission denied to create schema`
+### 问题2：权限不足
 
-**閫<EFBFBD><EFBFBD>嚗?*
+**错误：** `permission denied to create schema`
+
+**解决：**
 ```sql
 -- 授予权限
 GRANT CREATE ON DATABASE your_database TO your_user;
 ```
 
-### <EFBFBD>桅<EFBFBD>3嚗𡁜<EFBFBD><EFBFBD>桃漲<EFBFBD>笔仃韐?
-**<2A>躰秤嚗?* `violates foreign key constraint`
+### 问题3：外键约束失败
 
-**閫<EFBFBD><EFBFBD>嚗?*
-- 蝖桐<E89D96><E6A190><EFBFBD><EFBFBD>銵?002嚗īlatform嚗匧<E59A97><E58CA7>扯<EFBFBD> 003/004嚗Òia/pkb嚗?- 璉<><E79289>交糓<E4BAA4>行<EFBFBD>摮斤<E691AE><E696A4><EFBFBD>ser_id
+**错误：** `violates foreign key constraint`
 
-### <20>桅<EFBFBD>4嚗𡁏㺭<F0A1818F>桅<EFBFBD>銝滢<E98A9D><E6BBA2>?
-**<2A>躰秤嚗?* 撉諹<E69289><E8ABB9>𡁏𧋦<F0A1818F>亙<EFBFBD><E4BA99>唳旿<E594B3>譍<EFBFBD>銝<EFBFBD><E98A9D>?
-**閫<><E996AB>嚗?*
+**解决：**
+- 确保先执行 002（platform）再执行 003/004（aia/pkb）
+- 检查是否有孤立的user_id
+
+### 问题4：数据量不一致
+
+**错误：** 验证脚本报告数据量不一致
+
+**解决：**
 1. 检查是否有迁移过程中新增的数据
 2. 使用ID对比检查具体差异：
    ```sql
@@ -235,7 +258,8 @@ GRANT CREATE ON DATABASE your_database TO your_user;
 
 ## 📝 回滚方案
 
-### 敹恍<EFBFBD>笔<EFBFBD>皛𡄯<EFBFBD><EFBFBD>刻<EFBFBD>嚗?
+### 快速回滚（推荐）
+
 ```sql
 -- 删除所有新建的Schema（会级联删除所有表和数据）
 DROP SCHEMA IF EXISTS platform_schema CASCADE;
@@ -250,7 +274,8 @@ DROP SCHEMA IF EXISTS ssa_schema CASCADE;
 DROP SCHEMA IF EXISTS st_schema CASCADE;
 ```
 
-### 隞𤾸<EFBFBD>隞賣<EFBFBD>憭?
+### 从备份恢复
+
 ```bash
 # 恢复备份
 psql $DATABASE_URL < backup_20251109_100000.sql
@@ -262,9 +287,10 @@ psql $DATABASE_URL < backup_20251109_100000.sql
 
 迁移完成后，需要：
 
-1. **<EFBFBD>湔鰵Prisma<EFBFBD>滨蔭** <20>?閫<>遙<EFBFBD>?
+1. **更新Prisma配置** → 见任务9
    - 更新 `backend/prisma/schema.prisma`
-   - 瘛餃<EFBFBD> `multiSchema` 憸<EFBFBD><EFBFBD><EFBFBD>寞<EFBFBD>?   - 銝?銝杵chema摰帋<E691B0>璅∪<E79285>
+   - 添加 `multiSchema` 预览特性
+   - 为3个Schema定义模型
 
 2. **生成Prisma Client**
    ```bash
@@ -272,25 +298,28 @@ psql $DATABASE_URL < backup_20251109_100000.sql
    npx prisma generate
    ```
 
-3. **<EFBFBD>湔鰵隞<EFBFBD><EFBFBD>** <20>?閫<>遙<EFBFBD>?2
+3. **更新代码** → 见任务12
    - 所有数据库查询使用新Schema
    - 测试现有功能
 
-4. **餈鞱<EFBFBD>瘚贝<EFBFBD>** <20>?閫<>遙<EFBFBD>?
+4. **运行测试** → 见任务8
    - 测试AI智能问答
-   - 瘚贝<EFBFBD><EFBFBD>亥<EFBFBD>摨枏<EFBFBD><EFBFBD>?
+   - 测试知识库功能
+
 ---
 
 ## 📞 获取帮助
 
-憒<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>桅<EFBFBD>嚗?
-1. **<2A>亦<EFBFBD><E4BAA6>亙<EFBFBD>** - psql隡朞<E99AA1><E69C9E>箄祕蝏<E7A595><E89D8F><EFBFBD>扯<EFBFBD>靽⊥<E99DBD><E28AA5>屸<EFBFBD>霂?2. **璉<><E79289>交<EFBFBD>獢?* - <20><><EFBFBD>?`09-<2D>嗆<EFBFBD>摰墧鴌/01-Schema<6D>𠉛氖<F0A0899B>嗆<EFBFBD>霈曇恣嚗?0銝迎<E98A9D>.md`
+如果遇到问题：
+
+1. **查看日志** - psql会输出详细的执行信息和错误
+2. **检查文档** - 参考 `09-架构实施/01-Schema隔离架构设计（10个）.md`
 3. **验证数据** - 运行 `005-validate-all.sql`
 
 ---
 
 **创建人：** AI助手  
 **最后更新：** 2025-11-09  
-**<EFBFBD><EFBFBD>𧋦嚗?* V1.0
+**版本：** V1.0
 
-**<EFBFBD>詨<EFBFBD><EFBFBD><EFBFBD>艙嚗𡁜虾<EFBFBD>滚<EFBFBD><EFBFBD>扯<EFBFBD> + 鈭见𦛚靽脲擪 + 摰峕㟲撉諹<E69289> = 摰匧<E691B0>餈<EFBFBD>宏** 潃鐥<E6BD83>潃?
+**核心理念：可重复执行 + 事务保护 + 完整验证 = 安全迁移** ⭐⭐⭐