feat(admin): Add user management and upgrade to module permission system

Features - User Management (Phase 4.1): - Database: Add user_modules table for fine-grained module permissions - Database: Add 4 user permissions (view/create/edit/delete) to role_permissions - Backend: UserService (780 lines) - CRUD with tenant isolation - Backend: UserController + UserRoutes (648 lines) - 13 API endpoints - Backend: Batch import users from Excel - Frontend: UserListPage (412 lines) - list/filter/search/pagination - Frontend: UserFormPage (341 lines) - create/edit with module config - Frontend: UserDetailPage (393 lines) - details/tenant/module management - Frontend: 3 modal components (592 lines) - import/assign/configure - API: GET/POST/PUT/DELETE /api/admin/users/* endpoints Architecture Upgrade - Module Permission System: - Backend: Add getUserModules() method in auth.service - Backend: Login API returns modules array in user object - Frontend: AuthContext adds hasModule() method - Frontend: Navigation filters modules based on user.modules - Frontend: RouteGuard checks requiredModule instead of requiredVersion - Frontend: Remove deprecated version-based permission system - UX: Only show accessible modules in navigation (clean UI) - UX: Smart redirect after login (avoid 403 for regular users) Fixes: - Fix UTF-8 encoding corruption in ~100 docs files - Fix pageSize type conversion in userService (String to Number) - Fix authUser undefined error in TopNavigation - Fix login redirect logic with role-based access check - Update Git commit guidelines v1.2 with UTF-8 safety rules Database Changes: - CREATE TABLE user_modules (user_id, tenant_id, module_code, is_enabled) - ADD UNIQUE CONSTRAINT (user_id, tenant_id, module_code) - INSERT 4 permissions + role assignments - UPDATE PUBLIC tenant with 8 module subscriptions Technical: - Backend: 5 new files (~2400 lines) - Frontend: 10 new files (~2500 lines) - Docs: 1 development record + 2 status updates + 1 guideline update - Total: ~4900 lines of code Status: User management 100% complete, module permission system operational
2026-01-16 13:42:10 +08:00
parent 98d862dbd4
commit 66255368b7
560 changed files with 70424 additions and 52353 deletions
--- a/docs/_templates/API设计-模板.md
+++ b/docs/_templates/API设计-模板.md
@@ -1,8 +1,8 @@
 # [模块名称] - API设计

-> **<EFBFBD>箇<EFBFBD>頝臬<EFBFBD>嚗?* `/api/v1/璅∪<EFBFBD><EFBFBD>崾  
-> **蝡舐<EFBFBD><EFBFBD>圈<EFBFBD>嚗?* X銝? 
-> **霈方<EFBFBD>閬<EFBFBD><EFBFBD>嚗?* JWT Token  
+> **基础路径：** `/api/v1/模块名`  
+> **端点数量：** X个  
+> **认证要求：** JWT Token  
 > **最后更新：** YYYY-MM-DD

 ---
@@ -11,11 +11,11 @@

 | 端点 | 方法 | 说明 | 认证 |
 |------|------|------|------|
-| `/api/v1/xxx/resources` | GET | <EFBFBD>瑕<EFBFBD>韏<EFBFBD><EFBFBD><EFBFBD>𡑒” | <EFBFBD>?|
-| `/api/v1/xxx/resources/:id` | GET | <EFBFBD>瑕<EFBFBD>韏<EFBFBD><EFBFBD>霂行<EFBFBD> | <EFBFBD>?|
-| `/api/v1/xxx/resources` | POST | <EFBFBD>𥕦遣韏<EFBFBD><EFBFBD> | <EFBFBD>?|
-| `/api/v1/xxx/resources/:id` | PUT | <EFBFBD>湔鰵韏<EFBFBD><EFBFBD> | <EFBFBD>?|
-| `/api/v1/xxx/resources/:id` | DELETE | <EFBFBD>𣳇膄韏<EFBFBD><EFBFBD> | <EFBFBD>?|
+| `/api/v1/xxx/resources` | GET | 获取资源列表 | ✅ |
+| `/api/v1/xxx/resources/:id` | GET | 获取资源详情 | ✅ |
+| `/api/v1/xxx/resources` | POST | 创建资源 | ✅ |
+| `/api/v1/xxx/resources/:id` | PUT | 更新资源 | ✅ |
+| `/api/v1/xxx/resources/:id` | DELETE | 删除资源 | ✅ |

 ---

@@ -23,31 +23,31 @@

 ### 1. 获取资源列表

-**蝡舐<EFBFBD>嚗?* `GET /api/v1/xxx/resources`
+**端点：** `GET /api/v1/xxx/resources`

-**<EFBFBD>券<EFBFBD>䈑<EFBFBD>** <20>瑕<EFBFBD>敶枏<E695B6><E69E8F>冽<EFBFBD><E586BD><EFBFBD><EFBFBD>皞𣂼<E79A9E>銵剁<E98AB5><E58981><EFBFBD>△嚗?
+**用途：** 获取当前用户的资源列表（分页）

-**霂瑟<EFBFBD><EFBFBD><EFBFBD>㺭嚗?*
+**请求参数：**

-**Query<EFBFBD><EFBFBD>㺭嚗?*
+**Query参数：**
 ```typescript
 {
-  page?: number;        // 憿萇<EFBFBD>嚗屸<EFBFBD>霈?
-  pageSize?: number;    // 瘥誯△<EFBFBD>圈<EFBFBD>嚗屸<EFBFBD>霈?0嚗峕<E59A97>憭?00
-  status?: string;      // 蝑偦<EFBFBD>㚁<EFBFBD><EFBFBD>嗆<EFBFBD><EFBFBD><EFBFBD>active/inactive嚗?
-  keyword?: string;     // <EFBFBD>𦦵揣<EFBFBD>喲睸霂?
-  sortBy?: string;      // <EFBFBD>鍦<EFBFBD>摮埈挾嚗ẾreatedAt/updatedAt嚗?
+  page?: number;        // 页码，默认1
+  pageSize?: number;    // 每页数量，默认10，最大100
+  status?: string;      // 筛选：状态（active/inactive）
+  keyword?: string;     // 搜索关键词
+  sortBy?: string;      // 排序字段（createdAt/updatedAt）
  sortOrder?: 'asc' | 'desc';  // 排序方向，默认desc
 }
 ```

-**霂瑟<EFBFBD>蝷箔<EFBFBD>嚗?*
+**请求示例：**
 ```bash
 GET /api/v1/xxx/resources?page=1&pageSize=10&status=active
 Authorization: Bearer <token>
 ```

-**<EFBFBD>𣂼<EFBFBD><EFBFBD>滚<EFBFBD>嚗?* `200 OK`
+**成功响应：** `200 OK`
 ```json
 {
  "success": true,
@@ -74,7 +74,7 @@ Authorization: Bearer <token>
 }
 ```

-**<EFBFBD>躰秤<EFBFBD>滚<EFBFBD>嚗?*
+**错误响应：**
 ```json
 // 401 Unauthorized
 {
@@ -92,7 +92,7 @@ Authorization: Bearer <token>
    "code": "INVALID_PARAMS",
    "message": "参数错误",
    "details": [
-      { "field": "pageSize", "message": "<EFBFBD><EFBFBD>憭找<EFBFBD><EFBFBD>質<EFBFBD>餈?00" }
+      { "field": "pageSize", "message": "最大不能超过100" }
    ]
  }
 }
@@ -102,20 +102,20 @@ Authorization: Bearer <token>

 ### 2. 获取资源详情

-**蝡舐<EFBFBD>嚗?* `GET /api/v1/xxx/resources/:id`
+**端点：** `GET /api/v1/xxx/resources/:id`

-**<EFBFBD>券<EFBFBD>䈑<EFBFBD>** <20>瑕<EFBFBD><E79195><EFBFBD><EFBFBD>韏<EFBFBD><E99F8F><EFBFBD><EFBFBD>祕蝏<E7A595>縑<EFBFBD>?
+**用途：** 获取指定资源的详细信息

-**頝臬<EFBFBD><EFBFBD><EFBFBD>㺭嚗?*
+**路径参数：**
 - `id` (必填): 资源ID

-**霂瑟<EFBFBD>蝷箔<EFBFBD>嚗?*
+**请求示例：**
 ```bash
 GET /api/v1/xxx/resources/123
 Authorization: Bearer <token>
 ```

-**<EFBFBD>𣂼<EFBFBD><EFBFBD>滚<EFBFBD>嚗?* `200 OK`
+**成功响应：** `200 OK`
 ```json
 {
  "success": true,
@@ -127,24 +127,24 @@ Authorization: Bearer <token>
    "status": "active",
    "createdAt": "2025-11-06T10:00:00.000Z",
    "updatedAt": "2025-11-06T10:00:00.000Z",
-    // 憸嘥<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>娍㺭<EFBFBD>?
+    // 额外的关联数据
    "user": {
      "id": 456,
-      "name": "<EFBFBD>冽<EFBFBD><EFBFBD>?
+      "name": "用户名"
    }
  },
  "message": "获取成功"
 }
 ```

-**<EFBFBD>躰秤<EFBFBD>滚<EFBFBD>嚗?*
+**错误响应：**
 ```json
 // 404 Not Found
 {
  "success": false,
  "error": {
    "code": "NOT_FOUND",
-    "message": "韏<EFBFBD><EFBFBD>銝滚<EFBFBD><EFBFBD>?
+    "message": "资源不存在"
  }
 }

@@ -153,7 +153,7 @@ Authorization: Bearer <token>
  "success": false,
  "error": {
    "code": "FORBIDDEN",
-    "message": "<EFBFBD>䭾<EFBFBD>霈輸䔮甇方<EFBFBD>皞?
+    "message": "无权访问此资源"
  }
 }
 ```
@@ -162,44 +162,44 @@ Authorization: Bearer <token>

 ### 3. 创建资源

-**蝡舐<EFBFBD>嚗?* `POST /api/v1/xxx/resources`
+**端点：** `POST /api/v1/xxx/resources`

-**<EFBFBD>券<EFBFBD>䈑<EFBFBD>** <20>𥕦遣<F0A595A6>啗<EFBFBD>皞?
+**用途：** 创建新资源

 **请求体：**
 ```json
 {
-  "fieldName": "韏<EFBFBD><EFBFBD><EFBFBD>滨妍",      // 敹<EFBFBD>‵嚗屸鵭摨?-200
-  "description": "<EFBFBD>讛膩",        // <EFBFBD>舫<EFBFBD>㚁<EFBFBD><EFBFBD><EFBFBD>憭?000摮?
+  "fieldName": "资源名称",      // 必填，长度2-200
+  "description": "描述",        // 可选，最大5000字
  "status": "active"            // 可选，默认active
 }
 ```

-**撉諹<EFBFBD>閫<EFBFBD><EFBFBD>嚗?*
- `fieldName`: 敹<EFBFBD>‵嚗?-200摮㛖泵嚗䔶<E59A97><E494B6>賢<EFBFBD><E8B3A2>怎鸌畾𠰴<E795BE>蝚?
- `description`: <EFBFBD>舫<EFBFBD>㚁<EFBFBD><EFBFBD><EFBFBD>憭?000摮㛖泵
+**验证规则：**
+- `fieldName`: 必填，2-200字符，不能包含特殊字符
+- `description`: 可选，最大5000字符
 - `status`: 可选，有效值：active, inactive

-**霂瑟<EFBFBD>蝷箔<EFBFBD>嚗?*
+**请求示例：**
 ```bash
 POST /api/v1/xxx/resources
 Authorization: Bearer <token>
 Content-Type: application/json

 {
-  "fieldName": "<EFBFBD>啗<EFBFBD>皞?,
+  "fieldName": "新资源",
  "description": "这是一个新资源"
 }
 ```

-**<EFBFBD>𣂼<EFBFBD><EFBFBD>滚<EFBFBD>嚗?* `201 Created`
+**成功响应：** `201 Created`
 ```json
 {
  "success": true,
  "data": {
    "id": 124,
    "userId": 456,
-    "fieldName": "<EFBFBD>啗<EFBFBD>皞?,
+    "fieldName": "新资源",
    "description": "这是一个新资源",
    "status": "active",
    "createdAt": "2025-11-06T10:00:00.000Z",
@@ -209,7 +209,7 @@ Content-Type: application/json
 }
 ```

-**<EFBFBD>躰秤<EFBFBD>滚<EFBFBD>嚗?*
+**错误响应：**
 ```json
 // 422 Unprocessable Entity
 {
@@ -219,7 +219,7 @@ Content-Type: application/json
    "message": "参数验证失败",
    "details": [
      { "field": "fieldName", "message": "字段名称不能为空" },
-      { "field": "fieldName", "message": "摮埈挾<EFBFBD>滨妍<EFBFBD>踹漲敹<EFBFBD>◆<EFBFBD>?-200銋钅𡢿" }
+      { "field": "fieldName", "message": "字段名称长度必须在2-200之间" }
    ]
  }
 }
@@ -238,11 +238,11 @@ Content-Type: application/json

 ### 4. 更新资源

-**蝡舐<EFBFBD>嚗?* `PUT /api/v1/xxx/resources/:id`
+**端点：** `PUT /api/v1/xxx/resources/:id`

 **用途：** 更新指定资源（完整更新）

-**頝臬<EFBFBD><EFBFBD><EFBFBD>㺭嚗?*
+**路径参数：**
 - `id` (必填): 资源ID

 **请求体：**
@@ -254,7 +254,7 @@ Content-Type: application/json
 }
 ```

-**霂瑟<EFBFBD>蝷箔<EFBFBD>嚗?*
+**请求示例：**
 ```bash
 PUT /api/v1/xxx/resources/123
 Authorization: Bearer <token>
@@ -266,7 +266,7 @@ Content-Type: application/json
 }
 ```

-**<EFBFBD>𣂼<EFBFBD><EFBFBD>滚<EFBFBD>嚗?* `200 OK`
+**成功响应：** `200 OK`
 ```json
 {
  "success": true,
@@ -280,14 +280,14 @@ Content-Type: application/json
 }
 ```

-**<EFBFBD>躰秤<EFBFBD>滚<EFBFBD>嚗?*
+**错误响应：**
 ```json
 // 404 Not Found
 {
  "success": false,
  "error": {
    "code": "NOT_FOUND",
-    "message": "韏<EFBFBD><EFBFBD>銝滚<EFBFBD><EFBFBD>?
+    "message": "资源不存在"
  }
 }

@@ -296,7 +296,7 @@ Content-Type: application/json
  "success": false,
  "error": {
    "code": "FORBIDDEN",
-    "message": "<EFBFBD>䭾<EFBFBD>靽格㺿甇方<EFBFBD>皞?
+    "message": "无权修改此资源"
  }
 }
 ```
@@ -305,20 +305,20 @@ Content-Type: application/json

 ### 5. 删除资源

-**蝡舐<EFBFBD>嚗?* `DELETE /api/v1/xxx/resources/:id`
+**端点：** `DELETE /api/v1/xxx/resources/:id`

-**<EFBFBD>券<EFBFBD>䈑<EFBFBD>** <20>𣳇膄<F0A3B387><E88684><EFBFBD>韏<EFBFBD><E99F8F>嚗<EFBFBD>蔓<EFBFBD>𣳇膄嚗?
+**用途：** 删除指定资源（软删除）

-**頝臬<EFBFBD><EFBFBD><EFBFBD>㺭嚗?*
+**路径参数：**
 - `id` (必填): 资源ID

-**霂瑟<EFBFBD>蝷箔<EFBFBD>嚗?*
+**请求示例：**
 ```bash
 DELETE /api/v1/xxx/resources/123
 Authorization: Bearer <token>
 ```

-**<EFBFBD>𣂼<EFBFBD><EFBFBD>滚<EFBFBD>嚗?* `200 OK`
+**成功响应：** `200 OK`
 ```json
 {
  "success": true,
@@ -327,14 +327,14 @@ Authorization: Bearer <token>
 }
 ```

-**<EFBFBD>躰秤<EFBFBD>滚<EFBFBD>嚗?*
+**错误响应：**
 ```json
 // 404 Not Found
 {
  "success": false,
  "error": {
    "code": "NOT_FOUND",
-    "message": "韏<EFBFBD><EFBFBD>銝滚<EFBFBD><EFBFBD>?
+    "message": "资源不存在"
  }
 }

@@ -343,7 +343,7 @@ Authorization: Bearer <token>
  "success": false,
  "error": {
    "code": "FORBIDDEN",
-    "message": "<EFBFBD>䭾<EFBFBD><EFBFBD>𣳇膄甇方<EFBFBD>皞?
+    "message": "无权删除此资源"
  }
 }

@@ -352,37 +352,37 @@ Authorization: Bearer <token>
  "success": false,
  "error": {
    "code": "CANNOT_DELETE",
-    "message": "霂亥<EFBFBD>皞鞉<EFBFBD><EFBFBD>唾<EFBFBD><EFBFBD>唳旿嚗峕<EFBFBD>瘜訫<EFBFBD><EFBFBD>?
+    "message": "该资源有关联数据，无法删除"
  }
 }
 ```

 ---

-## <EFBFBD><EFBFBD> 霈方<E99C88>銝擧<E98A9D><E693A7>?
+## 🔐 认证与权限

 ### 认证方式
-<EFBFBD><EFBFBD><EFBFBD>𡅅PI<EFBFBD>賡<EFBFBD>閬<EFBFBD>WT Token霈方<EFBFBD>嚗?
+所有API都需要JWT Token认证：
 ```
 Authorization: Bearer <token>
 ```

-### <EFBFBD><EFBFBD><EFBFBD>璉<EFBFBD><EFBFBD>?
- <EFBFBD>冽<EFBFBD><EFBFBD>芾<EFBFBD>霈輸䔮<EFBFBD>芸楛<EFBFBD><EFBFBD><EFBFBD>皞?
- ADMIN閫坿𠧧<EFBFBD>臭誑霈輸䔮<EFBFBD><EFBFBD><EFBFBD>㕑<EFBFBD>皞?
+### 权限检查
+- 用户只能访问自己的资源
+- ADMIN角色可以访问所有资源

 ---

-## <EFBFBD><EFBFBD> <20>躰秤<E8BAB0><E7A7A4><EFBFBD><EFBFBD>?
+## 📊 错误码汇总

-| <EFBFBD>躰秤<EFBFBD>?| HTTP<EFBFBD>嗆<EFBFBD>?| 霂湔<E99C82> |
+| 错误码 | HTTP状态 | 说明 |
 |--------|---------|------|
-| UNAUTHORIZED | 401 | <EFBFBD>芣<EFBFBD><EFBFBD>?|
-| FORBIDDEN | 403 | <EFBFBD>䭾<EFBFBD><EFBFBD>?|
-| NOT_FOUND | 404 | 韏<EFBFBD><EFBFBD>銝滚<EFBFBD><EFBFBD>?|
+| UNAUTHORIZED | 401 | 未授权 |
+| FORBIDDEN | 403 | 无权限 |
+| NOT_FOUND | 404 | 资源不存在 |
 | VALIDATION_ERROR | 422 | 参数验证失败 |
-| ALREADY_EXISTS | 409 | 韏<EFBFBD><EFBFBD>撌脣<EFBFBD><EFBFBD>?|
-| INTERNAL_ERROR | 500 | <EFBFBD>滚𦛚<EFBFBD>券<EFBFBD>霂?|
+| ALREADY_EXISTS | 409 | 资源已存在 |
+| INTERNAL_ERROR | 500 | 服务器错误 |

 ---

@@ -406,7 +406,7 @@ const response = await fetch('/api/v1/xxx/resources', {
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
-    fieldName: '<EFBFBD>啗<EFBFBD>皞?,
+    fieldName: '新资源',
    description: '描述',
  }),
 });
@@ -422,38 +422,38 @@ curl -X GET "http://localhost:3001/api/v1/xxx/resources?page=1&pageSize=10" \
 curl -X POST "http://localhost:3001/api/v1/xxx/resources" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
-  -d '{"fieldName":"<EFBFBD>啗<EFBFBD>皞?,"description":"<EFBFBD>讛膩"}'
+  -d '{"fieldName":"新资源","description":"描述"}'
 ```

 ---

 ## ⚠️ 注意事项

-**<EFBFBD>扯<EFBFBD>隡睃<EFBFBD>嚗?*
- <EFBFBD>𡑒”<EFBFBD>亙藁敹<EFBFBD>◆<EFBFBD>舀<EFBFBD><EFBFBD><EFBFBD>△嚗屸<EFBFBD>霈小ageSize=10嚗峕<EFBFBD>憭?00
+**性能优化：**
+- 列表接口必须支持分页，默认pageSize=10，最大100
 - 避免返回过多关联数据，按需加载
 - 大量数据导出使用异步任务

 **安全性：**
 - 所有接口必须验证JWT Token
 - 必须检查资源归属（用户只能操作自己的资源）
- <EFBFBD>𤩺<EFBFBD>摮埈挾銝滩<EFBFBD>餈𥪜<EFBFBD>嚗<EFBFBD><EFBFBD>撖<EFBFBD><EFBFBD>嚗?
+- 敏感字段不要返回（如密码）

-**<EFBFBD>穃<EFBFBD><EFBFBD>澆捆嚗?*
- API<EFBFBD>䀹凒雿輻鍂<EFBFBD><EFBFBD>𧋦<EFBFBD>瘀<EFBFBD>/api/v2嚗?
+**向后兼容：**
+- API变更使用版本号（/api/v2）
 - 不要删除已有字段，只能标记为deprecated
- <EFBFBD>啣<EFBFBD>摮埈挾敹<EFBFBD>◆<EFBFBD>厰<EFBFBD>霈文<EFBFBD>?
+- 新增字段必须有默认值

 ---

 ## 🔗 相关文档

-**閫<EFBFBD><EFBFBD>嚗?*
- [API霈曇恣閫<EFBFBD><EFBFBD>](../../04-撘<EFBFBD><EFBFBD>𤏸<EFBFBD><EFBFBD>?02-API霈曇恣閫<E681A3><E996AB>.md)
- [API頝舐眏<EFBFBD>餉<EFBFBD>](../../04-撘<EFBFBD><EFBFBD>𤏸<EFBFBD><EFBFBD>?04-API頝舐眏<E88890>餉<EFBFBD>.md)
+**规范：**
+- [API设计规范](../../04-开发规范/02-API设计规范.md)
+- [API路由总览](../../04-开发规范/04-API路由总览.md)

 **数据库：**
- [<EFBFBD>祆芋<EFBFBD>埈㺭<EFBFBD>桀<EFBFBD>霈曇恣](./01-<EFBFBD>唳旿摨栞挽霈?md)
+- [本模块数据库设计](./01-数据库设计.md)

 ---