Add user management for admin (CRUD + role + reset password)

Adds /api/users endpoints (admin only) plus /api/users/assignable
(admin + technician) used by the aftersales reassign picker. Guards
prevent self-demotion, self-deletion, and removing the last admin.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Frudrax Cheng
2026-05-26 10:57:53 +08:00
parent b1e3adaf6a
commit 3ddd4db126
6 changed files with 453 additions and 4 deletions
+6 -2
View File
@@ -49,7 +49,8 @@ backend-go/
│ ├── companies_controller.go # Company CRUD
│ ├── employees_controller.go # Employee serials: generate, query, update, revoke, qrcode
│ ├── helper.go # Helper functions (GetCurrentUser, BindJSON, Response)
── serials_controller.go # Company serials: generate, query, update, revoke, qrcode
── serials_controller.go # Company serials: generate, query, update, revoke, qrcode
│ └── users_controller.go # User management (admin): create, list, update, reset password, delete
├── database/ # Database connection and migrations
│ └── database.go # GORM init, AutoMigrate
├── docs/ # Swagger documentation (auto-generated)
@@ -67,7 +68,8 @@ backend-go/
│ ├── companies_service.go # Company CRUD
│ ├── employees_service.go # Employee serials: generate, query, update, revoke, qrcode
│ ├── serials_service.go # Company serials: generate, query, update, revoke, qrcode
── services_test.go # Unit tests
── services_test.go # Unit tests
│ └── users_service.go # User CRUD, role management, password reset (admin)
├── tests/ # Integration tests
│ └── main_test.go # End-to-end tests
├── data/ # SQLite data directory
@@ -92,6 +94,8 @@ backend-go/
- **Aftersales** (公开): `GET /api/aftersales/:serialNumber/query`, `POST /api/aftersales/:serialNumber/confirm`
- **Aftersales** (技术员+管理员): `POST /api/aftersales`, `GET /api/aftersales`, `GET /api/aftersales/:serialNumber`, `PATCH /api/aftersales/:serialNumber`, `POST /api/aftersales/:serialNumber/qrcode`, `POST /api/aftersales/:serialNumber/submit`
- **Aftersales** (仅管理员): `POST /api/aftersales/:serialNumber/reassign`, `POST /api/aftersales/:serialNumber/force-close`, `DELETE /api/aftersales/:serialNumber`
- **Users** (技术员+管理员): `GET /api/users/assignable`
- **Users** (仅管理员): `POST /api/users`, `GET /api/users`, `PATCH /api/users/:id`, `POST /api/users/:id/reset-password`, `DELETE /api/users/:id`
### Import Organization
Standard imports followed by third-party imports, then project imports (sorted alphabetically):