Add user management for admin (CRUD + role + reset password)

Adds /api/users endpoints (admin only) plus /api/users/assignable
(admin + technician) used by the aftersales reassign picker. Guards
prevent self-demotion, self-deletion, and removing the last admin.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Frudrax Cheng
2026-05-26 10:57:53 +08:00
parent b1e3adaf6a
commit 3ddd4db126
6 changed files with 453 additions and 4 deletions
+12
View File
@@ -74,6 +74,18 @@ func SetupAPIRoutes(r *gin.RouterGroup) {
employeeSerialsRoutes.DELETE("/:serialNumber", middleware.JWTAuthMiddleware(), middleware.AdminMiddleware(), employeeSerialsController.Delete)
}
// 用户管理路由(仅管理员)
usersController := controllers.NewUsersController()
usersRoutes := r.Group("/users")
{
usersRoutes.GET("/assignable", middleware.JWTAuthMiddleware(), middleware.TechnicianMiddleware(), usersController.FindAssignable)
usersRoutes.POST("", middleware.JWTAuthMiddleware(), middleware.AdminMiddleware(), usersController.Create)
usersRoutes.GET("", middleware.JWTAuthMiddleware(), middleware.AdminMiddleware(), usersController.FindAll)
usersRoutes.PATCH("/:id", middleware.JWTAuthMiddleware(), middleware.AdminMiddleware(), usersController.Update)
usersRoutes.POST("/:id/reset-password", middleware.JWTAuthMiddleware(), middleware.AdminMiddleware(), usersController.ResetPassword)
usersRoutes.DELETE("/:id", middleware.JWTAuthMiddleware(), middleware.AdminMiddleware(), usersController.Delete)
}
// 售后工单路由
aftersalesController := controllers.NewAftersalesController()
aftersalesRoutes := r.Group("/aftersales")