feat: restrict permission roles

This commit is contained in:
Frudrax Cheng
2026-06-06 13:50:56 +08:00
parent a55f515930
commit 5edb25ac4e
17 changed files with 229 additions and 175 deletions
+13 -11
View File
@@ -96,21 +96,23 @@ backend-go/
- **Employee Permission Codes**: `POST /api/employee-serials/generate`, `POST /api/employee-serials/:serialNumber/qrcode`, `GET /api/employee-serials/:serialNumber/query`, `GET /api/employee-serials`, `PATCH /api/employee-serials/:serialNumber`, `PUT /api/employee-serials/:serialNumber`, `POST /api/employee-serials/:serialNumber/revoke`, `DELETE /api/employee-serials/:serialNumber`
- **Product Traces**: `GET /api/product-traces/:serialNumber/query`, `POST /api/product-traces`, `GET /api/product-traces`, `GET /api/product-traces/:serialNumber`, `PATCH /api/product-traces/:serialNumber`, `POST /api/product-traces/:serialNumber/qrcode`, `POST /api/product-traces/:serialNumber/wechat-qrcode`, `POST /api/product-traces/:serialNumber/revoke`, `DELETE /api/product-traces/:serialNumber`
- **Aftersales** (公开): `GET /api/aftersales/:serialNumber/query`, `POST /api/aftersales/:serialNumber/confirm`
- **Aftersales** (技术员+管理员): `POST /api/aftersales`, `GET /api/aftersales`, `GET /api/aftersales/:serialNumber`, `PATCH /api/aftersales/:serialNumber`, `POST /api/aftersales/:serialNumber/qrcode`, `POST /api/aftersales/:serialNumber/submit`
- **Aftersales** (仅管理员): `POST /api/aftersales/:serialNumber/reassign`, `POST /api/aftersales/:serialNumber/force-close`, `DELETE /api/aftersales/:serialNumber`
- **Aftersales** (工单角色+管理员): `GET /api/aftersales`, `GET /api/aftersales/:serialNumber`, `PATCH /api/aftersales/:serialNumber`, `POST /api/aftersales/:serialNumber/qrcode`, `POST /api/aftersales/:serialNumber/submit`
- **Aftersales** (仅管理员): `POST /api/aftersales`, `POST /api/aftersales/:serialNumber/reassign`, `POST /api/aftersales/:serialNumber/force-close`, `DELETE /api/aftersales/:serialNumber`
- **Project Orders** (公开): `GET /api/project-orders/:serialNumber/query`, `POST /api/project-orders/:serialNumber/site-images`, `POST /api/project-orders/:serialNumber/complete`
- **Project Orders** (技术员+管理员): `POST /api/project-orders`, `GET /api/project-orders`, `GET /api/project-orders/:serialNumber`, `PATCH /api/project-orders/:serialNumber`, `POST /api/project-orders/:serialNumber/qrcode`, `POST /api/project-orders/:serialNumber/submit`
- **Project Orders** (仅管理员): `POST /api/project-orders/:serialNumber/reassign`, `POST /api/project-orders/:serialNumber/force-close`, `DELETE /api/project-orders/:serialNumber`
- **Users** (技术员+管理员): `GET /api/users/assignable`
- **Project Orders** (工单角色+管理员): `GET /api/project-orders`, `GET /api/project-orders/:serialNumber`, `PATCH /api/project-orders/:serialNumber`, `POST /api/project-orders/:serialNumber/qrcode`, `POST /api/project-orders/:serialNumber/submit`
- **Project Orders** (仅管理员): `POST /api/project-orders`, `POST /api/project-orders/:serialNumber/reassign`, `POST /api/project-orders/:serialNumber/force-close`, `DELETE /api/project-orders/:serialNumber`
- **Users** (管理员): `GET /api/users/assignable`
- **Employees** (仅管理员): `POST /api/employees`, `GET /api/employees`, `PATCH /api/employees/:id`, `POST /api/employees/:id/reset-password`, `DELETE /api/employees/:id`
### Roles and permissions
- Roles are limited to `admin`, `technician`, and `employee`.
- `admin` has full backend access.
- `technician` only has aftersales/work-order module access.
- `employee` has no backend login access and does not require a password.
- `admin` is the system administrator role and has full backend access.
- Permission management may create/edit only four equal work-order roles: `software_engineer`, `hardware_engineer`, `business_manager`, `project_manager`.
- The four work-order roles can log in only to process aftersales/project orders assigned to themselves.
- The four work-order roles must not access dashboard, permission management, product traces, assignable user lists, creation/deletion/reassign/force-close endpoints, or other admin-only resources.
- `technician` is legacy-compatible and may keep work-order access, but must not be offered as a new role.
- `employee` is legacy/no backend login access and must not be offered as a new role.
- Creating an employee through `/api/employees` creates employee master data and automatically generates one employee permission code bound by `employeeId`.
- `admin` / `technician` creation requires an initial password; `employee` creation must not require one.
- Creating managed work-order roles requires an initial password; creating `admin` or `employee` through permission management is forbidden.
### Business Boundaries
- Enterprise/company-code management was removed. Do not reintroduce `/api/companies`, `/api/serials`, `CompaniesService`, `SerialsService`, or a company-management UI.
@@ -248,7 +250,7 @@ After modifying Swagger annotations, run `make swagger`.
### Middleware
- **JWTAuthMiddleware**: Validates JWT tokens, sets user in context
- **AdminMiddleware**: Checks if user has admin role
- **TechnicianMiddleware**: Allows admin and technician roles (used for aftersales endpoints)
- **TechnicianMiddleware**: Allows admin, the four managed work-order roles, and legacy `technician` (used for work-order processing endpoints)
- Access current user: `user, ok := GetCurrentUser(ctx)`
### Git Hooks