feat: restrict permission roles

This commit is contained in:
Frudrax Cheng
2026-06-06 13:50:54 +08:00
parent 2892cfb93d
commit 15a9f80b7f
12 changed files with 94 additions and 49 deletions
+11 -7
View File
@@ -24,7 +24,7 @@ This is a React 19 + TypeScript frontend for the Zhejiang Beifan Trace Coding Pl
- Permission issuance with automatic employee serial generation
- Product traceability management and public scan pages
- Project work-order management for on-site implementation records
- Aftersales work-order management for admins and technicians
- Aftersales work-order management for admins and assigned work-order roles
- User authentication and profile management
**Tech Stack**: React 19, TypeScript, Vite 7, Ant Design 6, React Router v7, Axios
@@ -95,7 +95,7 @@ src/
- `aftersalesApi` - Aftersales work orders (admin + public)
- `projectOrdersApi` - Project work orders (admin + public)
- `employeesApi` - Employee management (admin only): create/list/update/delete/reset password
- `usersApi` - Assignable technician/admin picker via `assignable`
- `usersApi` - Assignable work-order user picker via `assignable`
- Auth token automatically added via axios interceptor
- All API calls return typed responses based on `src/types/index.ts`
@@ -111,15 +111,17 @@ src/
- Product trace QR codes use `/product-traces/:serialNumber` directly.
- Shared public-page chrome (logo + 备案 footer) lives in `components/PublicLayout.tsx`
- `/admin/employee-serials` is the 权限管理 page despite the legacy route name.
- Technicians should only see/use the aftersales and project work-order modules; admins see all admin menu items.
- Work-order roles should only see/use the aftersales and project work-order modules; admins see all admin menu items.
### Roles and Permission Issuance
- `UserRole` is limited to `admin` / `technician` / `employee`.
- `UserRole` includes system roles `admin`, legacy `technician`, legacy `employee`, and managed work-order roles `software_engineer`, `hardware_engineer`, `business_manager`, `project_manager`.
- `admin`: full backend access.
- `technician`: work-order module access only.
- `employee`: no backend login access.
- Managed work-order roles: login access only for assigned aftersales/project work orders.
- `technician` is legacy-compatible and should not be offered as a new role.
- `employee` is legacy/no backend login access and should not be offered as a new role.
- Employee creation fields are name, phone, employee number, position, and role.
- Password field is shown and required only for `admin` and `technician`.
- Permission management creation/edit role choices must be exactly: 软件工程师、硬件工程师、商务经理、项目经理.
- Password field is required for all four managed work-order roles.
- Employee creation uses `employeesApi.create`, and the backend automatically creates the employee permission code; do not implement a separate "create then assign code" primary flow.
- Employee rows should display generated `employeeSerials` from the employee list response.
- Employee rows should provide a QR-code view for the active employee serial, using `/query?serial=...` as the scan target.
@@ -136,6 +138,7 @@ src/
- Use label text `现场情况说明` for `issueDescription` in create/detail/public-confirm views.
- In admin detail page, use `工单分配` as the UI label for reassign action.
- Signature display text should be `客户确认签名`.
- Only admins may create aftersales work orders. Managed work-order roles may only list/view/update/submit work orders assigned to themselves.
### Product Traceability
- Admin route: `/admin/product-traces`.
@@ -147,6 +150,7 @@ src/
### Project Work Orders
- Project order serial format is `zjbf-xm-YYMMDDNN`.
- Project orders are for on-site investigation/implementation records.
- Only admins may create project work orders. Managed work-order roles may only list/view/update/submit project orders assigned to themselves.
- Completion requires site images and engineer signature, without customer signature.
- Site image limit is 18.
- Completed project orders use status text `已完成`.