✨ feat(permission): add permission control for multiple modules

- areas: add create/read/update/delete permissions using department permissions
- clients: add create/read/update/delete permissions and user tracking
- contacts: add create/read/update/delete permissions using client permissions
- contracts-renew: add create/read/update/delete permissions
- contracts: add create/read/update/delete permissions
- departments: add create/read/update/delete permissions
- expenses: add create/read/update/delete permissions
- files: add create/read/update/delete permissions, user tracking and data permission
- follow-up-records: add create/read/update/delete permissions
- order-records: add create/read/update/delete permissions
- permissions: add create/read/update/delete permissions using role permissions
- roles: add create/read/update/delete permissions and simplify middleware

src/server/api/areas/index.ts

@@ -10,7 +10,13 @@ const areaRoutes = createCrudRoutes({
   getSchema: AreaDataSchema,
   listSchema: AreaDataSchema,
   searchFields: ['name'],
-  middleware: [authMiddleware]
+  middleware: [authMiddleware],
+  permissions: {
+    create: ['system:department:create'], // 区域管理使用部门权限
+    read: ['system:department:view'],
+    update: ['system:department:update'],
+    delete: ['system:department:delete']
+  }
 });
 
 export default areaRoutes;

src/server/api/clients/index.ts

@@ -18,9 +18,19 @@ const clientRoutes = createCrudRoutes({
     'operator'
   ],
   middleware: [authMiddleware],
+  permissions: {
+    create: ['client:create'],
+    read: ['client:view:own', 'client:view:department', 'client:view:sub_department', 'client:view:all'],
+    update: ['client:update'],
+    delete: ['client:delete']
+  },
   dataPermission: {
     entity: 'Client',
     userIdField: 'salesPersonId'
+  },
+  userTracking: {
+    createdByField: 'createdBy',
+    updatedByField: 'updatedBy'
   }
 });
 

src/server/api/contacts/index.ts

@@ -11,6 +11,12 @@ const linkmanRoutes = createCrudRoutes({
   listSchema: LinkmanSchema,
   searchFields: ['name', 'clientId', 'mobile', 'email'],
   middleware: [authMiddleware],
+  permissions: {
+    create: ['client:create'], // 联系人使用客户权限控制
+    read: ['client:view:own', 'client:view:department', 'client:view:sub_department', 'client:view:all'],
+    update: ['client:update'],
+    delete: ['client:delete']
+  },
   userTracking: {
     createdByField: 'createdUserId',
     updatedByField: undefined // 只记录创建人，不记录更新人

src/server/api/contracts-renew/index.ts

@@ -12,6 +12,12 @@ const hetongRenewRoutes = createCrudRoutes({
   searchFields: ['contractId', 'state', 'auditStatus'],
   relations: ['contract.client'],
   middleware: [authMiddleware],
+  permissions: {
+    create: ['contract_renew:create'],
+    read: ['contract_renew:view:own', 'contract_renew:view:department', 'contract_renew:view:sub_department', 'contract_renew:view:all'],
+    update: ['contract_renew:update'],
+    delete: ['contract_renew:delete']
+  },
   dataPermission: {
     entity: 'HetongRenew',
     userIdField: 'userId'

src/server/api/contracts/index.ts

@@ -12,6 +12,12 @@ const hetongRoutes = createCrudRoutes({
   relations: ['client'],
   searchFields: ['contractNumber', 'clientId', 'status'],
   middleware: [authMiddleware],
+  permissions: {
+    create: ['contract:create'],
+    read: ['contract:view:own', 'contract:view:department', 'contract:view:sub_department', 'contract:view:all'],
+    update: ['contract:update'],
+    delete: ['contract:delete']
+  },
   userTracking: {
     createdByField: 'createdBy',
     updatedByField: 'updatedBy'

src/server/api/departments/index.ts

@@ -10,7 +10,13 @@ const departmentRoutes = createCrudRoutes({
   listSchema: DepartmentSchema,
   searchFields: ['name', 'code', 'description'],
   relations: ['parent', 'manager', 'children'],
-  middleware: [authMiddleware]
+  middleware: [authMiddleware],
+  permissions: {
+    create: ['system:department:create'],
+    read: ['system:department:view'],
+    update: ['system:department:update'],
+    delete: ['system:department:delete']
+  }
 });
 
 export default departmentRoutes;

src/server/api/expenses/index.ts

@@ -11,6 +11,12 @@ const expenseRoutes = createCrudRoutes({
   listSchema: ExpenseSchema,
   searchFields: ['type', 'status', 'description'],
   middleware: [authMiddleware],
+  permissions: {
+    create: ['expense:create'],
+    read: ['expense:view:own', 'expense:view:department', 'expense:view:sub_department', 'expense:view:all'],
+    update: ['expense:update'],
+    delete: ['expense:delete']
+  },
   dataPermission: {
     entity: 'Expense',
     userIdField: 'userId'

src/server/api/files/index.ts

@@ -19,7 +19,21 @@ const fileRoutes = createCrudRoutes({
   listSchema: FileSchema,
   searchFields: ['name', 'type', 'description'],
   relations: ['uploadUser'],
-  middleware: [authMiddleware]
+  middleware: [authMiddleware],
+  permissions: {
+    create: ['file:upload'],
+    read: ['file:view:own', 'file:view:department', 'file:view:sub_department', 'file:view:all'],
+    update: ['file:upload'], // 文件更新使用上传权限
+    delete: ['file:delete']
+  },
+  userTracking: {
+    createdByField: 'uploadUserId',
+    updatedByField: 'uploadUserId'
+  },
+  dataPermission: {
+    entity: 'File',
+    userIdField: 'uploadUserId'
+  }
 })
 
 

src/server/api/follow-up-records/index.ts

@@ -12,6 +12,12 @@ const followUpRecordRoutes = createCrudRoutes({
   searchFields: ['resourceName', 'details'],
   relations: ['client'],
   middleware: [authMiddleware],
+  permissions: {
+    create: ['follow_up:create'],
+    read: ['follow_up:view:own', 'follow_up:view:department', 'follow_up:view:sub_department', 'follow_up:view:all'],
+    update: ['follow_up:update'],
+    delete: ['follow_up:delete']
+  },
   userTracking: {
     createdByField: 'createdBy',
     updatedByField: 'updatedBy'

src/server/api/order-records/index.ts

@@ -12,6 +12,12 @@ const orderRecordRoutes = createCrudRoutes({
   searchFields: ['companyName', 'orderNumber', 'contactPerson', 'salesperson'],
   middleware: [authMiddleware],
   relations: ['client', 'linkman', 'user'],
+  permissions: {
+    create: ['order:create'],
+    read: ['order:view:own', 'order:view:department', 'order:view:sub_department', 'order:view:all'],
+    update: ['order:update'],
+    delete: ['order:delete']
+  },
   userTracking: {
     createdByField: 'createdBy',
     updatedByField: 'updatedBy'

src/server/api/permissions/index.ts

@@ -9,7 +9,13 @@ const permissionRoutes = createCrudRoutes({
   getSchema: PermissionSchema,
   listSchema: PermissionSchema,
   searchFields: ['name', 'code', 'description'],
-  middleware: [authMiddleware]
+  middleware: [authMiddleware],
+  permissions: {
+    create: ['system:role:create'], // 权限管理使用角色权限
+    read: ['system:role:view'],
+    update: ['system:role:update'],
+    delete: ['system:role:delete']
+  }
 });
 
 export default permissionRoutes;

src/server/api/roles/index.ts

@@ -13,10 +13,13 @@ const roleRoutes = createCrudRoutes({
   getSchema: RoleSchema,
   listSchema: RoleSchema,
   searchFields: ['name', 'description'],
-  middleware: [
-    authMiddleware, 
-    // permissionMiddleware(checkPermission(['role:manage']))
-]
+  middleware: [authMiddleware],
+  permissions: {
+    create: ['system:role:create'],
+    read: ['system:role:view'],
+    update: ['system:role:update'],
+    delete: ['system:role:delete']
+  }
 })
 const app = new OpenAPIHono()
   .route('/', roleRoutes)