internal/api/handler/permission_handler.go

package handler

import (
	"encoding/json"
	"net/http"
	"strconv"

	"github.com/gin-gonic/gin"

	"github.com/user-management-system/internal/domain"
	"github.com/user-management-system/internal/service"
)

// PermissionHandler handles permission management requests
type PermissionHandler struct {
	permissionService *service.PermissionService
}

// NewPermissionHandler creates a new PermissionHandler
func NewPermissionHandler(permissionService *service.PermissionService) *PermissionHandler {
	return &PermissionHandler{permissionService: permissionService}
}

// CreatePermission 创建权限
// @Summary 创建权限
// @Description 创建新的权限定义（仅管理员）
// @Tags 权限管理
// @Accept json
// @Produce json
// @Security BearerAuth
// @Param request body service.CreatePermissionRequest true "权限信息"
// @Success 201 {object} Response{data=domain.Permission} "创建成功"
// @Failure 400 {object} Response "请求参数错误"
// @Failure 403 {object} Response "无权限"
// @Router /api/v1/permissions [post]
func (h *PermissionHandler) CreatePermission(c *gin.Context) {
	var req struct {
		Name        string `json:"name" binding:"required"`
		Code        string `json:"code" binding:"required"`
		Type        *int   `json:"type" binding:"required"`
		Description string `json:"description"`
		ParentID    *int64 `json:"parent_id"`
		Path        string `json:"path"`
		Method      string `json:"method"`
		Sort        int    `json:"sort"`
		Icon        string `json:"icon"`
	}
	if err := c.ShouldBindJSON(&req); err != nil {
		c.JSON(http.StatusBadRequest, gin.H{"code": 400, "message": err.Error()})
		return
	}

	if req.Type == nil || *req.Type < 0 || *req.Type > 2 {
		c.JSON(http.StatusBadRequest, gin.H{"code": 400, "message": "invalid permission type"})
		return
	}

	serviceReq := service.CreatePermissionRequest{
		Name:        req.Name,
		Code:        req.Code,
		Type:        *req.Type,
		Description: req.Description,
		ParentID:    req.ParentID,
		Path:        req.Path,
		Method:      req.Method,
		Sort:        req.Sort,
		Icon:        req.Icon,
	}

	perm, err := h.permissionService.CreatePermission(c.Request.Context(), &serviceReq)
	if err != nil {
		handleError(c, err)
		return
	}

	c.JSON(http.StatusCreated, gin.H{
		"code":    0,
		"message": "success",
		"data":    perm,
	})
}

// ListPermissions 获取权限列表
// @Summary 获取权限列表
// @Description 获取系统权限列表
// @Tags 权限管理
// @Produce json
// @Security BearerAuth
// @Success 200 {object} Response{data=[]domain.Permission} "权限列表"
// @Router /api/v1/permissions [get]
func (h *PermissionHandler) ListPermissions(c *gin.Context) {
	var req service.ListPermissionRequest
	if err := c.ShouldBindQuery(&req); err != nil {
		c.JSON(http.StatusBadRequest, gin.H{"code": 400, "message": err.Error()})
		return
	}

	perms, _, err := h.permissionService.ListPermissions(c.Request.Context(), &req)
	if err != nil {
		handleError(c, err)
		return
	}

	c.JSON(http.StatusOK, gin.H{
		"code":    0,
		"message": "success",
		"data":    perms,
	})
}

// GetPermission 获取权限详情
// @Summary 获取权限详情
// @Description 根据ID获取权限详细信息
// @Tags 权限管理
// @Produce json
// @Security BearerAuth
// @Param id path int true "权限ID"
// @Success 200 {object} Response{data=domain.Permission} "权限信息"
// @Failure 404 {object} Response "权限不存在"
// @Router /api/v1/permissions/{id} [get]
func (h *PermissionHandler) GetPermission(c *gin.Context) {
	id, err := strconv.ParseInt(c.Param("id"), 10, 64)
	if err != nil {
		c.JSON(http.StatusBadRequest, gin.H{"code": 400, "message": "invalid permission id"})
		return
	}

	perm, err := h.permissionService.GetPermission(c.Request.Context(), id)
	if err != nil {
		handleError(c, err)
		return
	}

	c.JSON(http.StatusOK, gin.H{
		"code":    0,
		"message": "success",
		"data":    perm,
	})
}

// UpdatePermission 更新权限
// @Summary 更新权限
// @Description 更新权限信息（仅管理员）
// @Tags 权限管理
// @Accept json
// @Produce json
// @Security BearerAuth
// @Param id path int true "权限ID"
// @Param request body service.UpdatePermissionRequest true "更新信息"
// @Success 200 {object} Response{data=domain.Permission} "更新成功"
// @Failure 400 {object} Response "请求参数错误"
// @Failure 403 {object} Response "无权限"
// @Failure 404 {object} Response "权限不存在"
// @Router /api/v1/permissions/{id} [put]
func (h *PermissionHandler) UpdatePermission(c *gin.Context) {
	id, err := strconv.ParseInt(c.Param("id"), 10, 64)
	if err != nil {
		c.JSON(http.StatusBadRequest, gin.H{"code": 400, "message": "invalid permission id"})
		return
	}

	var req service.UpdatePermissionRequest
	if err := c.ShouldBindJSON(&req); err != nil {
		c.JSON(http.StatusBadRequest, gin.H{"code": 400, "message": err.Error()})
		return
	}

	perm, err := h.permissionService.UpdatePermission(c.Request.Context(), id, &req)
	if err != nil {
		handleError(c, err)
		return
	}

	c.JSON(http.StatusOK, gin.H{
		"code":    0,
		"message": "success",
		"data":    perm,
	})
}

// DeletePermission 删除权限
// @Summary 删除权限
// @Description 删除权限定义（仅管理员）
// @Tags 权限管理
// @Produce json
// @Security BearerAuth
// @Param id path int true "权限ID"
// @Success 200 {object} Response "删除成功"
// @Failure 403 {object} Response "无权限"
// @Failure 404 {object} Response "权限不存在"
// @Router /api/v1/permissions/{id} [delete]
func (h *PermissionHandler) DeletePermission(c *gin.Context) {
	id, err := strconv.ParseInt(c.Param("id"), 10, 64)
	if err != nil {
		c.JSON(http.StatusBadRequest, gin.H{"code": 400, "message": "invalid permission id"})
		return
	}

	if err := h.permissionService.DeletePermission(c.Request.Context(), id); err != nil {
		handleError(c, err)
		return
	}

	c.JSON(http.StatusOK, gin.H{
		"code":    0,
		"message": "permission deleted",
	})
}

// UpdatePermissionStatus 更新权限状态
// @Summary 更新权限状态
// @Description 更新权限状态（enabled/disabled）（仅管理员）
// @Tags 权限管理
// @Accept json
// @Produce json
// @Security BearerAuth
// @Param id path int true "权限ID"
// @Param request body UpdatePermissionStatusRequest true "状态信息"
// @Success 200 {object} Response "状态更新成功"
// @Failure 400 {object} Response "无效的状态值"
// @Failure 403 {object} Response "无权限"
// @Failure 404 {object} Response "权限不存在"
// @Router /api/v1/permissions/{id}/status [put]
func (h *PermissionHandler) UpdatePermissionStatus(c *gin.Context) {
	id, err := strconv.ParseInt(c.Param("id"), 10, 64)
	if err != nil {
		c.JSON(http.StatusBadRequest, gin.H{"code": 400, "message": "invalid permission id"})
		return
	}

	var req struct {
		Status json.RawMessage `json:"status" binding:"required"`
	}

	if err := c.ShouldBindJSON(&req); err != nil {
		c.JSON(http.StatusBadRequest, gin.H{"code": 400, "message": err.Error()})
		return
	}

	status, ok := parsePermissionStatus(req.Status)
	if !ok {
		c.JSON(http.StatusBadRequest, gin.H{"code": 400, "message": "invalid status"})
		return
	}

	if err := h.permissionService.UpdatePermissionStatus(c.Request.Context(), id, status); err != nil {
		handleError(c, err)
		return
	}

	c.JSON(http.StatusOK, gin.H{
		"code":    0,
		"message": "status updated",
	})
}

// GetPermissionTree 获取权限树
// @Summary 获取权限树
// @Description 获取系统权限的树形结构
// @Tags 权限管理
// @Produce json
// @Security BearerAuth
// @Success 200 {object} Response{data=[]domain.Permission} "权限树"
// @Router /api/v1/permissions/tree [get]
func parsePermissionStatus(raw json.RawMessage) (domain.PermissionStatus, bool) {
	var statusText string
	if err := json.Unmarshal(raw, &statusText); err == nil {
		switch statusText {
		case "enabled", "1":
			return domain.PermissionStatusEnabled, true
		case "disabled", "0":
			return domain.PermissionStatusDisabled, true
		}
	}

	var statusNumber int
	if err := json.Unmarshal(raw, &statusNumber); err == nil {
		switch statusNumber {
		case 1:
			return domain.PermissionStatusEnabled, true
		case 0:
			return domain.PermissionStatusDisabled, true
		}
	}

	return domain.PermissionStatusDisabled, false
}

func (h *PermissionHandler) GetPermissionTree(c *gin.Context) {
	tree, err := h.permissionService.GetPermissionTree(c.Request.Context())
	if err != nil {
		handleError(c, err)
		return
	}

	c.JSON(http.StatusOK, gin.H{
		"code":    0,
		"message": "success",
		"data":    tree,
	})
}
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+								package handler
 								import (
-												feat: permissions CRUD browser integration + E2E enhancements

Backend:
- permission_handler: 完善权限 CRUD 接口（列表/创建/更新/删除）
- auth_handler: 修复认证处理逻辑
- router: 新增权限管理路由
- handler_test: 新增权限 handler 测试覆盖

Frontend:
- permissions.ts/test.ts: 权限服务层完整实现
- profile/settings/service_tests: 服务适配器修正
- client.ts: HTTP 客户端健壮性增强
- vite.config.js: 构建配置优化
- E2E 脚本: run-playwright-cdp-e2e 大幅增强（权限流程覆盖）

Docs:
- REAL_PROJECT_STATUS: 状态更新
- PRODUCTION_CHECKLIST/QUALITY_STANDARD/TECHNICAL_GUIDE/PROJECT_EXPERIENCE_SUMMARY: 团队规范完善
- plans/2026-04-23: 权限浏览器 CRUD 设计方案

验证: go build 0错误

											
										
										
											2026-04-24 07:30:18 +08:00
+									"encoding/json"
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+									"net/http"
 									"strconv"
 									"github.com/gin-gonic/gin"
 									"github.com/user-management-system/internal/domain"
 									"github.com/user-management-system/internal/service"
 								)
 								// PermissionHandler handles permission management requests
 								type PermissionHandler struct {
 									permissionService *service.PermissionService
 								}
 								// NewPermissionHandler creates a new PermissionHandler
 								func NewPermissionHandler(permissionService *service.PermissionService) *PermissionHandler {
 									return &PermissionHandler{permissionService: permissionService}
 								}
-												docs: add Swagger annotations to 13 API handlers

Added @Summary, @Description, @Tags, @Param, @Success, @Failure,
@Router annotations to all major handler endpoints for OpenAPI/Swagger
auto-generation. Covers 86 annotations across:

- auth_handler.go (25): all auth endpoints
- user_handler.go (14): CRUD + roles + admin management
- device_handler.go (13): device CRUD + trust management
- role_handler.go (8): role CRUD + permissions
- custom_field_handler.go (7): field CRUD + user values
- permission_handler.go (7): permission CRUD + tree
- log_handler.go (3): login/operation logs
- captcha_handler.go (3): generate/verify
- stats_handler.go (2): dashboard + user stats
- avatar_handler.go (1): upload avatar
- totp_handler.go (1): totp status
- password_reset_handler.go (1): forgot password

Partially addresses P2: missing Swagger annotations
(PRODUCTION_GAP_ANALYSIS_2026-04-08)

											
										
										
											2026-04-11 21:23:52 +08:00
+								// CreatePermission 创建权限
 								// @Summary 创建权限
 								// @Description 创建新的权限定义（仅管理员）
 								// @Tags 权限管理
 								// @Accept json
 								// @Produce json
 								// @Security BearerAuth
 								// @Param request body service.CreatePermissionRequest true "权限信息"
 								// @Success 201 {object} Response{data=domain.Permission} "创建成功"
 								// @Failure 400 {object} Response "请求参数错误"
 								// @Failure 403 {object} Response "无权限"
 								// @Router /api/v1/permissions [post]
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+								func (h *PermissionHandler) CreatePermission(c *gin.Context) {
-												feat: permissions CRUD browser integration + E2E enhancements

Backend:
- permission_handler: 完善权限 CRUD 接口（列表/创建/更新/删除）
- auth_handler: 修复认证处理逻辑
- router: 新增权限管理路由
- handler_test: 新增权限 handler 测试覆盖

Frontend:
- permissions.ts/test.ts: 权限服务层完整实现
- profile/settings/service_tests: 服务适配器修正
- client.ts: HTTP 客户端健壮性增强
- vite.config.js: 构建配置优化
- E2E 脚本: run-playwright-cdp-e2e 大幅增强（权限流程覆盖）

Docs:
- REAL_PROJECT_STATUS: 状态更新
- PRODUCTION_CHECKLIST/QUALITY_STANDARD/TECHNICAL_GUIDE/PROJECT_EXPERIENCE_SUMMARY: 团队规范完善
- plans/2026-04-23: 权限浏览器 CRUD 设计方案

验证: go build 0错误

											
										
										
											2026-04-24 07:30:18 +08:00
+									var req struct {
 										Name        string `json:"name" binding:"required"`
 										Code        string `json:"code" binding:"required"`
 										Type        *int   `json:"type" binding:"required"`
 										Description string `json:"description"`
 										ParentID    *int64 `json:"parent_id"`
 										Path        string `json:"path"`
 										Method      string `json:"method"`
 										Sort        int    `json:"sort"`
 										Icon        string `json:"icon"`
 									}
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+									if err := c.ShouldBindJSON(&req); err != nil {
-												fix: unify handler response format in log, permission, webhook handlers

- log_handler.go: Fix GetMyLoginLogs/GetMyOperationLogs/GetLoginLogs/GetOperationLogs to use {code, message, data}
- permission_handler.go: Fix all error responses to use {code, message}
- webhook_handler.go: Add missing "message" field in success responses, wrap data in data object with list/total/page/page_size
- webhook_handler_test.go: Update test to match new response format

Standardize all JSON responses to {code: 0, message: "success", data: ...} for success
and {code: XXX, message: "..."} for errors.

											
										
										
											2026-04-11 13:12:27 +08:00
+										c.JSON(http.StatusBadRequest, gin.H{"code": 400, "message": err.Error()})
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+										return
 									}
-												feat: permissions CRUD browser integration + E2E enhancements

Backend:
- permission_handler: 完善权限 CRUD 接口（列表/创建/更新/删除）
- auth_handler: 修复认证处理逻辑
- router: 新增权限管理路由
- handler_test: 新增权限 handler 测试覆盖

Frontend:
- permissions.ts/test.ts: 权限服务层完整实现
- profile/settings/service_tests: 服务适配器修正
- client.ts: HTTP 客户端健壮性增强
- vite.config.js: 构建配置优化
- E2E 脚本: run-playwright-cdp-e2e 大幅增强（权限流程覆盖）

Docs:
- REAL_PROJECT_STATUS: 状态更新
- PRODUCTION_CHECKLIST/QUALITY_STANDARD/TECHNICAL_GUIDE/PROJECT_EXPERIENCE_SUMMARY: 团队规范完善
- plans/2026-04-23: 权限浏览器 CRUD 设计方案

验证: go build 0错误

											
										
										
											2026-04-24 07:30:18 +08:00
+									if req.Type == nil || *req.Type < 0 || *req.Type > 2 {
 										c.JSON(http.StatusBadRequest, gin.H{"code": 400, "message": "invalid permission type"})
 										return
 									}
 									serviceReq := service.CreatePermissionRequest{
 										Name:        req.Name,
 										Code:        req.Code,
 										Type:        *req.Type,
 										Description: req.Description,
 										ParentID:    req.ParentID,
 										Path:        req.Path,
 										Method:      req.Method,
 										Sort:        req.Sort,
 										Icon:        req.Icon,
 									}
 									perm, err := h.permissionService.CreatePermission(c.Request.Context(), &serviceReq)
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+									if err != nil {
 										handleError(c, err)
 										return
 									}
-												fix: 统一API响应格式并修复前端测试

- 所有Handler方法使用标准{code:0,message:"success",data:...}响应格式
- 修复Cursor分页响应包装(GetAllDevices,GetLoginLogs,ListUsers等)
- 修复AuthHandler和SMSHandler认证方法响应格式
- 修复operation_log.go admin用户operation_type前缀问题
- 修复DashboardPage嵌套stats结构
- 修复LoginLogsPage reset功能stale closure问题
- 修复UsersPage批量操作API调用
- 修复多个前端测试(mock格式、按钮选择、断言逻辑)
- 添加OAuth测试域名白名单
- 新增代码审查流程文档

											
										
										
											2026-04-08 20:06:54 +08:00
+									c.JSON(http.StatusCreated, gin.H{
 										"code":    0,
 										"message": "success",
 										"data":    perm,
 									})
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+								}
-												docs: add Swagger annotations to 13 API handlers

Added @Summary, @Description, @Tags, @Param, @Success, @Failure,
@Router annotations to all major handler endpoints for OpenAPI/Swagger
auto-generation. Covers 86 annotations across:

- auth_handler.go (25): all auth endpoints
- user_handler.go (14): CRUD + roles + admin management
- device_handler.go (13): device CRUD + trust management
- role_handler.go (8): role CRUD + permissions
- custom_field_handler.go (7): field CRUD + user values
- permission_handler.go (7): permission CRUD + tree
- log_handler.go (3): login/operation logs
- captcha_handler.go (3): generate/verify
- stats_handler.go (2): dashboard + user stats
- avatar_handler.go (1): upload avatar
- totp_handler.go (1): totp status
- password_reset_handler.go (1): forgot password

Partially addresses P2: missing Swagger annotations
(PRODUCTION_GAP_ANALYSIS_2026-04-08)

											
										
										
											2026-04-11 21:23:52 +08:00
+								// ListPermissions 获取权限列表
 								// @Summary 获取权限列表
 								// @Description 获取系统权限列表
 								// @Tags 权限管理
 								// @Produce json
 								// @Security BearerAuth
 								// @Success 200 {object} Response{data=[]domain.Permission} "权限列表"
 								// @Router /api/v1/permissions [get]
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+								func (h *PermissionHandler) ListPermissions(c *gin.Context) {
 									var req service.ListPermissionRequest
 									if err := c.ShouldBindQuery(&req); err != nil {
-												fix: unify handler response format in log, permission, webhook handlers

- log_handler.go: Fix GetMyLoginLogs/GetMyOperationLogs/GetLoginLogs/GetOperationLogs to use {code, message, data}
- permission_handler.go: Fix all error responses to use {code, message}
- webhook_handler.go: Add missing "message" field in success responses, wrap data in data object with list/total/page/page_size
- webhook_handler_test.go: Update test to match new response format

Standardize all JSON responses to {code: 0, message: "success", data: ...} for success
and {code: XXX, message: "..."} for errors.

											
										
										
											2026-04-11 13:12:27 +08:00
+										c.JSON(http.StatusBadRequest, gin.H{"code": 400, "message": err.Error()})
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+										return
 									}
-												fix: 统一API响应格式并修复前端测试

- 所有Handler方法使用标准{code:0,message:"success",data:...}响应格式
- 修复Cursor分页响应包装(GetAllDevices,GetLoginLogs,ListUsers等)
- 修复AuthHandler和SMSHandler认证方法响应格式
- 修复operation_log.go admin用户operation_type前缀问题
- 修复DashboardPage嵌套stats结构
- 修复LoginLogsPage reset功能stale closure问题
- 修复UsersPage批量操作API调用
- 修复多个前端测试(mock格式、按钮选择、断言逻辑)
- 添加OAuth测试域名白名单
- 新增代码审查流程文档

											
										
										
											2026-04-08 20:06:54 +08:00
+									perms, _, err := h.permissionService.ListPermissions(c.Request.Context(), &req)
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+									if err != nil {
 										handleError(c, err)
 										return
 									}
 									c.JSON(http.StatusOK, gin.H{
-												fix: 统一API响应格式并修复前端测试

- 所有Handler方法使用标准{code:0,message:"success",data:...}响应格式
- 修复Cursor分页响应包装(GetAllDevices,GetLoginLogs,ListUsers等)
- 修复AuthHandler和SMSHandler认证方法响应格式
- 修复operation_log.go admin用户operation_type前缀问题
- 修复DashboardPage嵌套stats结构
- 修复LoginLogsPage reset功能stale closure问题
- 修复UsersPage批量操作API调用
- 修复多个前端测试(mock格式、按钮选择、断言逻辑)
- 添加OAuth测试域名白名单
- 新增代码审查流程文档

											
										
										
											2026-04-08 20:06:54 +08:00
+										"code":    0,
 										"message": "success",
 										"data":    perms,
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+									})
 								}
-												docs: add Swagger annotations to 13 API handlers

Added @Summary, @Description, @Tags, @Param, @Success, @Failure,
@Router annotations to all major handler endpoints for OpenAPI/Swagger
auto-generation. Covers 86 annotations across:

- auth_handler.go (25): all auth endpoints
- user_handler.go (14): CRUD + roles + admin management
- device_handler.go (13): device CRUD + trust management
- role_handler.go (8): role CRUD + permissions
- custom_field_handler.go (7): field CRUD + user values
- permission_handler.go (7): permission CRUD + tree
- log_handler.go (3): login/operation logs
- captcha_handler.go (3): generate/verify
- stats_handler.go (2): dashboard + user stats
- avatar_handler.go (1): upload avatar
- totp_handler.go (1): totp status
- password_reset_handler.go (1): forgot password

Partially addresses P2: missing Swagger annotations
(PRODUCTION_GAP_ANALYSIS_2026-04-08)

											
										
										
											2026-04-11 21:23:52 +08:00
+								// GetPermission 获取权限详情
 								// @Summary 获取权限详情
 								// @Description 根据ID获取权限详细信息
 								// @Tags 权限管理
 								// @Produce json
 								// @Security BearerAuth
 								// @Param id path int true "权限ID"
 								// @Success 200 {object} Response{data=domain.Permission} "权限信息"
 								// @Failure 404 {object} Response "权限不存在"
 								// @Router /api/v1/permissions/{id} [get]
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+								func (h *PermissionHandler) GetPermission(c *gin.Context) {
 									id, err := strconv.ParseInt(c.Param("id"), 10, 64)
 									if err != nil {
-												fix: unify handler response format in log, permission, webhook handlers

- log_handler.go: Fix GetMyLoginLogs/GetMyOperationLogs/GetLoginLogs/GetOperationLogs to use {code, message, data}
- permission_handler.go: Fix all error responses to use {code, message}
- webhook_handler.go: Add missing "message" field in success responses, wrap data in data object with list/total/page/page_size
- webhook_handler_test.go: Update test to match new response format

Standardize all JSON responses to {code: 0, message: "success", data: ...} for success
and {code: XXX, message: "..."} for errors.

											
										
										
											2026-04-11 13:12:27 +08:00
+										c.JSON(http.StatusBadRequest, gin.H{"code": 400, "message": "invalid permission id"})
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+										return
 									}
 									perm, err := h.permissionService.GetPermission(c.Request.Context(), id)
 									if err != nil {
 										handleError(c, err)
 										return
 									}
-												fix: 统一API响应格式并修复前端测试

- 所有Handler方法使用标准{code:0,message:"success",data:...}响应格式
- 修复Cursor分页响应包装(GetAllDevices,GetLoginLogs,ListUsers等)
- 修复AuthHandler和SMSHandler认证方法响应格式
- 修复operation_log.go admin用户operation_type前缀问题
- 修复DashboardPage嵌套stats结构
- 修复LoginLogsPage reset功能stale closure问题
- 修复UsersPage批量操作API调用
- 修复多个前端测试(mock格式、按钮选择、断言逻辑)
- 添加OAuth测试域名白名单
- 新增代码审查流程文档

											
										
										
											2026-04-08 20:06:54 +08:00
+									c.JSON(http.StatusOK, gin.H{
 										"code":    0,
 										"message": "success",
 										"data":    perm,
 									})
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+								}
-												docs: add Swagger annotations to 13 API handlers

Added @Summary, @Description, @Tags, @Param, @Success, @Failure,
@Router annotations to all major handler endpoints for OpenAPI/Swagger
auto-generation. Covers 86 annotations across:

- auth_handler.go (25): all auth endpoints
- user_handler.go (14): CRUD + roles + admin management
- device_handler.go (13): device CRUD + trust management
- role_handler.go (8): role CRUD + permissions
- custom_field_handler.go (7): field CRUD + user values
- permission_handler.go (7): permission CRUD + tree
- log_handler.go (3): login/operation logs
- captcha_handler.go (3): generate/verify
- stats_handler.go (2): dashboard + user stats
- avatar_handler.go (1): upload avatar
- totp_handler.go (1): totp status
- password_reset_handler.go (1): forgot password

Partially addresses P2: missing Swagger annotations
(PRODUCTION_GAP_ANALYSIS_2026-04-08)

											
										
										
											2026-04-11 21:23:52 +08:00
+								// UpdatePermission 更新权限
 								// @Summary 更新权限
 								// @Description 更新权限信息（仅管理员）
 								// @Tags 权限管理
 								// @Accept json
 								// @Produce json
 								// @Security BearerAuth
 								// @Param id path int true "权限ID"
 								// @Param request body service.UpdatePermissionRequest true "更新信息"
 								// @Success 200 {object} Response{data=domain.Permission} "更新成功"
 								// @Failure 400 {object} Response "请求参数错误"
 								// @Failure 403 {object} Response "无权限"
 								// @Failure 404 {object} Response "权限不存在"
 								// @Router /api/v1/permissions/{id} [put]
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+								func (h *PermissionHandler) UpdatePermission(c *gin.Context) {
 									id, err := strconv.ParseInt(c.Param("id"), 10, 64)
 									if err != nil {
-												fix: unify handler response format in log, permission, webhook handlers

- log_handler.go: Fix GetMyLoginLogs/GetMyOperationLogs/GetLoginLogs/GetOperationLogs to use {code, message, data}
- permission_handler.go: Fix all error responses to use {code, message}
- webhook_handler.go: Add missing "message" field in success responses, wrap data in data object with list/total/page/page_size
- webhook_handler_test.go: Update test to match new response format

Standardize all JSON responses to {code: 0, message: "success", data: ...} for success
and {code: XXX, message: "..."} for errors.

											
										
										
											2026-04-11 13:12:27 +08:00
+										c.JSON(http.StatusBadRequest, gin.H{"code": 400, "message": "invalid permission id"})
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+										return
 									}
 									var req service.UpdatePermissionRequest
 									if err := c.ShouldBindJSON(&req); err != nil {
-												fix: unify handler response format in log, permission, webhook handlers

- log_handler.go: Fix GetMyLoginLogs/GetMyOperationLogs/GetLoginLogs/GetOperationLogs to use {code, message, data}
- permission_handler.go: Fix all error responses to use {code, message}
- webhook_handler.go: Add missing "message" field in success responses, wrap data in data object with list/total/page/page_size
- webhook_handler_test.go: Update test to match new response format

Standardize all JSON responses to {code: 0, message: "success", data: ...} for success
and {code: XXX, message: "..."} for errors.

											
										
										
											2026-04-11 13:12:27 +08:00
+										c.JSON(http.StatusBadRequest, gin.H{"code": 400, "message": err.Error()})
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+										return
 									}
 									perm, err := h.permissionService.UpdatePermission(c.Request.Context(), id, &req)
 									if err != nil {
 										handleError(c, err)
 										return
 									}
-												fix: 统一API响应格式并修复前端测试

- 所有Handler方法使用标准{code:0,message:"success",data:...}响应格式
- 修复Cursor分页响应包装(GetAllDevices,GetLoginLogs,ListUsers等)
- 修复AuthHandler和SMSHandler认证方法响应格式
- 修复operation_log.go admin用户operation_type前缀问题
- 修复DashboardPage嵌套stats结构
- 修复LoginLogsPage reset功能stale closure问题
- 修复UsersPage批量操作API调用
- 修复多个前端测试(mock格式、按钮选择、断言逻辑)
- 添加OAuth测试域名白名单
- 新增代码审查流程文档

											
										
										
											2026-04-08 20:06:54 +08:00
+									c.JSON(http.StatusOK, gin.H{
 										"code":    0,
 										"message": "success",
 										"data":    perm,
 									})
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+								}
-												docs: add Swagger annotations to 13 API handlers

Added @Summary, @Description, @Tags, @Param, @Success, @Failure,
@Router annotations to all major handler endpoints for OpenAPI/Swagger
auto-generation. Covers 86 annotations across:

- auth_handler.go (25): all auth endpoints
- user_handler.go (14): CRUD + roles + admin management
- device_handler.go (13): device CRUD + trust management
- role_handler.go (8): role CRUD + permissions
- custom_field_handler.go (7): field CRUD + user values
- permission_handler.go (7): permission CRUD + tree
- log_handler.go (3): login/operation logs
- captcha_handler.go (3): generate/verify
- stats_handler.go (2): dashboard + user stats
- avatar_handler.go (1): upload avatar
- totp_handler.go (1): totp status
- password_reset_handler.go (1): forgot password

Partially addresses P2: missing Swagger annotations
(PRODUCTION_GAP_ANALYSIS_2026-04-08)

											
										
										
											2026-04-11 21:23:52 +08:00
+								// DeletePermission 删除权限
 								// @Summary 删除权限
 								// @Description 删除权限定义（仅管理员）
 								// @Tags 权限管理
 								// @Produce json
 								// @Security BearerAuth
 								// @Param id path int true "权限ID"
 								// @Success 200 {object} Response "删除成功"
 								// @Failure 403 {object} Response "无权限"
 								// @Failure 404 {object} Response "权限不存在"
 								// @Router /api/v1/permissions/{id} [delete]
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+								func (h *PermissionHandler) DeletePermission(c *gin.Context) {
 									id, err := strconv.ParseInt(c.Param("id"), 10, 64)
 									if err != nil {
-												fix: unify handler response format in log, permission, webhook handlers

- log_handler.go: Fix GetMyLoginLogs/GetMyOperationLogs/GetLoginLogs/GetOperationLogs to use {code, message, data}
- permission_handler.go: Fix all error responses to use {code, message}
- webhook_handler.go: Add missing "message" field in success responses, wrap data in data object with list/total/page/page_size
- webhook_handler_test.go: Update test to match new response format

Standardize all JSON responses to {code: 0, message: "success", data: ...} for success
and {code: XXX, message: "..."} for errors.

											
										
										
											2026-04-11 13:12:27 +08:00
+										c.JSON(http.StatusBadRequest, gin.H{"code": 400, "message": "invalid permission id"})
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+										return
 									}
 									if err := h.permissionService.DeletePermission(c.Request.Context(), id); err != nil {
 										handleError(c, err)
 										return
 									}
-												fix: 统一API响应格式并修复前端测试

- 所有Handler方法使用标准{code:0,message:"success",data:...}响应格式
- 修复Cursor分页响应包装(GetAllDevices,GetLoginLogs,ListUsers等)
- 修复AuthHandler和SMSHandler认证方法响应格式
- 修复operation_log.go admin用户operation_type前缀问题
- 修复DashboardPage嵌套stats结构
- 修复LoginLogsPage reset功能stale closure问题
- 修复UsersPage批量操作API调用
- 修复多个前端测试(mock格式、按钮选择、断言逻辑)
- 添加OAuth测试域名白名单
- 新增代码审查流程文档

											
										
										
											2026-04-08 20:06:54 +08:00
+									c.JSON(http.StatusOK, gin.H{
 										"code":    0,
 										"message": "permission deleted",
 									})
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+								}
-												docs: add Swagger annotations to 13 API handlers

Added @Summary, @Description, @Tags, @Param, @Success, @Failure,
@Router annotations to all major handler endpoints for OpenAPI/Swagger
auto-generation. Covers 86 annotations across:

- auth_handler.go (25): all auth endpoints
- user_handler.go (14): CRUD + roles + admin management
- device_handler.go (13): device CRUD + trust management
- role_handler.go (8): role CRUD + permissions
- custom_field_handler.go (7): field CRUD + user values
- permission_handler.go (7): permission CRUD + tree
- log_handler.go (3): login/operation logs
- captcha_handler.go (3): generate/verify
- stats_handler.go (2): dashboard + user stats
- avatar_handler.go (1): upload avatar
- totp_handler.go (1): totp status
- password_reset_handler.go (1): forgot password

Partially addresses P2: missing Swagger annotations
(PRODUCTION_GAP_ANALYSIS_2026-04-08)

											
										
										
											2026-04-11 21:23:52 +08:00
+								// UpdatePermissionStatus 更新权限状态
 								// @Summary 更新权限状态
 								// @Description 更新权限状态（enabled/disabled）（仅管理员）
 								// @Tags 权限管理
 								// @Accept json
 								// @Produce json
 								// @Security BearerAuth
 								// @Param id path int true "权限ID"
 								// @Param request body UpdatePermissionStatusRequest true "状态信息"
 								// @Success 200 {object} Response "状态更新成功"
 								// @Failure 400 {object} Response "无效的状态值"
 								// @Failure 403 {object} Response "无权限"
 								// @Failure 404 {object} Response "权限不存在"
 								// @Router /api/v1/permissions/{id}/status [put]
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+								func (h *PermissionHandler) UpdatePermissionStatus(c *gin.Context) {
 									id, err := strconv.ParseInt(c.Param("id"), 10, 64)
 									if err != nil {
-												fix: unify handler response format in log, permission, webhook handlers

- log_handler.go: Fix GetMyLoginLogs/GetMyOperationLogs/GetLoginLogs/GetOperationLogs to use {code, message, data}
- permission_handler.go: Fix all error responses to use {code, message}
- webhook_handler.go: Add missing "message" field in success responses, wrap data in data object with list/total/page/page_size
- webhook_handler_test.go: Update test to match new response format

Standardize all JSON responses to {code: 0, message: "success", data: ...} for success
and {code: XXX, message: "..."} for errors.

											
										
										
											2026-04-11 13:12:27 +08:00
+										c.JSON(http.StatusBadRequest, gin.H{"code": 400, "message": "invalid permission id"})
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+										return
 									}
 									var req struct {
-												feat: permissions CRUD browser integration + E2E enhancements

Backend:
- permission_handler: 完善权限 CRUD 接口（列表/创建/更新/删除）
- auth_handler: 修复认证处理逻辑
- router: 新增权限管理路由
- handler_test: 新增权限 handler 测试覆盖

Frontend:
- permissions.ts/test.ts: 权限服务层完整实现
- profile/settings/service_tests: 服务适配器修正
- client.ts: HTTP 客户端健壮性增强
- vite.config.js: 构建配置优化
- E2E 脚本: run-playwright-cdp-e2e 大幅增强（权限流程覆盖）

Docs:
- REAL_PROJECT_STATUS: 状态更新
- PRODUCTION_CHECKLIST/QUALITY_STANDARD/TECHNICAL_GUIDE/PROJECT_EXPERIENCE_SUMMARY: 团队规范完善
- plans/2026-04-23: 权限浏览器 CRUD 设计方案

验证: go build 0错误

											
										
										
											2026-04-24 07:30:18 +08:00
+										Status json.RawMessage `json:"status" binding:"required"`
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+									}
 									if err := c.ShouldBindJSON(&req); err != nil {
-												fix: unify handler response format in log, permission, webhook handlers

- log_handler.go: Fix GetMyLoginLogs/GetMyOperationLogs/GetLoginLogs/GetOperationLogs to use {code, message, data}
- permission_handler.go: Fix all error responses to use {code, message}
- webhook_handler.go: Add missing "message" field in success responses, wrap data in data object with list/total/page/page_size
- webhook_handler_test.go: Update test to match new response format

Standardize all JSON responses to {code: 0, message: "success", data: ...} for success
and {code: XXX, message: "..."} for errors.

											
										
										
											2026-04-11 13:12:27 +08:00
+										c.JSON(http.StatusBadRequest, gin.H{"code": 400, "message": err.Error()})
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+										return
 									}
-												feat: permissions CRUD browser integration + E2E enhancements

Backend:
- permission_handler: 完善权限 CRUD 接口（列表/创建/更新/删除）
- auth_handler: 修复认证处理逻辑
- router: 新增权限管理路由
- handler_test: 新增权限 handler 测试覆盖

Frontend:
- permissions.ts/test.ts: 权限服务层完整实现
- profile/settings/service_tests: 服务适配器修正
- client.ts: HTTP 客户端健壮性增强
- vite.config.js: 构建配置优化
- E2E 脚本: run-playwright-cdp-e2e 大幅增强（权限流程覆盖）

Docs:
- REAL_PROJECT_STATUS: 状态更新
- PRODUCTION_CHECKLIST/QUALITY_STANDARD/TECHNICAL_GUIDE/PROJECT_EXPERIENCE_SUMMARY: 团队规范完善
- plans/2026-04-23: 权限浏览器 CRUD 设计方案

验证: go build 0错误

											
										
										
											2026-04-24 07:30:18 +08:00
+									status, ok := parsePermissionStatus(req.Status)
 									if !ok {
-												fix: unify handler response format in log, permission, webhook handlers

- log_handler.go: Fix GetMyLoginLogs/GetMyOperationLogs/GetLoginLogs/GetOperationLogs to use {code, message, data}
- permission_handler.go: Fix all error responses to use {code, message}
- webhook_handler.go: Add missing "message" field in success responses, wrap data in data object with list/total/page/page_size
- webhook_handler_test.go: Update test to match new response format

Standardize all JSON responses to {code: 0, message: "success", data: ...} for success
and {code: XXX, message: "..."} for errors.

											
										
										
											2026-04-11 13:12:27 +08:00
+										c.JSON(http.StatusBadRequest, gin.H{"code": 400, "message": "invalid status"})
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+										return
 									}
 									if err := h.permissionService.UpdatePermissionStatus(c.Request.Context(), id, status); err != nil {
 										handleError(c, err)
 										return
 									}
-												fix: 统一API响应格式并修复前端测试

- 所有Handler方法使用标准{code:0,message:"success",data:...}响应格式
- 修复Cursor分页响应包装(GetAllDevices,GetLoginLogs,ListUsers等)
- 修复AuthHandler和SMSHandler认证方法响应格式
- 修复operation_log.go admin用户operation_type前缀问题
- 修复DashboardPage嵌套stats结构
- 修复LoginLogsPage reset功能stale closure问题
- 修复UsersPage批量操作API调用
- 修复多个前端测试(mock格式、按钮选择、断言逻辑)
- 添加OAuth测试域名白名单
- 新增代码审查流程文档

											
										
										
											2026-04-08 20:06:54 +08:00
+									c.JSON(http.StatusOK, gin.H{
 										"code":    0,
 										"message": "status updated",
 									})
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+								}
-												docs: add Swagger annotations to 13 API handlers

Added @Summary, @Description, @Tags, @Param, @Success, @Failure,
@Router annotations to all major handler endpoints for OpenAPI/Swagger
auto-generation. Covers 86 annotations across:

- auth_handler.go (25): all auth endpoints
- user_handler.go (14): CRUD + roles + admin management
- device_handler.go (13): device CRUD + trust management
- role_handler.go (8): role CRUD + permissions
- custom_field_handler.go (7): field CRUD + user values
- permission_handler.go (7): permission CRUD + tree
- log_handler.go (3): login/operation logs
- captcha_handler.go (3): generate/verify
- stats_handler.go (2): dashboard + user stats
- avatar_handler.go (1): upload avatar
- totp_handler.go (1): totp status
- password_reset_handler.go (1): forgot password

Partially addresses P2: missing Swagger annotations
(PRODUCTION_GAP_ANALYSIS_2026-04-08)

											
										
										
											2026-04-11 21:23:52 +08:00
+								// GetPermissionTree 获取权限树
 								// @Summary 获取权限树
 								// @Description 获取系统权限的树形结构
 								// @Tags 权限管理
 								// @Produce json
 								// @Security BearerAuth
 								// @Success 200 {object} Response{data=[]domain.Permission} "权限树"
 								// @Router /api/v1/permissions/tree [get]
-												feat: permissions CRUD browser integration + E2E enhancements

Backend:
- permission_handler: 完善权限 CRUD 接口（列表/创建/更新/删除）
- auth_handler: 修复认证处理逻辑
- router: 新增权限管理路由
- handler_test: 新增权限 handler 测试覆盖

Frontend:
- permissions.ts/test.ts: 权限服务层完整实现
- profile/settings/service_tests: 服务适配器修正
- client.ts: HTTP 客户端健壮性增强
- vite.config.js: 构建配置优化
- E2E 脚本: run-playwright-cdp-e2e 大幅增强（权限流程覆盖）

Docs:
- REAL_PROJECT_STATUS: 状态更新
- PRODUCTION_CHECKLIST/QUALITY_STANDARD/TECHNICAL_GUIDE/PROJECT_EXPERIENCE_SUMMARY: 团队规范完善
- plans/2026-04-23: 权限浏览器 CRUD 设计方案

验证: go build 0错误

											
										
										
											2026-04-24 07:30:18 +08:00
+								func parsePermissionStatus(raw json.RawMessage) (domain.PermissionStatus, bool) {
 									var statusText string
 									if err := json.Unmarshal(raw, &statusText); err == nil {
 										switch statusText {
 										case "enabled", "1":
 											return domain.PermissionStatusEnabled, true
 										case "disabled", "0":
 											return domain.PermissionStatusDisabled, true
 										}
 									}
 									var statusNumber int
 									if err := json.Unmarshal(raw, &statusNumber); err == nil {
 										switch statusNumber {
 										case 1:
 											return domain.PermissionStatusEnabled, true
 										case 0:
 											return domain.PermissionStatusDisabled, true
 										}
 									}
 									return domain.PermissionStatusDisabled, false
 								}
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+								func (h *PermissionHandler) GetPermissionTree(c *gin.Context) {
 									tree, err := h.permissionService.GetPermissionTree(c.Request.Context())
 									if err != nil {
 										handleError(c, err)
 										return
 									}
-												fix: 统一API响应格式并修复前端测试

- 所有Handler方法使用标准{code:0,message:"success",data:...}响应格式
- 修复Cursor分页响应包装(GetAllDevices,GetLoginLogs,ListUsers等)
- 修复AuthHandler和SMSHandler认证方法响应格式
- 修复operation_log.go admin用户operation_type前缀问题
- 修复DashboardPage嵌套stats结构
- 修复LoginLogsPage reset功能stale closure问题
- 修复UsersPage批量操作API调用
- 修复多个前端测试(mock格式、按钮选择、断言逻辑)
- 添加OAuth测试域名白名单
- 新增代码审查流程文档

											
										
										
											2026-04-08 20:06:54 +08:00
+									c.JSON(http.StatusOK, gin.H{
 										"code":    0,
 										"message": "success",
 										"data":    tree,
 									})
-												feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers

											
										
										
											2026-04-02 11:19:50 +08:00
+								}