Add audit log UI and backend API seeded E2E

- Add Auth Context route role guards so doctors cannot directly enter template management, user management, or audit logs.

- Add Audit Logs page, sidebar entry, frontend audit API client, and API client test.

- Add backend audit log query endpoint with super/admin visibility rules and query filtering.

- Extend PostgreSQL integration tests to cover audit log query permissions.

- Move Playwright E2E away from localStorage seed data to real backend API login and seed helpers.

- Add E2E coverage for route guards and audit log visibility.

- Run Playwright backend on port 3100 and proxy Vite API requests there to avoid local port conflicts.

- Make server:dev use the compiled NestJS server path, avoiding tsx parameter-property injection issues.

- Update README, AGENTS, feature, testing, security, deployment, progress, API, backendization, and auth/user module docs.
This commit is contained in:
2026-05-02 02:04:56 +08:00
parent a16f522a4b
commit 750cf4129d
31 changed files with 719 additions and 261 deletions

View File

@@ -43,7 +43,7 @@
- `POST /api/files`
- `DELETE /api/files/:id`
报告媒体关系表、数据库 Session 和第一版审计日志已实现;查看日志、第三方调用摘要和后端导出接口仍是后续项。
报告媒体关系表、数据库 Session 和第一版审计日志已实现;审计日志查询 API 已提供给超级管理员和管理员使用;第三方调用摘要和后端导出接口仍是后续项。
## 通用约定
@@ -643,6 +643,48 @@ interface FieldLibraryDTO {
- 模板图片资源当前登录用户可读取,删除权限限制为超级管理员、管理员或 owner。
- 签名文件已先行通过 `POST /api/users/:id/signature` 实现。
## Audit API
### `GET /api/audit-logs`
查询审计日志。超级管理员可查看当前租户全部日志;管理员可查看本部门或自己作为操作者的日志;医生不可访问。
查询参数:
```text
page=1
pageSize=50
action=report.complete
targetType=Report
actor=admin
```
返回:
```json
{
"data": {
"items": [
{
"id": "log_xxx",
"actorUsername": "admin",
"actorName": "超级管理员",
"actorRole": "super",
"action": "report.complete",
"targetType": "Report",
"targetId": "report_xxx",
"departmentId": "dept_xxx",
"metadata": { "title": "报告标题" },
"createdAt": "2026-05-02T00:00:00.000Z"
}
],
"total": 1,
"page": 1,
"pageSize": 50
}
}
```
## 后续测试落点
后端骨架建立后,应把本文档转为真实测试: