Add audit log UI and backend API seeded E2E
- Add Auth Context route role guards so doctors cannot directly enter template management, user management, or audit logs. - Add Audit Logs page, sidebar entry, frontend audit API client, and API client test. - Add backend audit log query endpoint with super/admin visibility rules and query filtering. - Extend PostgreSQL integration tests to cover audit log query permissions. - Move Playwright E2E away from localStorage seed data to real backend API login and seed helpers. - Add E2E coverage for route guards and audit log visibility. - Run Playwright backend on port 3100 and proxy Vite API requests there to avoid local port conflicts. - Make server:dev use the compiled NestJS server path, avoiding tsx parameter-property injection issues. - Update README, AGENTS, feature, testing, security, deployment, progress, API, backendization, and auth/user module docs.
This commit is contained in:
@@ -25,6 +25,8 @@
|
||||
|
||||
后端角色 `doctor` 会映射为当前前端历史类型中的 `user`。前端会保留本地签名和已有模板授权字段,避免迁移期丢失医生个人模板或签名。
|
||||
|
||||
路由层使用 Auth Context 做统一角色守卫:医生不能直接进入模板管理、用户管理和审计日志页面;超级管理员和管理员可进入这些管理页。该守卫只负责前端体验,生产安全边界仍以后端 API 权限校验为准。
|
||||
|
||||
## 默认账号
|
||||
|
||||
| 用户ID | 密码 | 角色 | 说明 |
|
||||
|
||||
Reference in New Issue
Block a user