Add audit log UI and backend API seeded E2E

- Add Auth Context route role guards so doctors cannot directly enter template management, user management, or audit logs.

- Add Audit Logs page, sidebar entry, frontend audit API client, and API client test.

- Add backend audit log query endpoint with super/admin visibility rules and query filtering.

- Extend PostgreSQL integration tests to cover audit log query permissions.

- Move Playwright E2E away from localStorage seed data to real backend API login and seed helpers.

- Add E2E coverage for route guards and audit log visibility.

- Run Playwright backend on port 3100 and proxy Vite API requests there to avoid local port conflicts.

- Make server:dev use the compiled NestJS server path, avoiding tsx parameter-property injection issues.

- Update README, AGENTS, feature, testing, security, deployment, progress, API, backendization, and auth/user module docs.
This commit is contained in:
2026-05-02 02:04:56 +08:00
parent a16f522a4b
commit 750cf4129d
31 changed files with 719 additions and 261 deletions

View File

@@ -1,39 +1,27 @@
import { expect, test } from '@playwright/test';
import { baseTemplates, baseUsers, seedLocalStorage } from './helpers';
import { apiRequest, createReportByApi, loginByApi, uniqueId } from './helpers';
test('editing a completed report increments revision and preserves history', async ({ page }) => {
await seedLocalStorage(page, {
users: baseUsers,
templates: baseTemplates,
currentUser: baseUsers[2],
reports: [
{
id: 'RPT_DONE',
title: '已完成报告',
patientName: '患者甲',
hospitalId: 'H001',
department: '外科',
content: '<p>旧报告内容</p>',
author: '0001',
authorName: '张医生',
createdAt: '2026-05-01',
updatedAt: '2026-05-01T08:00:00.000Z',
status: 'completed',
revision: 1,
history: [],
},
],
await loginByApi(page, '0001');
const title = `已完成报告 ${uniqueId('revision')}`;
const created = await createReportByApi(page.request, {
title,
patientName: '患者甲',
hospitalId: uniqueId('H'),
content: '<p>旧报告内容</p>',
status: 'completed',
});
await page.goto('/report-editor?id=RPT_DONE');
await expect(page.getByText('编辑报告: RPT_DONE')).toBeVisible();
await page.goto(`/report-editor?id=${created.id}`);
await expect(page.getByText(`编辑报告: ${created.id}`)).toBeVisible();
await page.getByRole('textbox', { name: '患者姓名' }).fill('患者甲');
await page.getByRole('textbox', { name: '住院号' }).fill(created.hospitalId);
await page.getByRole('button', { name: '完成报告' }).click();
await page.waitForURL('**/report-manage');
const report = await page.evaluate(() => {
return JSON.parse(window.localStorage.getItem('reports') || '[]')[0];
});
const data = await apiRequest<{ report: any }>(page.request, 'get', `/api/reports/${created.id}`);
const report = data.report;
expect(report.revision).toBe(2);
expect(report.history).toHaveLength(1);