feat: HR Portal - Complete Multi-Tenant System with Redis Session Storage

Major Features: - ✅ Multi-tenant architecture (tenant isolation) - ✅ Employee CRUD with lifecycle management (onboarding/offboarding) - ✅ Department tree structure with email domain management - ✅ Company info management (single-record editing) - ✅ System functions CRUD (permission management) - ✅ Email account management (multi-account per employee) - ✅ Keycloak SSO integration (auth.lab.taipei) - ✅ Redis session storage (10.1.0.254:6379) - Solves Cookie 4KB limitation - Cross-system session sharing - Sliding expiration (8 hours) - Automatic token refresh Technical Stack: Backend: - FastAPI + SQLAlchemy - PostgreSQL 16 (10.1.0.20:5433) - Keycloak Admin API integration - Docker Mailserver integration (SSH) - Alembic migrations Frontend: - Next.js 14 (App Router) - NextAuth 4 with Keycloak Provider - Redis session storage (ioredis) - Tailwind CSS Infrastructure: - Redis 7 (10.1.0.254:6379) - Session + Cache - Keycloak 26.1.0 (auth.lab.taipei) - Docker Mailserver (10.1.0.254) Architecture Highlights: - Session管理由 Keycloak + Redis 統一控制 - 支援多系統 (HR/WebMail/Calendar/Drive/Office) 共享 session - Token 自動刷新,異質服務整合 - 未來可無縫遷移到雲端 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-23 20:12:43 +08:00
commit 360533393f
386 changed files with 70353 additions and 0 deletions
--- a/backend/create_tenant_role_rights.py
+++ b/backend/create_tenant_role_rights.py
@@ -0,0 +1,81 @@
+"""
+建立 tenant_role_rights 表
+"""
+import psycopg2
+
+conn = psycopg2.connect(
+    host="10.1.0.20",
+    port=5433,
+    database="hr_portal",
+    user="admin",
+    password="DC1qaz2wsx"
+)
+conn.autocommit = False
+cur = conn.cursor()
+
+try:
+    print("Creating tenant_role_rights table...")
+
+    cur.execute("""
+        CREATE TABLE IF NOT EXISTS tenant_role_rights (
+            id SERIAL PRIMARY KEY,
+            role_id INTEGER NOT NULL REFERENCES tenant_user_roles(id) ON DELETE CASCADE,
+            function_id INTEGER NOT NULL REFERENCES system_functions_cache(id) ON DELETE CASCADE,
+            can_read BOOLEAN NOT NULL DEFAULT FALSE,
+            can_create BOOLEAN NOT NULL DEFAULT FALSE,
+            can_update BOOLEAN NOT NULL DEFAULT FALSE,
+            can_delete BOOLEAN NOT NULL DEFAULT FALSE,
+            is_active BOOLEAN NOT NULL DEFAULT TRUE,
+            edit_by VARCHAR(100),
+            created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+            updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+            CONSTRAINT uq_role_function UNIQUE (role_id, function_id)
+        );
+    """)
+
+    # 建立索引
+    cur.execute("""
+        CREATE INDEX IF NOT EXISTS idx_role_rights_role
+        ON tenant_role_rights(role_id);
+    """)
+
+    cur.execute("""
+        CREATE INDEX IF NOT EXISTS idx_role_rights_function
+        ON tenant_role_rights(function_id);
+    """)
+
+    conn.commit()
+    print("SUCCESS: tenant_role_rights table created")
+
+    # 驗證
+    cur.execute("""
+        SELECT table_name
+        FROM information_schema.tables
+        WHERE table_name = 'tenant_role_rights';
+    """)
+    result = cur.fetchone()
+    if result:
+        print(f"Verified: {result[0]} table exists")
+
+        # 查看表結構
+        cur.execute("""
+            SELECT column_name, data_type
+            FROM information_schema.columns
+            WHERE table_name = 'tenant_role_rights'
+            ORDER BY ordinal_position;
+        """)
+        columns = cur.fetchall()
+        print("\nTable structure:")
+        for col in columns:
+            print(f"  {col[0]:<20} {col[1]}")
+    else:
+        print("ERROR: Table not found after creation")
+
+except Exception as e:
+    conn.rollback()
+    print(f"ERROR: {e}")
+    import traceback
+    traceback.print_exc()
+finally:
+    cur.close()
+    conn.close()