feat: HR Portal - Complete Multi-Tenant System with Redis Session Storage

Major Features: - ✅ Multi-tenant architecture (tenant isolation) - ✅ Employee CRUD with lifecycle management (onboarding/offboarding) - ✅ Department tree structure with email domain management - ✅ Company info management (single-record editing) - ✅ System functions CRUD (permission management) - ✅ Email account management (multi-account per employee) - ✅ Keycloak SSO integration (auth.lab.taipei) - ✅ Redis session storage (10.1.0.254:6379) - Solves Cookie 4KB limitation - Cross-system session sharing - Sliding expiration (8 hours) - Automatic token refresh Technical Stack: Backend: - FastAPI + SQLAlchemy - PostgreSQL 16 (10.1.0.20:5433) - Keycloak Admin API integration - Docker Mailserver integration (SSH) - Alembic migrations Frontend: - Next.js 14 (App Router) - NextAuth 4 with Keycloak Provider - Redis session storage (ioredis) - Tailwind CSS Infrastructure: - Redis 7 (10.1.0.254:6379) - Session + Cache - Keycloak 26.1.0 (auth.lab.taipei) - Docker Mailserver (10.1.0.254) Architecture Highlights: - Session管理由 Keycloak + Redis 統一控制 - 支援多系統 (HR/WebMail/Calendar/Drive/Office) 共享 session - Token 自動刷新,異質服務整合 - 未來可無縫遷移到雲端 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-23 20:12:43 +08:00
commit 360533393f
386 changed files with 70353 additions and 0 deletions
--- a/frontend/services/permissions.ts
+++ b/frontend/services/permissions.ts
@@ -0,0 +1,83 @@
+/**
+ * 系統權限服務
+ * 處理所有與系統權限相關的 API 請求
+ */
+import { apiClient } from '@/lib/api-client'
+import type {
+  Permission,
+  CreatePermissionInput,
+  UpdatePermissionInput,
+  PermissionBatchCreateInput,
+  SystemInfo,
+  PaginatedResponse,
+  SystemName,
+  AccessLevel,
+} from '@/types'
+
+export interface PermissionListParams {
+  page?: number
+  page_size?: number
+  employee_id?: number
+  system_name?: SystemName
+  access_level?: AccessLevel
+}
+
+export const permissionsService = {
+  /**
+   * 獲取權限列表
+   */
+  async list(params?: PermissionListParams): Promise<PaginatedResponse<Permission>> {
+    return apiClient.get<PaginatedResponse<Permission>>('/permissions', {
+      params,
+    })
+  },
+
+  /**
+   * 獲取權限詳情
+   */
+  async get(id: number): Promise<Permission> {
+    return apiClient.get<Permission>(`/permissions/${id}`)
+  },
+
+  /**
+   * 創建權限
+   */
+  async create(data: CreatePermissionInput): Promise<Permission> {
+    return apiClient.post<Permission>('/permissions', data)
+  },
+
+  /**
+   * 更新權限
+   */
+  async update(id: number, data: UpdatePermissionInput): Promise<Permission> {
+    return apiClient.put<Permission>(`/permissions/${id}`, data)
+  },
+
+  /**
+   * 刪除權限
+   */
+  async delete(id: number): Promise<{ message: string }> {
+    return apiClient.delete<{ message: string }>(`/permissions/${id}`)
+  },
+
+  /**
+   * 獲取員工的所有系統權限
+   */
+  async getByEmployee(employeeId: number): Promise<Permission[]> {
+    return apiClient.get<Permission[]>(`/permissions/employees/${employeeId}/permissions`)
+  },
+
+  /**
+   * 批量創建權限
+   */
+  async batchCreate(data: PermissionBatchCreateInput): Promise<Permission[]> {
+    return apiClient.post<Permission[]>('/permissions/batch', data)
+  },
+
+  /**
+   * 獲取可授權的系統列表
+   */
+  async getSystems(): Promise<SystemInfo> {
+    return apiClient.get<SystemInfo>('/permissions/systems')
+  },
+}