feat: HR Portal - Complete Multi-Tenant System with Redis Session Storage

Major Features: - ✅ Multi-tenant architecture (tenant isolation) - ✅ Employee CRUD with lifecycle management (onboarding/offboarding) - ✅ Department tree structure with email domain management - ✅ Company info management (single-record editing) - ✅ System functions CRUD (permission management) - ✅ Email account management (multi-account per employee) - ✅ Keycloak SSO integration (auth.lab.taipei) - ✅ Redis session storage (10.1.0.254:6379) - Solves Cookie 4KB limitation - Cross-system session sharing - Sliding expiration (8 hours) - Automatic token refresh Technical Stack: Backend: - FastAPI + SQLAlchemy - PostgreSQL 16 (10.1.0.20:5433) - Keycloak Admin API integration - Docker Mailserver integration (SSH) - Alembic migrations Frontend: - Next.js 14 (App Router) - NextAuth 4 with Keycloak Provider - Redis session storage (ioredis) - Tailwind CSS Infrastructure: - Redis 7 (10.1.0.254:6379) - Session + Cache - Keycloak 26.1.0 (auth.lab.taipei) - Docker Mailserver (10.1.0.254) Architecture Highlights: - Session管理由 Keycloak + Redis 統一控制 - 支援多系統 (HR/WebMail/Calendar/Drive/Office) 共享 session - Token 自動刷新,異質服務整合 - 未來可無縫遷移到雲端 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-23 20:12:43 +08:00
commit 360533393f
386 changed files with 70353 additions and 0 deletions
--- a/frontend/services/systemFunction.service.ts
+++ b/frontend/services/systemFunction.service.ts
@@ -0,0 +1,73 @@
+/**
+ * System Function Service
+ * 系統功能列表服務
+ */
+
+const API_BASE_URL = process.env.NEXT_PUBLIC_API_URL || 'http://localhost:10181';
+
+export interface SystemFunctionNode {
+  id: number;
+  code: string;
+  name: string;
+  function_type: number; // 1=NODE, 2=FUNCTION
+  order: number;
+  function_icon: string;
+  module_code: string | null;
+  module_functions: string[]; // ["View", "Create", "Read", "Update", "Delete"]
+  description: string;
+  children: SystemFunctionNode[];
+}
+
+export const systemFunctionService = {
+  /**
+   * 取得功能列表樹狀結構
+   * @param isSysmana 是否為系統管理公司
+   * @returns Promise<SystemFunctionNode[]>
+   */
+  async getMenuTree(isSysmana: boolean = false): Promise<SystemFunctionNode[]> {
+    try {
+      const url = `${API_BASE_URL}/api/v1/system-functions/menu/tree?is_sysmana=${isSysmana}`;
+      console.log('[SystemFunctionService] Fetching menu tree:', url);
+      console.log('[SystemFunctionService] is_sysmana parameter:', isSysmana);
+
+      const response = await fetch(url, {
+        method: 'GET',
+        headers: {
+          'Content-Type': 'application/json',
+        },
+        credentials: 'include', // 包含 cookies (用於認證)
+      });
+
+      if (!response.ok) {
+        throw new Error(`Failed to fetch menu tree: ${response.statusText}`);
+      }
+
+      const data = await response.json();
+      console.log('[SystemFunctionService] Received menu items:', data.length);
+      console.log('[SystemFunctionService] Menu data:', data);
+      return data;
+    } catch (error) {
+      console.error('Error fetching menu tree:', error);
+      throw error;
+    }
+  },
+
+  /**
+   * 將 code 轉換為路由路徑
+   * @param code 功能代碼 (例如: tenant_departments)
+   * @returns 路由路徑 (例如: /tenant-departments)
+   */
+  codeToRoute(code: string): string {
+    return `/${code.replace(/_/g, '-')}`;
+  },
+
+  /**
+   * 檢查功能是否有特定操作權限
+   * @param moduleFunctions 功能操作列表
+   * @param operation 操作名稱 (View, Create, Read, Update, Delete)
+   * @returns boolean
+   */
+  hasOperation(moduleFunctions: string[], operation: string): boolean {
+    return moduleFunctions.includes(operation);
+  },
+};