Porsche Chen
360533393f
Major Features: - ✅ Multi-tenant architecture (tenant isolation) - ✅ Employee CRUD with lifecycle management (onboarding/offboarding) - ✅ Department tree structure with email domain management - ✅ Company info management (single-record editing) - ✅ System functions CRUD (permission management) - ✅ Email account management (multi-account per employee) - ✅ Keycloak SSO integration (auth.lab.taipei) - ✅ Redis session storage (10.1.0.254:6379) - Solves Cookie 4KB limitation - Cross-system session sharing - Sliding expiration (8 hours) - Automatic token refresh Technical Stack: Backend: - FastAPI + SQLAlchemy - PostgreSQL 16 (10.1.0.20:5433) - Keycloak Admin API integration - Docker Mailserver integration (SSH) - Alembic migrations Frontend: - Next.js 14 (App Router) - NextAuth 4 with Keycloak Provider - Redis session storage (ioredis) - Tailwind CSS Infrastructure: - Redis 7 (10.1.0.254:6379) - Session + Cache - Keycloak 26.1.0 (auth.lab.taipei) - Docker Mailserver (10.1.0.254) Architecture Highlights: - Session管理由 Keycloak + Redis 統一控制 - 支援多系統 (HR/WebMail/Calendar/Drive/Office) 共享 session - Token 自動刷新,異質服務整合 - 未來可無縫遷移到雲端 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
84 lines
1.9 KiB
TypeScript
84 lines
1.9 KiB
TypeScript
/**
|
|
* 系統權限服務
|
|
* 處理所有與系統權限相關的 API 請求
|
|
*/
|
|
import { apiClient } from '@/lib/api-client'
|
|
import type {
|
|
Permission,
|
|
CreatePermissionInput,
|
|
UpdatePermissionInput,
|
|
PermissionBatchCreateInput,
|
|
SystemInfo,
|
|
PaginatedResponse,
|
|
SystemName,
|
|
AccessLevel,
|
|
} from '@/types'
|
|
|
|
export interface PermissionListParams {
|
|
page?: number
|
|
page_size?: number
|
|
employee_id?: number
|
|
system_name?: SystemName
|
|
access_level?: AccessLevel
|
|
}
|
|
|
|
export const permissionsService = {
|
|
/**
|
|
* 獲取權限列表
|
|
*/
|
|
async list(params?: PermissionListParams): Promise<PaginatedResponse<Permission>> {
|
|
return apiClient.get<PaginatedResponse<Permission>>('/permissions', {
|
|
params,
|
|
})
|
|
},
|
|
|
|
/**
|
|
* 獲取權限詳情
|
|
*/
|
|
async get(id: number): Promise<Permission> {
|
|
return apiClient.get<Permission>(`/permissions/${id}`)
|
|
},
|
|
|
|
/**
|
|
* 創建權限
|
|
*/
|
|
async create(data: CreatePermissionInput): Promise<Permission> {
|
|
return apiClient.post<Permission>('/permissions', data)
|
|
},
|
|
|
|
/**
|
|
* 更新權限
|
|
*/
|
|
async update(id: number, data: UpdatePermissionInput): Promise<Permission> {
|
|
return apiClient.put<Permission>(`/permissions/${id}`, data)
|
|
},
|
|
|
|
/**
|
|
* 刪除權限
|
|
*/
|
|
async delete(id: number): Promise<{ message: string }> {
|
|
return apiClient.delete<{ message: string }>(`/permissions/${id}`)
|
|
},
|
|
|
|
/**
|
|
* 獲取員工的所有系統權限
|
|
*/
|
|
async getByEmployee(employeeId: number): Promise<Permission[]> {
|
|
return apiClient.get<Permission[]>(`/permissions/employees/${employeeId}/permissions`)
|
|
},
|
|
|
|
/**
|
|
* 批量創建權限
|
|
*/
|
|
async batchCreate(data: PermissionBatchCreateInput): Promise<Permission[]> {
|
|
return apiClient.post<Permission[]>('/permissions/batch', data)
|
|
},
|
|
|
|
/**
|
|
* 獲取可授權的系統列表
|
|
*/
|
|
async getSystems(): Promise<SystemInfo> {
|
|
return apiClient.get<SystemInfo>('/permissions/systems')
|
|
},
|
|
}
|