# 权限列表

本文档列出DocAuditAI系统中所有权限及其对应的操作。

## 权限键格式

权限键格式：`{module}:{resource}:{action}`

- **module**: 模块名称（如document, system, evaluation）
- **resource**: 资源名称（如document, user, role）
- **action**: 操作类型（view, create, update, delete等）

## 文档管理模块 (document)

| 权限键 | 说明 | 对应操作 |
|--------|------|---------|
| document:document:view | 查看文档 | GET /postgrest/documents |
| document:document:create | 创建文档 | POST /postgrest/documents |
| document:document:update | 更新文档 | PATCH /postgrest/documents |
| document:document:delete | 删除文档 | DELETE /postgrest/documents |
| document:type:view | 查看文档类型 | GET /postgrest/document_types |
| document:type:create | 创建文档类型 | POST /postgrest/document_types |
| document:type:update | 更新文档类型 | PATCH /postgrest/document_types |
| document:type:delete | 删除文档类型 | DELETE /postgrest/document_types |
| document:metadata:view | 查看文档元数据 | GET /postgrest/document_metadata |
| document:metadata:create | 创建文档元数据 | POST /postgrest/document_metadata |
| document:metadata:update | 更新文档元数据 | PATCH /postgrest/document_metadata |
| document:metadata:delete | 删除文档元数据 | DELETE /postgrest/document_metadata |

## 评查管理模块 (evaluation)

| 权限键 | 说明 | 对应操作 |
|--------|------|---------|
| evaluation:result:view | 查看评查结果 | GET /postgrest/evaluation_results |
| evaluation:result:create | 创建评查结果 | POST /postgrest/evaluation_results |
| evaluation:result:update | 更新评查结果 | PATCH /postgrest/evaluation_results |
| evaluation:result:delete | 删除评查结果 | DELETE /postgrest/evaluation_results |
| evaluation:point:view | 查看评查点 | GET /postgrest/evaluation_points |
| evaluation:point:create | 创建评查点 | POST /postgrest/evaluation_points |
| evaluation:point:update | 更新评查点 | PATCH /postgrest/evaluation_points |
| evaluation:point:delete | 删除评查点 | DELETE /postgrest/evaluation_points |
| evaluation:category:view | 查看评查点分类 | GET /postgrest/evaluation_point_categories |
| evaluation:category:create | 创建评查点分类 | POST /postgrest/evaluation_point_categories |
| evaluation:category:update | 更新评查点分类 | PATCH /postgrest/evaluation_point_categories |
| evaluation:category:delete | 删除评查点分类 | DELETE /postgrest/evaluation_point_categories |
| evaluation:rule:view | 查看评查规则 | GET /postgrest/evaluation_rules |
| evaluation:rule:create | 创建评查规则 | POST /postgrest/evaluation_rules |
| evaluation:rule:update | 更新评查规则 | PATCH /postgrest/evaluation_rules |
| evaluation:rule:delete | 删除评查规则 | DELETE /postgrest/evaluation_rules |

## 交叉评查模块 (crossreview)

| 权限键 | 说明 | 对应操作 |
|--------|------|---------|
| crossreview:task:view | 查看交叉评查任务 | GET /postgrest/cross_examination_tasks |
| crossreview:task:create | 创建交叉评查任务 | POST /postgrest/cross_examination_tasks |
| crossreview:task:update | 更新交叉评查任务 | PATCH /postgrest/cross_examination_tasks |
| crossreview:task:delete | 删除交叉评查任务 | DELETE /postgrest/cross_examination_tasks |
| crossreview:mapping:view | 查看任务文档映射 | GET /postgrest/cross_task_document_mapping |
| crossreview:mapping:create | 创建任务文档映射 | POST /postgrest/cross_task_document_mapping |
| crossreview:mapping:update | 更新任务文档映射 | PATCH /postgrest/cross_task_document_mapping |
| crossreview:mapping:delete | 删除任务文档映射 | DELETE /postgrest/cross_task_document_mapping |
| crossreview:proposal:view | 查看评分提案 | GET /postgrest/cross_scoring_proposals |
| crossreview:proposal:create | 创建评分提案 | POST /postgrest/cross_scoring_proposals |
| crossreview:proposal:update | 更新评分提案 | PATCH /postgrest/cross_scoring_proposals |
| crossreview:proposal:delete | 删除评分提案 | DELETE /postgrest/cross_scoring_proposals |
| crossreview:vote:view | 查看提案投票 | GET /postgrest/cross_proposal_votes |
| crossreview:vote:create | 创建提案投票 | POST /postgrest/cross_proposal_votes |
| crossreview:vote:update | 更新提案投票 | PATCH /postgrest/cross_proposal_votes |
| crossreview:vote:delete | 删除提案投票 | DELETE /postgrest/cross_proposal_votes |

## 系统管理模块 (system)

| 权限键 | 说明 | 对应操作 |
|--------|------|---------|
| system:user:view | 查看用户 | GET /postgrest/sso_users |
| system:user:create | 创建用户 | POST /postgrest/sso_users |
| system:user:update | 更新用户 | PATCH /postgrest/sso_users |
| system:user:delete | 删除用户 | DELETE /postgrest/sso_users |
| system:role:view | 查看角色 | GET /postgrest/roles |
| system:role:create | 创建角色 | POST /postgrest/roles |
| system:role:update | 更新角色 | PATCH /postgrest/roles |
| system:role:delete | 删除角色 | DELETE /postgrest/roles |
| system:route:view | 查看系统路由 | GET /postgrest/sys_routes |
| system:route:create | 创建系统路由 | POST /postgrest/sys_routes |
| system:route:update | 更新系统路由 | PATCH /postgrest/sys_routes |
| system:route:delete | 删除系统路由 | DELETE /postgrest/sys_routes |
| system:user_role:view | 查看用户-角色关联 | GET /postgrest/user_role |
| system:user_role:create | 创建用户-角色关联 | POST /postgrest/user_role |
| system:user_role:update | 更新用户-角色关联 | PATCH /postgrest/user_role |
| system:user_role:delete | 删除用户-角色关联 | DELETE /postgrest/user_role |
| system:role_route:view | 查看角色-路由关联 | GET /postgrest/role_route |
| system:role_route:create | 创建角色-路由关联 | POST /postgrest/role_route |
| system:role_route:update | 更新角色-路由关联 | PATCH /postgrest/role_route |
| system:role_route:delete | 删除角色-路由关联 | DELETE /postgrest/role_route |
| system:permission:view | 查看权限定义 | GET /postgrest/permissions |
| system:permission:create | 创建权限定义 | POST /postgrest/permissions |
| system:permission:update | 更新权限定义 | PATCH /postgrest/permissions |
| system:permission:delete | 删除权限定义 | DELETE /postgrest/permissions |
| system:role_permission:view | 查看角色-权限关联 | GET /postgrest/role_permissions |
| system:role_permission:create | 创建角色-权限关联 | POST /postgrest/role_permissions |
| system:role_permission:update | 更新角色-权限关联 | PATCH /postgrest/role_permissions |
| system:role_permission:delete | 删除角色-权限关联 | DELETE /postgrest/role_permissions |
| system:user_permission:view | 查看用户-权限关联 | GET /postgrest/user_permissions |
| system:user_permission:create | 创建用户-权限关联 | POST /postgrest/user_permissions |
| system:user_permission:update | 更新用户-权限关联 | PATCH /postgrest/user_permissions |
| system:user_permission:delete | 删除用户-权限关联 | DELETE /postgrest/user_permissions |
| system:data_rule:view | 查看数据权限规则 | GET /postgrest/data_permission_rules |
| system:data_rule:create | 创建数据权限规则 | POST /postgrest/data_permission_rules |
| system:data_rule:update | 更新数据权限规则 | PATCH /postgrest/data_permission_rules |
| system:data_rule:delete | 删除数据权限规则 | DELETE /postgrest/data_permission_rules |
| system:audit_log:view | 查看审计日志 | GET /postgrest/permission_audit_logs |
| system:audit_log:create | 创建审计日志 | POST /postgrest/permission_audit_logs |
| system:audit_log:update | 更新审计日志 | PATCH /postgrest/permission_audit_logs |
| system:audit_log:delete | 删除审计日志 | DELETE /postgrest/permission_audit_logs |
| system:jwt_token:view | 查看JWT Token | GET /postgrest/jwt_tokens |
| system:jwt_token:create | 创建JWT Token | POST /postgrest/jwt_tokens |
| system:jwt_token:update | 更新JWT Token | PATCH /postgrest/jwt_tokens |
| system:jwt_token:delete | 删除JWT Token | DELETE /postgrest/jwt_tokens |

## 报表统计模块 (report)

| 权限键 | 说明 | 对应操作 |
|--------|------|---------|
| report:summary:view | 查看统计汇总 | GET /postgrest/statistics_summary |
| report:summary:create | 创建统计汇总 | POST /postgrest/statistics_summary |
| report:summary:update | 更新统计汇总 | PATCH /postgrest/statistics_summary |
| report:summary:delete | 删除统计汇总 | DELETE /postgrest/statistics_summary |

## 预定义角色及其权限

### 1. 系统管理员
拥有所有权限（71个权限）

### 2. 文档管理员
- document:document:view
- document:document:create
- document:document:update
- document:document:delete
- document:type:view
- document:type:create
- document:type:update
- document:type:delete
- document:metadata:view
- document:metadata:create
- document:metadata:update
- document:metadata:delete

### 3. 文档审查员
- document:document:view
- document:document:update
- evaluation:result:view
- evaluation:result:create
- evaluation:result:update
- evaluation:point:view

### 4. 交叉评查管理员
- crossreview:task:view
- crossreview:task:create
- crossreview:task:update
- crossreview:task:delete
- crossreview:mapping:view
- crossreview:mapping:create
- crossreview:mapping:update
- crossreview:mapping:delete
- crossreview:proposal:view
- crossreview:proposal:create
- crossreview:proposal:update
- crossreview:vote:view
- crossreview:vote:create
- crossreview:vote:update

### 5. 交叉评查参与者
- crossreview:task:view
- crossreview:mapping:view
- crossreview:proposal:view
- crossreview:proposal:create
- crossreview:vote:view
- crossreview:vote:create

### 6. 评价点管理员
- evaluation:point:view
- evaluation:point:create
- evaluation:point:update
- evaluation:point:delete
- evaluation:category:view
- evaluation:category:create
- evaluation:category:update
- evaluation:category:delete
- evaluation:rule:view
- evaluation:rule:create
- evaluation:rule:update
- evaluation:rule:delete

### 7. 报表查看员
- report:summary:view
- document:document:view
- evaluation:result:view

### 8. 普通用户
- document:document:view
- document:type:view
- evaluation:point:view
- evaluation:category:view

### 9. 审计员
- system:audit_log:view
- document:document:view
- evaluation:result:view
- crossreview:task:view

## 前端权限控制示例

### 示例1：按钮权限控制

```vue
<template>
  <!-- 只有拥有document:document:delete权限的用户才能看到删除按钮 -->
  <button v-permission="'document:document:delete'" @click="deleteDoc">
    删除文档
  </button>

  <!-- 只有系统管理员才能看到 -->
  <button v-role="'系统管理员'" @click="showAdminPanel">
    管理面板
  </button>
</template>
```

### 示例2：菜单权限控制

```javascript
// 菜单配置（根据权限动态生成）
const menuConfig = [
  {
    name: '文档管理',
    permission: 'document:document:view',
    children: [
      { name: '文档列表', permission: 'document:document:view', path: '/documents' },
      { name: '新建文档', permission: 'document:document:create', path: '/documents/new' }
    ]
  },
  {
    name: '评查管理',
    permission: 'evaluation:point:view',
    children: [
      { name: '评查点配置', permission: 'evaluation:point:view', path: '/evaluation/points' },
      { name: '评查结果', permission: 'evaluation:result:view', path: '/evaluation/results' }
    ]
  },
  {
    name: '系统管理',
    role: '系统管理员',  // 只有系统管理员才能看到
    children: [
      { name: '用户管理', permission: 'system:user:view', path: '/system/users' },
      { name: '角色管理', permission: 'system:role:view', path: '/system/roles' }
    ]
  }
];

// 过滤菜单（根据用户权限）
function filterMenuByPermission(menu, userPermissions, userRoles) {
  return menu.filter(item => {
    // 检查角色
    if (item.role && !userRoles.includes(item.role)) {
      return false;
    }

    // 检查权限
    if (item.permission && !userPermissions.includes(item.permission)) {
      return false;
    }

    // 递归过滤子菜单
    if (item.children) {
      item.children = filterMenuByPermission(item.children, userPermissions, userRoles);
    }

    return true;
  });
}
```

### 示例3：路由守卫

```javascript
// router.js
import { createRouter, createWebHistory } from 'vue-router';

const router = createRouter({
  history: createWebHistory(),
  routes: [
    {
      path: '/documents',
      component: DocumentList,
      meta: { permission: 'document:document:view' }
    },
    {
      path: '/system/users',
      component: UserManagement,
      meta: { role: '系统管理员' }
    }
  ]
});

// 全局路由守卫
router.beforeEach((to, from, next) => {
  const userInfo = JSON.parse(localStorage.getItem('user_info') || '{}');

  // 检查角色
  if (to.meta.role && !userInfo.roles?.includes(to.meta.role)) {
    alert('无权访问此页面');
    next('/');
    return;
  }

  // 检查权限（简化版，实际应维护权限列表）
  if (to.meta.permission) {
    // TODO: 检查用户是否有该权限
  }

  next();
});
```

## 注意事项

1. **权限检查由后端强制执行**
   即使前端绕过权限控制，后端也会拒绝无权请求。

2. **前端权限控制是为了提升用户体验**
   隐藏用户无权操作的按钮和菜单，避免用户点击后被拒绝。

3. **定期同步权限列表**
   登录时从后端获取用户的完整权限列表，存储到前端状态管理中。

4. **角色权限继承**
   用户通过角色继承权限，也可以直接分配权限（优先级高于角色）。