feat(auth): add role/permission management (backend + frontend)

- RoleService: CRUD, assign_permissions, get_role_permissions - PermissionService: list all tenant permissions - Role handlers: 8 endpoints with RBAC permission checks - Frontend Roles page: table, create/edit modal, permission assignment - Frontend Roles API: full CRUD + permission operations - Routes registered in AuthModule protected_routes
2026-04-11 03:46:54 +08:00
parent 4a03a639a6
commit 6fd0288e7c
9 changed files with 946 additions and 2 deletions
--- a/crates/erp-auth/src/module.rs
+++ b/crates/erp-auth/src/module.rs
@@ -5,7 +5,7 @@ use erp_core::error::AppResult;
 use erp_core::events::EventBus;
 use erp_core::module::ErpModule;

-use crate::handler::{auth_handler, user_handler};
+use crate::handler::{auth_handler, role_handler, user_handler};

 /// Auth module implementing the `ErpModule` trait.
 ///
@@ -53,6 +53,25 @@ impl AuthModule {
                    .put(user_handler::update_user)
                    .delete(user_handler::delete_user),
            )
+            .route(
+                "/roles",
+                axum::routing::get(role_handler::list_roles).post(role_handler::create_role),
+            )
+            .route(
+                "/roles/{id}",
+                axum::routing::get(role_handler::get_role)
+                    .put(role_handler::update_role)
+                    .delete(role_handler::delete_role),
+            )
+            .route(
+                "/roles/{id}/permissions",
+                axum::routing::get(role_handler::get_role_permissions)
+                    .post(role_handler::assign_permissions),
+            )
+            .route(
+                "/permissions",
+                axum::routing::get(role_handler::list_permissions),
+            )
    }
 }