维护入口

2026-04-27 23:38:19 +08:00
parent 4155d5b1ea
commit 63738f108a
21 changed files with 1009 additions and 8 deletions
@@ -190,6 +190,95 @@ books/form.jsp -> JDBC -> INSERT INTO books using request parameters
 books/form.jsp -> BookManagementServlet -> BookService -> BookDao -> books
 ```

+## Scenario: Book Category Maintenance Slice
+
+### 1. Scope / Trigger
+
+- Trigger: category maintenance completes the book-management core requirement
+  by adding staff-managed CRUD for `book_categories`, while existing book forms
+  and catalog searches continue to consume the same category source.
+- Schema path: `src/main/resources/db/schema.sql`.
+- JSP paths: `WEB-INF/jsp/books/categories.jsp` and
+  `WEB-INF/jsp/books/category-form.jsp`.
+
+### 2. Signatures
+
+- DAO signatures: `BookDao.findAllCategories()`, `findCategoryById(long id)`,
+  `findCategoryByName(String name)`, `createCategory(BookCategory category)`,
+  `updateCategory(BookCategory category)`, `deleteCategory(long id)`, and
+  `countBooksByCategoryId(long categoryId)`.
+- Entity signature: `BookCategory(id, name, description)`.
+- Service signatures: `BookService.listCategories()`,
+  `findCategory(long id)`, `createCategory(AuthenticatedUser actor,
+  BookCategory category)`, `updateCategory(AuthenticatedUser actor,
+  BookCategory category)`, and `deleteCategory(AuthenticatedUser actor,
+  long id)`, all returning `ServiceResult<T>`.
+- Routes: `GET /book-categories`, `GET /book-categories/new`,
+  `GET /book-categories/edit?id=...`, `POST /book-categories`,
+  `POST /book-categories/update`, and `POST /book-categories/delete`.
+- Protected permission: `/book-categories*` requires `MANAGE_BOOKS`.
+
+### 3. Contracts
+
+- `book_categories.name` is unique and is the display value used in book forms,
+  catalog filters, and management filters.
+- `book_categories.description` is optional and limited to the database column
+  size.
+- Book category deletes must check `books.category_id` usage before deletion
+  and return a safe validation result when the category is in use.
+- Servlet controllers set JSP attributes such as `categories`, `category`,
+  `formTitle`, `formAction`, `formValues`, `errors`, `errorMessage`, and
+  `successMessage`.
+- JSP pages render JavaBean properties only; they must not call DAOs or embed
+  SQL.
+
+### 4. Validation & Error Matrix
+
+- Missing category name -> field error on `name`.
+- Category name longer than 96 characters -> field error on `name`.
+- Description longer than 255 characters -> field error on `description`.
+- Duplicate category name -> field error on `name`.
+- Missing or non-positive category id for edit/delete -> `Select a valid
+  category.`
+- Delete category used by any `books` row -> `Category is used by existing
+  books and cannot be deleted.`
+- Reader or unauthenticated actor attempts mutation -> permission denial through
+  filter/service.
+- DAO failure during list/search/write -> log server-side details and return
+  `Book service is temporarily unavailable. Please try again later.`
+
+### 5. Good/Base/Bad Cases
+
+- Good: a librarian creates `Architecture`, selects it on a book form, and sees
+  it in catalog filters.
+- Base: `/book-categories` lists seed categories ordered by name.
+- Bad: deleting a category with existing books surfaces a MySQL foreign-key
+  stack trace or lets JSP code perform the delete.
+
+### 6. Tests Required
+
+- Run `BookServiceCheck` assertions for reader category-write denial, duplicate
+  category names, successful create/update/delete, and used-category delete
+  rejection.
+- Run `PermissionPolicyCheck` to confirm `MANAGE_BOOKS` remains staff-only.
+- Scan category JSPs for scriptlets and SQL/JDBC references.
+- When Maven/Tomcat dependencies are installed, run `mvn clean package` to
+  compile Servlets and package JSP resources.
+
+### 7. Wrong vs Correct
+
+#### Wrong
+
+```text
+categories.jsp -> JDBC -> DELETE FROM book_categories WHERE id = request.id
+```
+
+#### Correct
+
+```text
+categories.jsp -> BookManagementServlet -> BookService -> BookDao -> book_categories
+```
+
 ## Scenario: Reader Information Management Slice

 ### 1. Scope / Trigger
@@ -0,0 +1,7 @@
+{"file": ".trellis/spec/backend/index.md", "reason": "Verify category maintenance against backend core module expectations."}
+{"file": ".trellis/spec/backend/database-guidelines.md", "reason": "Verify category DAO/service contracts and book-category integrity behavior."}
+{"file": ".trellis/spec/backend/error-handling.md", "reason": "Verify validation and safe fallback messages."}
+{"file": ".trellis/spec/backend/quality-guidelines.md", "reason": "Verify layer boundaries and test expectations."}
+{"file": ".trellis/spec/frontend/index.md", "reason": "Verify JSP/CSS work stays in the approved frontend stack."}
+{"file": ".trellis/spec/frontend/component-guidelines.md", "reason": "Verify page composition uses existing forms/tables/navigation patterns."}
+{"file": ".trellis/spec/frontend/quality-guidelines.md", "reason": "Verify JSP safety, empty states, errors, and permission-specific navigation."}
@@ -0,0 +1,8 @@
+{"file": ".trellis/spec/backend/index.md", "reason": "Category maintenance must follow backend layer and core module expectations."}
+{"file": ".trellis/spec/backend/database-guidelines.md", "reason": "Defines book/category data contracts, DAO responsibilities, validation, and DB integrity rules."}
+{"file": ".trellis/spec/backend/error-handling.md", "reason": "Guides safe service errors, field validation, and controller behavior."}
+{"file": ".trellis/spec/backend/logging-guidelines.md", "reason": "Category maintenance is a key book operation and should preserve logging expectations."}
+{"file": ".trellis/spec/backend/quality-guidelines.md", "reason": "Implementation must preserve Servlet-Service-DAO separation and validation checks."}
+{"file": ".trellis/spec/frontend/index.md", "reason": "JSP/CSS changes must remain within the server-rendered frontend conventions."}
+{"file": ".trellis/spec/frontend/component-guidelines.md", "reason": "Category pages should reuse existing form, table, empty-state, and navigation patterns."}
+{"file": ".trellis/spec/frontend/quality-guidelines.md", "reason": "Check JSP safety, forms, tables, permissions, and accessibility basics."}
@@ -0,0 +1,93 @@
+# Core Function Gap Check
+
+## Goal
+
+Check the current MZH Library Management implementation against the documented
+core modules and complete the highest-confidence missing core feature slice
+without broad redesign.
+
+## What I Already Know
+
+* The user asked to check whether core functionality is still missing and to
+  complete it.
+* The app is a Java 11 Maven WAR using JSP + Servlet + MySQL and JDBC DAOs.
+* Existing implemented slices cover login/permissions, dashboard navigation,
+  book catalog/search, book CRUD, reader management, borrowing circulation,
+  reader loan history, reports, administrator user management, and system-log
+  viewing.
+* Existing lightweight checks pass with `javac -Xlint:all` for non-Servlet
+  layers and all service check mains. Maven is unavailable in this environment.
+* The clearest missing core requirement is book category maintenance. The
+  schema and selectors already have `book_categories`, but there is no route,
+  controller, JSP, DAO/service mutation API, or test coverage for maintaining
+  categories.
+
+## Requirements
+
+* Preserve the existing JSP -> Servlet -> Service -> DAO -> MySQL layering.
+* Keep category maintenance under the existing `MANAGE_BOOKS` permission.
+* Add a staff-only category management flow for listing, creating, editing, and
+  deleting book categories.
+* Validate required category name, name length, description length, duplicate
+  names, and invalid IDs with field-level service errors.
+* Prevent deleting categories that still have book records, returning a safe
+  validation message instead of surfacing a database constraint failure.
+* Reuse the existing book management visual patterns, flash messages, and
+  table/form conventions.
+* Link category maintenance from the book management surface and staff
+  navigation where appropriate.
+* Update focused service checks and fallback validation commands.
+
+## Acceptance Criteria
+
+* [x] A user with `MANAGE_BOOKS` can open a category management page.
+* [x] Staff can create and update category names/descriptions.
+* [x] Duplicate category names are rejected with a field error.
+* [x] Categories used by books cannot be deleted.
+* [x] Readers or unauthenticated users cannot mutate categories.
+* [x] Book forms/search continue to load categories from the shared DAO/service
+  path.
+* [x] JSPs do not contain SQL/JDBC/scriptlet logic.
+* [x] Existing lightweight checks pass; Maven limitation is documented if still
+  unavailable.
+
+## Definition of Done
+
+* Tests/checks updated where practical.
+* Lint/type-check/compile equivalent checks pass in this environment.
+* Docs/notes updated if behavior changes.
+* No broad framework or visual redesign.
+
+## Out of Scope
+
+* Role/permission editor UI.
+* Full database dump/restore execution from the web app.
+* Audit logging expansion for every non-user operation.
+* Automatic reader-account/profile linking changes.
+
+## Technical Notes
+
+* Relevant specs:
+  `.trellis/spec/backend/index.md`,
+  `.trellis/spec/backend/database-guidelines.md`,
+  `.trellis/spec/backend/error-handling.md`,
+  `.trellis/spec/backend/logging-guidelines.md`,
+  `.trellis/spec/backend/quality-guidelines.md`,
+  `.trellis/spec/frontend/index.md`,
+  `.trellis/spec/frontend/component-guidelines.md`,
+  `.trellis/spec/frontend/quality-guidelines.md`.
+* Current files most likely affected:
+  `BookDao`, `JdbcBookDao`, `BookService`, `BookServiceImpl`,
+  `BookManagementServlet`, `web.xml`, book JSPs, shared CSS, and
+  `BookServiceCheck`.
+* Initial verification before implementation:
+  `javac -Xlint:all` over non-Servlet app layers and tests passed; all eight
+  service check mains passed. `mvn` is not installed.
+* Final verification after implementation:
+  `javac -Xlint:all` over non-Servlet app layers and tests passed;
+  `PermissionPolicyCheck`, `AuthServiceCheck`, `BookServiceCheck`,
+  `ReaderServiceCheck`, `BorrowingServiceCheck`, `ReportServiceCheck`,
+  `UserAccountServiceCheck`, and `SystemLogServiceCheck` passed;
+  JSP/static scriptlet and SQL/JDBC scan returned no matches;
+  `git diff --check` passed; `mvn clean package` remains blocked because `mvn`
+  is not installed.
@@ -0,0 +1,26 @@
+{
+  "id": "core-function-gap-check",
+  "name": "core-function-gap-check",
+  "title": "检查并补全核心功能",
+  "description": "",
+  "status": "in_progress",
+  "dev_type": null,
+  "scope": null,
+  "package": null,
+  "priority": "P2",
+  "creator": "Zzzz",
+  "assignee": "Zzzz",
+  "createdAt": "2026-04-27",
+  "completedAt": null,
+  "branch": null,
+  "base_branch": "master",
+  "worktree_path": null,
+  "commit": null,
+  "pr_url": null,
+  "subtasks": [],
+  "children": [],
+  "parent": null,
+  "relatedFiles": [],
+  "notes": "",
+  "meta": {}
+}