新增书籍表、列表/搜索、管理员/馆员维护入口

2026-04-27 19:49:14 +08:00
parent 8777efa21d
commit 763830f767
28 changed files with 2392 additions and 8 deletions
@@ -24,14 +24,14 @@ Implemented scaffold tables:
 - `role_permissions`: role-to-permission mapping.
 - `users`: login accounts for administrator, librarian, and reader roles.
 - `system_logs`: key operation logs, backup events, and exception traces.
+- `book_categories`: category names and descriptions for catalog grouping.
+- `books`: book information, category reference, inventory counts, and catalog
+  status.

 Planned module tables:

- `books`: book information, inventory count/status, category reference.
- `book_categories`: category names and descriptions.
 - `readers`: reader profiles, borrowing eligibility, contact information.
 - `borrow_records`: book-reader borrowing, return, renew, and overdue data.
- `system_logs`: key operation logs, backup events, and exception traces.

 Record new schema changes in `src/main/resources/db/schema.sql` and update this
 spec with exact table names, key columns, and DAO/service contracts.
@@ -76,8 +76,116 @@ spec with exact table names, key columns, and DAO/service contracts.
 - `users.role_code` must reference `roles.code`.
 - `role_permissions.role_code` must reference `roles.code`.
 - `role_permissions.permission_code` must reference `permissions.code`.
- Prefer explicit status columns/enums for inventory and borrowing states, then
-  document the chosen values once code exists.
+- `books.status` must match `BookStatus` enum codes: `available`,
+  `unavailable`, and `archived`.
+
+## Scenario: Book Catalog And Management Slice
+
+### 1. Scope / Trigger
+
+- Trigger: the first concrete business module introduced catalog search and
+  basic book management across MySQL, DAO, service, Servlet, and JSP layers.
+- Schema path: `src/main/resources/db/schema.sql`.
+- JSP paths: `WEB-INF/jsp/books/catalog.jsp`, `books/manage.jsp`, and
+  `books/form.jsp`.
+
+### 2. Signatures
+
+- DAO signatures: `BookDao.findAllCategories()`,
+  `BookDao.search(BookSearchCriteria criteria)`, `findById(long id)`,
+  `findByIdentifier(String identifier)`, `create(Book book)`,
+  `update(Book book)`, and `delete(long id)`.
+- Entity/search signatures: `Book` fields are `id`, `identifier`, `title`,
+  `author`, `categoryId`, `categoryName`, `totalCopies`, `availableCopies`,
+  `status`, `createdAt`, and `updatedAt`; `BookSearchCriteria` fields are
+  `identifier`, `title`, `author`, and nullable `categoryId`.
+- Service signatures: `BookService.listCategories()`,
+  `searchBooks(BookSearchCriteria criteria)`, `findBook(long id)`,
+  `createBook(AuthenticatedUser actor, Book book)`,
+  `updateBook(AuthenticatedUser actor, Book book)`, and
+  `deleteBook(AuthenticatedUser actor, long id)`, all returning
+  `ServiceResult<T>`.
+- Read route: `GET /catalog` with optional `identifier`, `title`, `author`,
+  and `categoryId` query fields.
+- Management routes: `GET /books`, `GET /books/new`, `GET /books/edit?id=...`,
+  `POST /books`, `POST /books/update`, and `POST /books/delete`.
+- Protected permissions: `/catalog` requires `VIEW_CATALOG`; `/books*`
+  requires `MANAGE_BOOKS`.
+- DB signatures:
+  - `book_categories(id, name, description, created_at, updated_at)`, with
+    unique key `uk_book_categories_name(name)`.
+  - `books(id, book_identifier, title, author, category_id, total_copies,
+    available_copies, status, created_at, updated_at)`, with unique key
+    `uk_books_identifier(book_identifier)`, indexes on title, author, category,
+    and status, foreign key `fk_books_category`, and checks for non-negative
+    copy counts and allowed status values.
+
+### 3. Contracts
+
+- `book_categories.name` is unique and displayed through category selectors.
+- `books.book_identifier` is the unique user-facing book ID.
+- `books.category_id` references `book_categories.id`.
+- `books.total_copies` and `books.available_copies` are non-negative, and
+  available copies cannot exceed total copies.
+- `books.status` stores the Java `BookStatus` code exactly.
+- Servlet controllers parse request fields and set JSP attributes such as
+  `criteria`, `categories`, `books`, `book`, `statuses`, `errors`,
+  `errorMessage`, and `successMessage`.
+- `ServiceResult<T>` is the service-to-controller response contract:
+  `successful`, nullable `data`, nullable `message`, and field-level
+  `errors`. Controllers must pass validation errors to JSPs so form/search
+  redisplay can highlight the exact field, for example `errors.categoryId`.
+- JSP pages render JavaBean properties only; they must not call DAOs or embed
+  SQL.
+
+### 4. Validation & Error Matrix
+
+- Missing identifier, title, author, category, copy counts, or status -> return
+  to `books/form.jsp` with field errors.
+- Negative total or available copies -> return a field error.
+- Available copies greater than total copies -> return
+  `Available copies cannot exceed total copies.`
+- Duplicate `book_identifier` -> return a field error on `identifier`.
+- Reader or unauthenticated actor attempts write -> HTTP 403 through
+  authorization filter or service denial.
+- DAO failure during list/search/write -> log server-side details and return
+  `Book service is temporarily unavailable. Please try again later.`
+- Successful create/update/delete -> redirect to `/books` with a short flash
+  message.
+
+### 5. Good/Base/Bad Cases
+
+- Good: a librarian creates `BK-1002`, sees it in `/books`, and readers can
+  find it from `/catalog` without write controls.
+- Base: catalog search with no filters lists available records ordered by
+  title, author, and identifier.
+- Bad: a JSP opens JDBC, builds SQL from request parameters, or renders a stack
+  trace from a failed DAO call.
+
+### 6. Tests Required
+
+- Run `BookServiceCheck` or equivalent assertions for invalid inventory,
+  duplicate identifiers, reader write denial, successful librarian CRUD, search,
+  and DAO failure fallback.
+- Run `PermissionPolicyCheck` to confirm readers lack `MANAGE_BOOKS` and retain
+  `VIEW_CATALOG`.
+- Scan JSPs for scriptlets and SQL/JDBC references.
+- When Maven/Tomcat dependencies are installed, run `mvn clean package` to
+  compile Servlets and package JSP resources.
+
+### 7. Wrong vs Correct
+
+#### Wrong
+
+```text
+books/form.jsp -> JDBC -> INSERT INTO books using request parameters
+```
+
+#### Correct
+
+```text
+books/form.jsp -> BookManagementServlet -> BookService -> BookDao -> books
+```

 ## Scenario: Login And Permission Scaffold Schema

@@ -0,0 +1,13 @@
+{"file": ".trellis/spec/backend/index.md", "reason": "Backend architecture overview and checklist for verification."}
+{"file": ".trellis/spec/backend/directory-structure.md", "reason": "Verify package layout and layer boundaries."}
+{"file": ".trellis/spec/backend/database-guidelines.md", "reason": "Verify schema, DAO, search, permission-code, and test expectations."}
+{"file": ".trellis/spec/backend/error-handling.md", "reason": "Verify validation, DAO/service failure handling, and safe JSP errors."}
+{"file": ".trellis/spec/backend/logging-guidelines.md", "reason": "Verify logging for key operations and failures."}
+{"file": ".trellis/spec/backend/quality-guidelines.md", "reason": "Verify backend quality gate and boundary constraints."}
+{"file": ".trellis/spec/frontend/index.md", "reason": "Frontend architecture overview and checklist for verification."}
+{"file": ".trellis/spec/frontend/directory-structure.md", "reason": "Verify JSP and asset placement."}
+{"file": ".trellis/spec/frontend/component-guidelines.md", "reason": "Verify forms, tables, and navigation follow JSP conventions."}
+{"file": ".trellis/spec/frontend/state-management.md", "reason": "Verify server-rendered request/session/form state usage."}
+{"file": ".trellis/spec/frontend/type-safety.md", "reason": "Verify JSP request attribute and Servlet validation contracts."}
+{"file": ".trellis/spec/frontend/quality-guidelines.md", "reason": "Verify presentation quality for JSP/CSS changes."}
+{"file": ".trellis/tasks/archive/2026-04/00-bootstrap-guidelines/research/project-requirements.md", "reason": "Verify the implementation matches the original book/catalog module requirements."}
@@ -0,0 +1,13 @@
+{"file": ".trellis/spec/backend/index.md", "reason": "Backend architecture overview and checklist for JSP/Servlet/MySQL work."}
+{"file": ".trellis/spec/backend/directory-structure.md", "reason": "Required package layout and layer boundaries for controllers, services, DAOs, entities, filters, and utilities."}
+{"file": ".trellis/spec/backend/database-guidelines.md", "reason": "MySQL schema, DAO CRUD, search, permission-code, and test expectations for book/catalog work."}
+{"file": ".trellis/spec/backend/error-handling.md", "reason": "Servlet validation, service failure handling, DAO exception behavior, and safe user-facing errors."}
+{"file": ".trellis/spec/backend/logging-guidelines.md", "reason": "Logging conventions for key operations and failures."}
+{"file": ".trellis/spec/backend/quality-guidelines.md", "reason": "Backend quality gate and layer-boundary constraints."}
+{"file": ".trellis/spec/frontend/index.md", "reason": "Frontend architecture overview and checklist for JSP/CSS work."}
+{"file": ".trellis/spec/frontend/directory-structure.md", "reason": "JSP, fragment, CSS, JS, and image asset placement conventions."}
+{"file": ".trellis/spec/frontend/component-guidelines.md", "reason": "JSP form, table, navigation, and reusable component conventions for catalog/management pages."}
+{"file": ".trellis/spec/frontend/state-management.md", "reason": "Server-rendered request/session/form state conventions."}
+{"file": ".trellis/spec/frontend/type-safety.md", "reason": "JSP request attribute and Servlet validation contracts."}
+{"file": ".trellis/spec/frontend/quality-guidelines.md", "reason": "Presentation quality checks for JSP/CSS changes."}
+{"file": ".trellis/tasks/archive/2026-04/00-bootstrap-guidelines/research/project-requirements.md", "reason": "Original project requirements for book management, catalog search, entities, and layered architecture."}
@@ -0,0 +1,97 @@
+# brainstorm: 继续完善程序
+
+## Goal
+
+Continue improving the MZH Library Management system by adding the first concrete business slice: book catalog search and basic book management.
+
+## What I already know
+
+* User asked to "继续完善程序" without specifying the target module yet.
+* The project is a Java 11 Maven WAR application using JSP, Servlet, Tomcat, MySQL, and JDBC DAOs.
+* Current scaffold includes login, logout, authentication filter, authorization filter, role-aware dashboard, and placeholder role home pages.
+* Existing roles are administrator, librarian, and reader.
+* Existing permissions include user management, book management, reader management, borrowing management, report viewing, system log viewing, catalog viewing, and book borrowing.
+* `src/main/resources/db/schema.sql` currently defines role, permission, role-permission, user, and system-log tables, but not book/catalog/reader/borrowing domain tables.
+* `src/main/webapp/WEB-INF/jsp/role-home.jsp` is still a generic placeholder page.
+* User selected the book catalog / book management slice.
+* `Permission.MANAGE_BOOKS` already exists for administrator and librarian users.
+* `Permission.VIEW_CATALOG` already exists for administrator, librarian, and reader users.
+
+## Assumptions (temporary)
+
+* The implementation should keep the existing layered structure: JSP/CSS presentation -> Servlet controller -> Service -> DAO -> MySQL.
+* The work should remain focused enough to finish in one task with build/test verification.
+* Book management should be available to administrators and librarians; readers should have read-only catalog search.
+
+## Open Questions
+
+* None currently blocking. Default scope is catalog list/search plus create/update/delete management for books and categories only as needed to support book records.
+
+## Requirements (evolving)
+
+* Preserve the existing login, role, permission, and dashboard behavior.
+* Add book catalog search using the existing Java/JSP/Servlet/JDBC style.
+* Add a `books` table and a category representation in `src/main/resources/db/schema.sql`.
+* Support searching/listing books by title, author, category, and book identifier.
+* Provide administrator/librarian book-management actions for creating, editing, and deleting book records.
+* Keep reader-facing catalog access read-only.
+* Link the catalog and management pages from the existing dashboard or role workspace.
+* Protect write actions with `MANAGE_BOOKS`; allow read-only catalog access with `VIEW_CATALOG`.
+* Track inventory fields needed for later borrowing work, such as total copies, available copies, and status.
+* Seed enough demo book/category data for local scaffold verification.
+* Add or update focused checks/tests for business rules that can be verified without a running Tomcat instance.
+* Update user-facing JSP pages and CSS only as needed for the selected workflow.
+
+## Acceptance Criteria (evolving)
+
+* [x] Authenticated users with `VIEW_CATALOG` can reach a catalog page and search by title, author, category, or book identifier.
+* [x] Administrators and librarians can reach book management pages and create, edit, and delete book records.
+* [x] Readers cannot reach write actions for book management.
+* [x] Required form/query validation returns clear user-facing errors.
+* [x] Book inventory fields reject invalid values such as negative copy counts or available copies greater than total copies.
+* [x] DAO/service failures are handled without exposing internal exceptions to JSPs.
+* [x] Maven build or equivalent compile/test checks pass in the local environment.
+
+## Definition of Done (team quality bar)
+
+* Tests added/updated where appropriate.
+* Lint / typecheck / compile checks green where available.
+* Docs/notes updated if behavior changes.
+* Rollout/rollback considered if risky.
+
+## Out of Scope (explicit)
+
+* Replacing JSP/Servlet with another framework.
+* Production deployment automation.
+* Large visual redesign unrelated to the selected workflow.
+* Borrowing, returning, renewing, overdue handling, and reader profile management.
+* Full report/statistics dashboards beyond catalog search.
+
+## Technical Notes
+
+* Current task directory: `.trellis/tasks/04-27-continue-improve-program`.
+* Main app entry points inspected:
+  * `README.md`
+  * `pom.xml`
+  * `src/main/webapp/WEB-INF/web.xml`
+  * `src/main/resources/db/schema.sql`
+  * `src/main/webapp/WEB-INF/jsp/dashboard.jsp`
+  * `src/main/webapp/WEB-INF/jsp/role-home.jsp`
+  * `src/main/java/com/mzh/library/controller/RoleAreaServlet.java`
+  * `src/main/java/com/mzh/library/filter/AuthorizationFilter.java`
+* Existing checks inspected:
+  * `src/test/java/com/mzh/library/service/AuthServiceCheck.java`
+  * `src/test/java/com/mzh/library/service/PermissionPolicyCheck.java`
+* Book-module implementation should reuse:
+  * `Permission.MANAGE_BOOKS`
+  * `Permission.VIEW_CATALOG`
+  * Existing controller construction style from `LoginServlet` and `RoleAreaServlet`
+  * Existing DAO error style from `JdbcUserDao`
+  * Existing service error style from `AuthServiceImpl`
+  * Existing role policy in `PermissionPolicy`
+* Final verification notes:
+  * `mvn` is not installed in this shell, so WAR packaging could not be run locally.
+  * Fallback `javac -Xlint:all` compile passed for non-Servlet app layers and check classes.
+  * `AuthServiceCheck`, `PermissionPolicyCheck`, and `BookServiceCheck` passed.
+  * `git diff --check` passed.
+  * JSP scriptlet and JSP/static SQL/JDBC scans passed.
@@ -0,0 +1,26 @@
+{
+  "id": "continue-improve-program",
+  "name": "continue-improve-program",
+  "title": "brainstorm: 继续完善程序",
+  "description": "",
+  "status": "in_progress",
+  "dev_type": null,
+  "scope": null,
+  "package": null,
+  "priority": "P2",
+  "creator": "Zzzz",
+  "assignee": "Zzzz",
+  "createdAt": "2026-04-27",
+  "completedAt": null,
+  "branch": null,
+  "base_branch": "master",
+  "worktree_path": null,
+  "commit": null,
+  "pr_url": null,
+  "subtasks": [],
+  "children": [],
+  "parent": null,
+  "relatedFiles": [],
+  "notes": "",
+  "meta": {}
+}