新增书籍表、列表/搜索、管理员/馆员维护入口

.trellis/tasks/04-27-continue-improve-program/prd.md

@@ -0,0 +1,97 @@
+# brainstorm: 继续完善程序
+
+## Goal
+
+Continue improving the MZH Library Management system by adding the first concrete business slice: book catalog search and basic book management.
+
+## What I already know
+
+* User asked to "继续完善程序" without specifying the target module yet.
+* The project is a Java 11 Maven WAR application using JSP, Servlet, Tomcat, MySQL, and JDBC DAOs.
+* Current scaffold includes login, logout, authentication filter, authorization filter, role-aware dashboard, and placeholder role home pages.
+* Existing roles are administrator, librarian, and reader.
+* Existing permissions include user management, book management, reader management, borrowing management, report viewing, system log viewing, catalog viewing, and book borrowing.
+* `src/main/resources/db/schema.sql` currently defines role, permission, role-permission, user, and system-log tables, but not book/catalog/reader/borrowing domain tables.
+* `src/main/webapp/WEB-INF/jsp/role-home.jsp` is still a generic placeholder page.
+* User selected the book catalog / book management slice.
+* `Permission.MANAGE_BOOKS` already exists for administrator and librarian users.
+* `Permission.VIEW_CATALOG` already exists for administrator, librarian, and reader users.
+
+## Assumptions (temporary)
+
+* The implementation should keep the existing layered structure: JSP/CSS presentation -> Servlet controller -> Service -> DAO -> MySQL.
+* The work should remain focused enough to finish in one task with build/test verification.
+* Book management should be available to administrators and librarians; readers should have read-only catalog search.
+
+## Open Questions
+
+* None currently blocking. Default scope is catalog list/search plus create/update/delete management for books and categories only as needed to support book records.
+
+## Requirements (evolving)
+
+* Preserve the existing login, role, permission, and dashboard behavior.
+* Add book catalog search using the existing Java/JSP/Servlet/JDBC style.
+* Add a `books` table and a category representation in `src/main/resources/db/schema.sql`.
+* Support searching/listing books by title, author, category, and book identifier.
+* Provide administrator/librarian book-management actions for creating, editing, and deleting book records.
+* Keep reader-facing catalog access read-only.
+* Link the catalog and management pages from the existing dashboard or role workspace.
+* Protect write actions with `MANAGE_BOOKS`; allow read-only catalog access with `VIEW_CATALOG`.
+* Track inventory fields needed for later borrowing work, such as total copies, available copies, and status.
+* Seed enough demo book/category data for local scaffold verification.
+* Add or update focused checks/tests for business rules that can be verified without a running Tomcat instance.
+* Update user-facing JSP pages and CSS only as needed for the selected workflow.
+
+## Acceptance Criteria (evolving)
+
+* [x] Authenticated users with `VIEW_CATALOG` can reach a catalog page and search by title, author, category, or book identifier.
+* [x] Administrators and librarians can reach book management pages and create, edit, and delete book records.
+* [x] Readers cannot reach write actions for book management.
+* [x] Required form/query validation returns clear user-facing errors.
+* [x] Book inventory fields reject invalid values such as negative copy counts or available copies greater than total copies.
+* [x] DAO/service failures are handled without exposing internal exceptions to JSPs.
+* [x] Maven build or equivalent compile/test checks pass in the local environment.
+
+## Definition of Done (team quality bar)
+
+* Tests added/updated where appropriate.
+* Lint / typecheck / compile checks green where available.
+* Docs/notes updated if behavior changes.
+* Rollout/rollback considered if risky.
+
+## Out of Scope (explicit)
+
+* Replacing JSP/Servlet with another framework.
+* Production deployment automation.
+* Large visual redesign unrelated to the selected workflow.
+* Borrowing, returning, renewing, overdue handling, and reader profile management.
+* Full report/statistics dashboards beyond catalog search.
+
+## Technical Notes
+
+* Current task directory: `.trellis/tasks/04-27-continue-improve-program`.
+* Main app entry points inspected:
+  * `README.md`
+  * `pom.xml`
+  * `src/main/webapp/WEB-INF/web.xml`
+  * `src/main/resources/db/schema.sql`
+  * `src/main/webapp/WEB-INF/jsp/dashboard.jsp`
+  * `src/main/webapp/WEB-INF/jsp/role-home.jsp`
+  * `src/main/java/com/mzh/library/controller/RoleAreaServlet.java`
+  * `src/main/java/com/mzh/library/filter/AuthorizationFilter.java`
+* Existing checks inspected:
+  * `src/test/java/com/mzh/library/service/AuthServiceCheck.java`
+  * `src/test/java/com/mzh/library/service/PermissionPolicyCheck.java`
+* Book-module implementation should reuse:
+  * `Permission.MANAGE_BOOKS`
+  * `Permission.VIEW_CATALOG`
+  * Existing controller construction style from `LoginServlet` and `RoleAreaServlet`
+  * Existing DAO error style from `JdbcUserDao`
+  * Existing service error style from `AuthServiceImpl`
+  * Existing role policy in `PermissionPolicy`
+* Final verification notes:
+  * `mvn` is not installed in this shell, so WAR packaging could not be run locally.
+  * Fallback `javac -Xlint:all` compile passed for non-Servlet app layers and check classes.
+  * `AuthServiceCheck`, `PermissionPolicyCheck`, and `BookServiceCheck` passed.
+  * `git diff --check` passed.
+  * JSP scriptlet and JSP/static SQL/JDBC scans passed.