# brainstorm: 继续完善程序

## Goal

Continue improving the MZH Library Management system by adding the first concrete business slice: book catalog search and basic book management.

## What I already know

* User asked to "继续完善程序" without specifying the target module yet.
* The project is a Java 11 Maven WAR application using JSP, Servlet, Tomcat, MySQL, and JDBC DAOs.
* Current scaffold includes login, logout, authentication filter, authorization filter, role-aware dashboard, and placeholder role home pages.
* Existing roles are administrator, librarian, and reader.
* Existing permissions include user management, book management, reader management, borrowing management, report viewing, system log viewing, catalog viewing, and book borrowing.
* `src/main/resources/db/schema.sql` currently defines role, permission, role-permission, user, and system-log tables, but not book/catalog/reader/borrowing domain tables.
* `src/main/webapp/WEB-INF/jsp/role-home.jsp` is still a generic placeholder page.
* User selected the book catalog / book management slice.
* `Permission.MANAGE_BOOKS` already exists for administrator and librarian users.
* `Permission.VIEW_CATALOG` already exists for administrator, librarian, and reader users.

## Assumptions (temporary)

* The implementation should keep the existing layered structure: JSP/CSS presentation -> Servlet controller -> Service -> DAO -> MySQL.
* The work should remain focused enough to finish in one task with build/test verification.
* Book management should be available to administrators and librarians; readers should have read-only catalog search.

## Open Questions

* None currently blocking. Default scope is catalog list/search plus create/update/delete management for books and categories only as needed to support book records.

## Requirements (evolving)

* Preserve the existing login, role, permission, and dashboard behavior.
* Add book catalog search using the existing Java/JSP/Servlet/JDBC style.
* Add a `books` table and a category representation in `src/main/resources/db/schema.sql`.
* Support searching/listing books by title, author, category, and book identifier.
* Provide administrator/librarian book-management actions for creating, editing, and deleting book records.
* Keep reader-facing catalog access read-only.
* Link the catalog and management pages from the existing dashboard or role workspace.
* Protect write actions with `MANAGE_BOOKS`; allow read-only catalog access with `VIEW_CATALOG`.
* Track inventory fields needed for later borrowing work, such as total copies, available copies, and status.
* Seed enough demo book/category data for local scaffold verification.
* Add or update focused checks/tests for business rules that can be verified without a running Tomcat instance.
* Update user-facing JSP pages and CSS only as needed for the selected workflow.

## Acceptance Criteria (evolving)

* [x] Authenticated users with `VIEW_CATALOG` can reach a catalog page and search by title, author, category, or book identifier.
* [x] Administrators and librarians can reach book management pages and create, edit, and delete book records.
* [x] Readers cannot reach write actions for book management.
* [x] Required form/query validation returns clear user-facing errors.
* [x] Book inventory fields reject invalid values such as negative copy counts or available copies greater than total copies.
* [x] DAO/service failures are handled without exposing internal exceptions to JSPs.
* [x] Maven build or equivalent compile/test checks pass in the local environment.

## Definition of Done (team quality bar)

* Tests added/updated where appropriate.
* Lint / typecheck / compile checks green where available.
* Docs/notes updated if behavior changes.
* Rollout/rollback considered if risky.

## Out of Scope (explicit)

* Replacing JSP/Servlet with another framework.
* Production deployment automation.
* Large visual redesign unrelated to the selected workflow.
* Borrowing, returning, renewing, overdue handling, and reader profile management.
* Full report/statistics dashboards beyond catalog search.

## Technical Notes

* Current task directory: `.trellis/tasks/04-27-continue-improve-program`.
* Main app entry points inspected:
  * `README.md`
  * `pom.xml`
  * `src/main/webapp/WEB-INF/web.xml`
  * `src/main/resources/db/schema.sql`
  * `src/main/webapp/WEB-INF/jsp/dashboard.jsp`
  * `src/main/webapp/WEB-INF/jsp/role-home.jsp`
  * `src/main/java/com/mzh/library/controller/RoleAreaServlet.java`
  * `src/main/java/com/mzh/library/filter/AuthorizationFilter.java`
* Existing checks inspected:
  * `src/test/java/com/mzh/library/service/AuthServiceCheck.java`
  * `src/test/java/com/mzh/library/service/PermissionPolicyCheck.java`
* Book-module implementation should reuse:
  * `Permission.MANAGE_BOOKS`
  * `Permission.VIEW_CATALOG`
  * Existing controller construction style from `LoginServlet` and `RoleAreaServlet`
  * Existing DAO error style from `JdbcUserDao`
  * Existing service error style from `AuthServiceImpl`
  * Existing role policy in `PermissionPolicy`
* Final verification notes:
  * `mvn` is not installed in this shell, so WAR packaging could not be run locally.
  * Fallback `javac -Xlint:all` compile passed for non-Servlet app layers and check classes.
  * `AuthServiceCheck`, `PermissionPolicyCheck`, and `BookServiceCheck` passed.
  * `git diff --check` passed.
  * JSP scriptlet and JSP/static SQL/JDBC scans passed.