🔧 chore(api): add data permission and user tracking configuration

- 为联系人模块添加数据权限配置，关联创建用户ID
- 为合同、合同续签、费用模块添加数据权限控制和用户跟踪
- 为跟进记录模块添加数据权限配置，关联创建人字段
- 为订单记录模块添加数据权限配置，关联销售人员字段
- 统一各模块的权限控制策略，确保数据访问安全性

src/server/api/contacts/index.ts

@@ -14,6 +14,10 @@ const linkmanRoutes = createCrudRoutes({
   userTracking: {
     createdByField: 'createdUserId',
     updatedByField: undefined // 只记录创建人，不记录更新人
+  },
+  dataPermission: {
+    entity: 'Linkman',
+    userIdField: 'createdUserId'
   }
 });
 

src/server/api/contracts-renew/index.ts

@@ -11,7 +11,15 @@ const hetongRenewRoutes = createCrudRoutes({
   listSchema: HetongRenewSchema,
   searchFields: ['contractId', 'state', 'auditStatus'],
   relations: ['contract.client'],
-  middleware: [authMiddleware]
+  middleware: [authMiddleware],
+  dataPermission: {
+    entity: 'HetongRenew',
+    userIdField: 'userId'
+  },
+  userTracking: {
+    createdByField: 'userId',
+    updatedByField: 'userId'
+  }
 });
 
 export default hetongRenewRoutes;

src/server/api/contracts/index.ts

@@ -11,7 +11,15 @@ const hetongRoutes = createCrudRoutes({
   listSchema: HetongSchema,
   relations: ['client'],
   searchFields: ['contractNumber', 'clientId', 'status'],
-  middleware: [authMiddleware]
+  middleware: [authMiddleware],
+  dataPermission: {
+    entity: 'Hetong',
+    userIdField: 'userId'
+  },
+  userTracking: {
+    createdByField: 'userId',
+    updatedByField: 'userId'
+  }
 });
 
 export default hetongRoutes;

src/server/api/expenses/index.ts

@@ -10,7 +10,15 @@ const expenseRoutes = createCrudRoutes({
   getSchema: ExpenseSchema,
   listSchema: ExpenseSchema,
   searchFields: ['type', 'status', 'description'],
-  middleware: [authMiddleware]
+  middleware: [authMiddleware],
+  dataPermission: {
+    entity: 'Expense',
+    userIdField: 'userId'
+  },
+  userTracking: {
+    createdByField: 'userId',
+    updatedByField: 'userId'
+  }
 });
 
 export default expenseRoutes;

src/server/api/follow-up-records/index.ts

@@ -15,6 +15,10 @@ const followUpRecordRoutes = createCrudRoutes({
   userTracking: {
     createdByField: 'createdBy',
     updatedByField: 'updatedBy'
+  },
+  dataPermission: {
+    entity: 'FollowUpRecord',
+    userIdField: 'createdBy'
   }
 });
 

src/server/api/order-records/index.ts

@@ -15,6 +15,10 @@ const orderRecordRoutes = createCrudRoutes({
   userTracking: {
     createdByField: 'createdBy',
     updatedByField: 'updatedBy'
+  },
+  dataPermission: {
+    entity: 'OrderRecord',
+    userIdField: 'salesperson'
   }
 });