feat(wm-revenue): #47 平台运维审计+用户授权管理

- AuditLog entity/mapper/service/controller: 操作日志记录/查询/统计/导出
- PlatformRole entity/mapper: 角色CRUD/权限管理
- RoleUserRelation entity/mapper: 角色用户关联
- PlatformUser entity/mapper/service/controller: 用户管理/角色分配/启用禁用/密码重置
- RoleService: 角色CRUD/权限分配/角色用户关联
- PlatformUserService: 用户CRUD/角色分配/启用禁用/密码重置
- DDL: V_platform_audit.sql (4张表 + 索引 + 5个默认角色)
- Test: PlatformAuditTest (12个测试用例)
- 30个API端点: /api/revenue/audit/*, /api/revenue/role/*, /api/revenue/platform-user/*

db/V_platform_audit.sql

@@ -0,0 +1,125 @@
+-- =============================================
+-- 平台运维审计 + 用户授权管理 DDL
+-- Version: 1.0
+-- Module: wm-revenue
+-- =============================================
+
+-- 1. 操作日志表
+CREATE TABLE IF NOT EXISTS pa_audit_log (
+    id              BIGSERIAL PRIMARY KEY,
+    operator        VARCHAR(100),
+    operator_id     BIGINT,
+    module          VARCHAR(100),
+    action          VARCHAR(50),
+    target_type     VARCHAR(50),
+    target_id       BIGINT,
+    before_value    TEXT,
+    after_value     TEXT,
+    ip_address      VARCHAR(50),
+    user_agent      VARCHAR(500),
+    request_url     VARCHAR(500),
+    request_method  VARCHAR(10),
+    result          VARCHAR(20)     DEFAULT 'success',
+    remark          VARCHAR(500),
+    created_at      TIMESTAMP       DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE INDEX idx_audit_log_module ON pa_audit_log(module);
+CREATE INDEX idx_audit_log_action ON pa_audit_log(action);
+CREATE INDEX idx_audit_log_operator_id ON pa_audit_log(operator_id);
+CREATE INDEX idx_audit_log_created_at ON pa_audit_log(created_at);
+CREATE INDEX idx_audit_log_target ON pa_audit_log(target_type, target_id);
+
+COMMENT ON TABLE pa_audit_log IS '操作日志（CRUD审计）';
+COMMENT ON COLUMN pa_audit_log.operator IS '操作人姓名';
+COMMENT ON COLUMN pa_audit_log.operator_id IS '操作人ID';
+COMMENT ON COLUMN pa_audit_log.module IS '模块名称';
+COMMENT ON COLUMN pa_audit_log.action IS '操作类型：create/update/delete/query/export/login/logout';
+COMMENT ON COLUMN pa_audit_log.target_type IS '目标类型';
+COMMENT ON COLUMN pa_audit_log.target_id IS '目标ID';
+COMMENT ON COLUMN pa_audit_log.before_value IS '操作前数据（JSON）';
+COMMENT ON COLUMN pa_audit_log.after_value IS '操作后数据（JSON）';
+
+-- 2. 平台角色表
+CREATE TABLE IF NOT EXISTS pa_platform_role (
+    id              BIGSERIAL PRIMARY KEY,
+    role_name       VARCHAR(100)    NOT NULL,
+    role_code       VARCHAR(50)     NOT NULL UNIQUE,
+    description     VARCHAR(500),
+    permissions     TEXT            DEFAULT '[]',
+    data_scope      VARCHAR(20)     DEFAULT 'self',
+    enabled         INTEGER         DEFAULT 1,
+    deleted         INTEGER         DEFAULT 0,
+    created_at      TIMESTAMP       DEFAULT CURRENT_TIMESTAMP,
+    updated_at      TIMESTAMP       DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE INDEX idx_platform_role_code ON pa_platform_role(role_code);
+CREATE INDEX idx_platform_role_enabled ON pa_platform_role(enabled);
+
+COMMENT ON TABLE pa_platform_role IS '平台角色';
+COMMENT ON COLUMN pa_platform_role.role_name IS '角色名称';
+COMMENT ON COLUMN pa_platform_role.role_code IS '角色编码';
+COMMENT ON COLUMN pa_platform_role.permissions IS '权限列表（JSON数组）';
+COMMENT ON COLUMN pa_platform_role.data_scope IS '数据范围：all/dept/self/custom';
+
+-- 3. 角色-用户关联表
+CREATE TABLE IF NOT EXISTS pa_role_user_relation (
+    id              BIGSERIAL PRIMARY KEY,
+    role_id         BIGINT          NOT NULL,
+    user_id         BIGINT          NOT NULL,
+    created_at      TIMESTAMP       DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE INDEX idx_role_user_relation_role ON pa_role_user_relation(role_id);
+CREATE INDEX idx_role_user_relation_user ON pa_role_user_relation(user_id);
+CREATE UNIQUE INDEX idx_role_user_relation_unique ON pa_role_user_relation(role_id, user_id);
+
+COMMENT ON TABLE pa_role_user_relation IS '角色-用户关联';
+
+-- 4. 平台用户表
+CREATE TABLE IF NOT EXISTS pa_platform_user (
+    id              BIGSERIAL PRIMARY KEY,
+    username        VARCHAR(100)    NOT NULL UNIQUE,
+    real_name       VARCHAR(100),
+    phone           VARCHAR(20),
+    email           VARCHAR(100),
+    department_id   BIGINT,
+    role_id         BIGINT,
+    status          INTEGER         DEFAULT 1,
+    password        VARCHAR(200),
+    last_login_at   TIMESTAMP,
+    deleted         INTEGER         DEFAULT 0,
+    created_at      TIMESTAMP       DEFAULT CURRENT_TIMESTAMP,
+    updated_at      TIMESTAMP       DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE INDEX idx_platform_user_username ON pa_platform_user(username);
+CREATE INDEX idx_platform_user_department ON pa_platform_user(department_id);
+CREATE INDEX idx_platform_user_role ON pa_platform_user(role_id);
+CREATE INDEX idx_platform_user_status ON pa_platform_user(status);
+
+COMMENT ON TABLE pa_platform_user IS '平台用户';
+COMMENT ON COLUMN pa_platform_user.username IS '登录用户名';
+COMMENT ON COLUMN pa_platform_user.status IS '状态：1-启用 0-禁用';
+
+-- =============================================
+-- 默认角色数据
+-- =============================================
+INSERT INTO pa_platform_role (role_name, role_code, description, permissions, data_scope, enabled) VALUES
+('超级管理员', 'SUPER_ADMIN', '系统超级管理员，拥有所有权限',
+ '["user:read","user:write","user:delete","role:read","role:write","role:delete","audit:read","audit:export","system:config"]',
+ 'all', 1),
+('运维管理员', 'OPS_ADMIN', '运维管理员，可查看和管理所有运维相关功能',
+ '["user:read","user:write","role:read","audit:read","audit:export","ops:manage"]',
+ 'all', 1),
+('普通用户', 'NORMAL_USER', '普通用户，基本查看权限',
+ '["user:read","audit:read"]',
+ 'self', 1),
+('部门管理员', 'DEPT_ADMIN', '部门管理员，管理本部门用户',
+ '["user:read","user:write","role:read","audit:read"]',
+ 'dept', 1),
+('审计员', 'AUDITOR', '审计员，只读审计日志权限',
+ '["audit:read","audit:export","user:read","role:read"]',
+ 'all', 1)
+ON CONFLICT (role_code) DO NOTHING;

wm-revenue/src/main/java/com/water/revenue/controller/AuditLogController.java

@@ -0,0 +1,93 @@
+package com.water.revenue.controller;
+
+import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import com.water.common.core.result.R;
+import com.water.revenue.entity.AuditLog;
+import com.water.revenue.service.AuditLogService;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import lombok.RequiredArgsConstructor;
+import org.springframework.format.annotation.DateTimeFormat;
+import org.springframework.web.bind.annotation.*;
+
+import java.time.LocalDateTime;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * 操作日志 Controller
+ */
+@Tag(name = "运维审计-操作日志")
+@RestController
+@RequestMapping("/api/revenue/audit")
+@RequiredArgsConstructor
+public class AuditLogController {
+
+    private final AuditLogService auditLogService;
+
+    @Operation(summary = "记录操作日志")
+    @PostMapping("/record")
+    public R<AuditLog> record(@RequestBody Map<String, Object> req) {
+        String operator = (String) req.get("operator");
+        Long operatorId = req.get("operatorId") != null ? Long.parseLong(String.valueOf(req.get("operatorId"))) : null;
+        String module = (String) req.get("module");
+        String action = (String) req.get("action");
+        String targetType = (String) req.get("targetType");
+        Long targetId = req.get("targetId") != null ? Long.parseLong(String.valueOf(req.get("targetId"))) : null;
+        String beforeValue = (String) req.get("beforeValue");
+        String afterValue = (String) req.get("afterValue");
+        String ipAddress = (String) req.get("ipAddress");
+        String userAgent = (String) req.get("userAgent");
+        return R.ok(auditLogService.record(operator, operatorId, module, action,
+                targetType, targetId, beforeValue, afterValue, ipAddress, userAgent));
+    }
+
+    @Operation(summary = "分页查询操作日志")
+    @GetMapping("/list")
+    public R<Page<AuditLog>> list(
+            @RequestParam(defaultValue = "1") int page,
+            @RequestParam(defaultValue = "10") int size,
+            @RequestParam(required = false) String module,
+            @RequestParam(required = false) String action,
+            @RequestParam(required = false) String operator,
+            @RequestParam(required = false) @DateTimeFormat(pattern = "yyyy-MM-dd HH:mm:ss") LocalDateTime startTime,
+            @RequestParam(required = false) @DateTimeFormat(pattern = "yyyy-MM-dd HH:mm:ss") LocalDateTime endTime) {
+        return R.ok(auditLogService.list(page, size, module, action, operator, startTime, endTime));
+    }
+
+    @Operation(summary = "获取日志详情")
+    @GetMapping("/{id}")
+    public R<AuditLog> detail(@PathVariable Long id) {
+        return R.ok(auditLogService.getDetail(id));
+    }
+
+    @Operation(summary = "按模块统计操作数量")
+    @GetMapping("/stats/module")
+    public R<List<Map<String, Object>>> statsByModule() {
+        return R.ok(auditLogService.statsByModule());
+    }
+
+    @Operation(summary = "按操作类型统计")
+    @GetMapping("/stats/action")
+    public R<List<Map<String, Object>>> statsByAction() {
+        return R.ok(auditLogService.statsByAction());
+    }
+
+    @Operation(summary = "导出操作日志")
+    @GetMapping("/export")
+    public R<List<AuditLog>> export(
+            @RequestParam(required = false) String module,
+            @RequestParam(required = false) String action,
+            @RequestParam(required = false) String operator,
+            @RequestParam(required = false) @DateTimeFormat(pattern = "yyyy-MM-dd HH:mm:ss") LocalDateTime startTime,
+            @RequestParam(required = false) @DateTimeFormat(pattern = "yyyy-MM-dd HH:mm:ss") LocalDateTime endTime) {
+        return R.ok(auditLogService.export(module, action, operator, startTime, endTime));
+    }
+
+    @Operation(summary = "清理历史日志")
+    @DeleteMapping("/clean")
+    public R<Map<String, Object>> cleanLogs(@RequestParam(defaultValue = "90") int days) {
+        int deleted = auditLogService.cleanOldLogs(days);
+        return R.ok(Map.of("deleted", deleted, "days", days));
+    }
+}

wm-revenue/src/main/java/com/water/revenue/controller/PlatformUserController.java

@@ -0,0 +1,95 @@
+package com.water.revenue.controller;
+
+import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import com.water.common.core.result.R;
+import com.water.revenue.entity.PlatformUser;
+import com.water.revenue.service.PlatformUserService;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import lombok.RequiredArgsConstructor;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+import java.util.Map;
+
+/**
+ * 平台用户管理 Controller
+ */
+@Tag(name = "运维审计-用户管理")
+@RestController
+@RequestMapping("/api/revenue/platform-user")
+@RequiredArgsConstructor
+public class PlatformUserController {
+
+    private final PlatformUserService userService;
+
+    @Operation(summary = "分页查询用户列表")
+    @GetMapping("/list")
+    public R<Page<PlatformUser>> list(
+            @RequestParam(defaultValue = "1") int page,
+            @RequestParam(defaultValue = "10") int size,
+            @RequestParam(required = false) String keyword,
+            @RequestParam(required = false) Integer status,
+            @RequestParam(required = false) Long departmentId) {
+        return R.ok(userService.listUsers(page, size, keyword, status, departmentId));
+    }
+
+    @Operation(summary = "获取用户详情")
+    @GetMapping("/{id}")
+    public R<PlatformUser> detail(@PathVariable Long id) {
+        return R.ok(userService.getUser(id));
+    }
+
+    @Operation(summary = "创建用户")
+    @PostMapping
+    public R<PlatformUser> create(@RequestBody PlatformUser user) {
+        return R.ok(userService.createUser(user));
+    }
+
+    @Operation(summary = "更新用户信息")
+    @PutMapping("/{id}")
+    public R<String> update(@PathVariable Long id, @RequestBody PlatformUser user) {
+        userService.updateUser(id, user);
+        return R.ok("更新成功");
+    }
+
+    @Operation(summary = "删除用户")
+    @DeleteMapping("/{id}")
+    public R<String> delete(@PathVariable Long id) {
+        userService.deleteUser(id);
+        return R.ok("删除成功");
+    }
+
+    @Operation(summary = "启用/禁用用户")
+    @PutMapping("/{id}/status")
+    public R<String> toggleStatus(@PathVariable Long id, @RequestBody Map<String, Integer> req) {
+        userService.toggleStatus(id, req.get("status"));
+        return R.ok("状态更新成功");
+    }
+
+    @Operation(summary = "重置用户密码")
+    @PutMapping("/{id}/reset-password")
+    public R<String> resetPassword(@PathVariable Long id, @RequestBody Map<String, String> req) {
+        userService.resetPassword(id, req.get("password"));
+        return R.ok("密码重置成功");
+    }
+
+    @Operation(summary = "分配用户角色")
+    @PutMapping("/{id}/role")
+    public R<String> assignRole(@PathVariable Long id, @RequestBody Map<String, Long> req) {
+        userService.assignRole(id, req.get("roleId"));
+        return R.ok("角色分配成功");
+    }
+
+    @Operation(summary = "根据角色查询用户")
+    @GetMapping("/by-role/{roleId}")
+    public R<List<PlatformUser>> getByRole(@PathVariable Long roleId) {
+        return R.ok(userService.getUsersByRoleId(roleId));
+    }
+
+    @Operation(summary = "根据部门查询用户")
+    @GetMapping("/by-department/{departmentId}")
+    public R<List<PlatformUser>> getByDepartment(@PathVariable Long departmentId) {
+        return R.ok(userService.getUsersByDepartment(departmentId));
+    }
+}

wm-revenue/src/main/java/com/water/revenue/controller/RoleController.java

@@ -0,0 +1,124 @@
+package com.water.revenue.controller;
+
+import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import com.water.common.core.result.R;
+import com.water.revenue.entity.PlatformRole;
+import com.water.revenue.service.RoleService;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import lombok.RequiredArgsConstructor;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+import java.util.Map;
+
+/**
+ * 角色权限 Controller
+ */
+@Tag(name = "运维审计-角色权限")
+@RestController
+@RequestMapping("/api/revenue/role")
+@RequiredArgsConstructor
+public class RoleController {
+
+    private final RoleService roleService;
+
+    // ==================== 角色 CRUD ====================
+
+    @Operation(summary = "分页查询角色列表")
+    @GetMapping("/list")
+    public R<Page<PlatformRole>> list(
+            @RequestParam(defaultValue = "1") int page,
+            @RequestParam(defaultValue = "10") int size,
+            @RequestParam(required = false) String keyword,
+            @RequestParam(required = false) Integer enabled) {
+        return R.ok(roleService.listRoles(page, size, keyword, enabled));
+    }
+
+    @Operation(summary = "获取所有启用角色")
+    @GetMapping("/all")
+    public R<List<PlatformRole>> all() {
+        return R.ok(roleService.allRoles());
+    }
+
+    @Operation(summary = "获取角色详情")
+    @GetMapping("/{id}")
+    public R<PlatformRole> detail(@PathVariable Long id) {
+        return R.ok(roleService.getRole(id));
+    }
+
+    @Operation(summary = "创建角色")
+    @PostMapping
+    public R<PlatformRole> create(@RequestBody PlatformRole role) {
+        return R.ok(roleService.createRole(role));
+    }
+
+    @Operation(summary = "更新角色")
+    @PutMapping("/{id}")
+    public R<String> update(@PathVariable Long id, @RequestBody PlatformRole role) {
+        roleService.updateRole(id, role);
+        return R.ok("更新成功");
+    }
+
+    @Operation(summary = "删除角色")
+    @DeleteMapping("/{id}")
+    public R<String> delete(@PathVariable Long id) {
+        roleService.deleteRole(id);
+        return R.ok("删除成功");
+    }
+
+    // ==================== 权限分配 ====================
+
+    @Operation(summary = "更新角色权限")
+    @PutMapping("/{id}/permissions")
+    public R<String> updatePermissions(@PathVariable Long id, @RequestBody Map<String, String> req) {
+        roleService.updatePermissions(id, req.get("permissions"));
+        return R.ok("权限更新成功");
+    }
+
+    @Operation(summary = "获取角色权限")
+    @GetMapping("/{id}/permissions")
+    public R<Map<String, Object>> getPermissions(@PathVariable Long id) {
+        String permissions = roleService.getPermissions(id);
+        return R.ok(Map.of("roleId", id, "permissions", permissions != null ? permissions : "[]"));
+    }
+
+    // ==================== 角色-用户关联 ====================
+
+    @Operation(summary = "为用户分配角色")
+    @PostMapping("/assign")
+    public R<String> assignRole(@RequestBody Map<String, Long> req) {
+        roleService.assignRole(req.get("userId"), req.get("roleId"));
+        return R.ok("分配成功");
+    }
+
+    @Operation(summary = "移除用户角色")
+    @PostMapping("/remove")
+    public R<String> removeRole(@RequestBody Map<String, Long> req) {
+        roleService.removeRole(req.get("userId"), req.get("roleId"));
+        return R.ok("移除成功");
+    }
+
+    @Operation(summary = "获取用户的所有角色ID")
+    @GetMapping("/user/{userId}")
+    public R<List<Long>> getUserRoles(@PathVariable Long userId) {
+        return R.ok(roleService.getUserRoleIds(userId));
+    }
+
+    @Operation(summary = "获取角色下的所有用户ID")
+    @GetMapping("/{id}/users")
+    public R<List<Long>> getRoleUsers(@PathVariable Long id) {
+        return R.ok(roleService.getRoleUserIds(id));
+    }
+
+    @Operation(summary = "批量分配角色")
+    @PostMapping("/batch-assign")
+    public R<String> batchAssign(@RequestBody Map<String, Object> req) {
+        @SuppressWarnings("unchecked")
+        List<Number> userIdNums = (List<Number>) req.get("userIds");
+        List<Long> userIds = userIdNums.stream().map(Number::longValue).toList();
+        Long roleId = Long.parseLong(String.valueOf(req.get("roleId")));
+        roleService.batchAssignRole(userIds, roleId);
+        return R.ok("批量分配成功");
+    }
+}

wm-revenue/src/main/java/com/water/revenue/entity/AuditLog.java

@@ -0,0 +1,60 @@
+package com.water.revenue.entity;
+
+import com.baomidou.mybatisplus.annotation.*;
+import lombok.Data;
+import java.time.LocalDateTime;
+
+/**
+ * 操作日志实体（CRUD审计）
+ */
+@Data
+@TableName("pa_audit_log")
+public class AuditLog {
+
+    @TableId(type = IdType.AUTO)
+    private Long id;
+
+    /** 操作人姓名 */
+    private String operator;
+
+    /** 操作人ID */
+    private Long operatorId;
+
+    /** 模块名称 */
+    private String module;
+
+    /** 操作类型：create/update/delete/query/export/login/logout */
+    private String action;
+
+    /** 目标类型：user/role/announcement/meter 等 */
+    private String targetType;
+
+    /** 目标ID */
+    private Long targetId;
+
+    /** 操作前数据（JSON） */
+    private String beforeValue;
+
+    /** 操作后数据（JSON） */
+    private String afterValue;
+
+    /** 请求IP地址 */
+    private String ipAddress;
+
+    /** 浏览器User-Agent */
+    private String userAgent;
+
+    /** 请求URL */
+    private String requestUrl;
+
+    /** 请求方法 */
+    private String requestMethod;
+
+    /** 操作结果：success/fail */
+    private String result;
+
+    /** 备注 */
+    private String remark;
+
+    private LocalDateTime createdAt;
+}

wm-revenue/src/main/java/com/water/revenue/entity/PlatformRole.java

@@ -0,0 +1,41 @@
+package com.water.revenue.entity;
+
+import com.baomidou.mybatisplus.annotation.*;
+import lombok.Data;
+import java.time.LocalDateTime;
+
+/**
+ * 平台角色实体
+ */
+@Data
+@TableName("pa_platform_role")
+public class PlatformRole {
+
+    @TableId(type = IdType.AUTO)
+    private Long id;
+
+    /** 角色名称 */
+    private String roleName;
+
+    /** 角色编码 */
+    private String roleCode;
+
+    /** 角色描述 */
+    private String description;
+
+    /** 权限列表（JSON数组，如 ["user:read","user:write","role:read"]） */
+    private String permissions;
+
+    /** 数据范围：all-全部 dept-本部门 self-仅本人 custom-自定义 */
+    private String dataScope;
+
+    /** 是否启用：1-启用 0-禁用 */
+    private Integer enabled;
+
+    @TableLogic
+    private Integer deleted;
+
+    private LocalDateTime createdAt;
+
+    private LocalDateTime updatedAt;
+}

wm-revenue/src/main/java/com/water/revenue/entity/PlatformUser.java

@@ -0,0 +1,50 @@
+package com.water.revenue.entity;
+
+import com.baomidou.mybatisplus.annotation.*;
+import lombok.Data;
+import java.time.LocalDateTime;
+
+/**
+ * 平台用户实体
+ */
+@Data
+@TableName("pa_platform_user")
+public class PlatformUser {
+
+    @TableId(type = IdType.AUTO)
+    private Long id;
+
+    /** 用户名（登录名） */
+    private String username;
+
+    /** 真实姓名 */
+    private String realName;
+
+    /** 手机号 */
+    private String phone;
+
+    /** 邮箱 */
+    private String email;
+
+    /** 部门ID */
+    private Long departmentId;
+
+    /** 角色ID（主角色） */
+    private Long roleId;
+
+    /** 状态：1-启用 0-禁用 */
+    private Integer status;
+
+    /** 密码（BCrypt加密） */
+    private String password;
+
+    /** 最后登录时间 */
+    private LocalDateTime lastLoginAt;
+
+    @TableLogic
+    private Integer deleted;
+
+    private LocalDateTime createdAt;
+
+    private LocalDateTime updatedAt;
+}

wm-revenue/src/main/java/com/water/revenue/entity/RoleUserRelation.java

@@ -0,0 +1,24 @@
+package com.water.revenue.entity;
+
+import com.baomidou.mybatisplus.annotation.*;
+import lombok.Data;
+import java.time.LocalDateTime;
+
+/**
+ * 角色-用户关联实体
+ */
+@Data
+@TableName("pa_role_user_relation")
+public class RoleUserRelation {
+
+    @TableId(type = IdType.AUTO)
+    private Long id;
+
+    /** 角色ID */
+    private Long roleId;
+
+    /** 用户ID */
+    private Long userId;
+
+    private LocalDateTime createdAt;
+}

wm-revenue/src/main/java/com/water/revenue/mapper/AuditLogMapper.java

@@ -0,0 +1,9 @@
+package com.water.revenue.mapper;
+
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import com.water.revenue.entity.AuditLog;
+import org.apache.ibatis.annotations.Mapper;
+
+@Mapper
+public interface AuditLogMapper extends BaseMapper<AuditLog> {
+}

wm-revenue/src/main/java/com/water/revenue/mapper/PlatformRoleMapper.java

@@ -0,0 +1,9 @@
+package com.water.revenue.mapper;
+
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import com.water.revenue.entity.PlatformRole;
+import org.apache.ibatis.annotations.Mapper;
+
+@Mapper
+public interface PlatformRoleMapper extends BaseMapper<PlatformRole> {
+}

wm-revenue/src/main/java/com/water/revenue/mapper/PlatformUserMapper.java

@@ -0,0 +1,9 @@
+package com.water.revenue.mapper;
+
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import com.water.revenue.entity.PlatformUser;
+import org.apache.ibatis.annotations.Mapper;
+
+@Mapper
+public interface PlatformUserMapper extends BaseMapper<PlatformUser> {
+}

wm-revenue/src/main/java/com/water/revenue/mapper/RoleUserRelationMapper.java

@@ -0,0 +1,9 @@
+package com.water.revenue.mapper;
+
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import com.water.revenue.entity.RoleUserRelation;
+import org.apache.ibatis.annotations.Mapper;
+
+@Mapper
+public interface RoleUserRelationMapper extends BaseMapper<RoleUserRelation> {
+}

wm-revenue/src/main/java/com/water/revenue/service/AuditLogService.java

@@ -0,0 +1,157 @@
+package com.water.revenue.service;
+
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import com.water.revenue.entity.AuditLog;
+import com.water.revenue.mapper.AuditLogMapper;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+
+import java.time.LocalDateTime;
+import java.util.*;
+
+/**
+ * 操作日志服务
+ */
+@Slf4j
+@Service
+@RequiredArgsConstructor
+public class AuditLogService {
+
+    private final AuditLogMapper auditLogMapper;
+
+    /**
+     * 记录操作日志
+     */
+    public AuditLog record(String operator, Long operatorId, String module, String action,
+                           String targetType, Long targetId, String beforeValue,
+                           String afterValue, String ipAddress, String userAgent) {
+        AuditLog auditLog = new AuditLog();
+        auditLog.setOperator(operator);
+        auditLog.setOperatorId(operatorId);
+        auditLog.setModule(module);
+        auditLog.setAction(action);
+        auditLog.setTargetType(targetType);
+        auditLog.setTargetId(targetId);
+        auditLog.setBeforeValue(beforeValue);
+        auditLog.setAfterValue(afterValue);
+        auditLog.setIpAddress(ipAddress);
+        auditLog.setUserAgent(userAgent);
+        auditLog.setResult("success");
+        auditLogMapper.insert(auditLog);
+        log.info("Audit log recorded: module={}, action={}, operator={}", module, action, operator);
+        return auditLog;
+    }
+
+    /**
+     * 分页查询操作日志
+     */
+    public Page<AuditLog> list(int page, int size, String module, String action,
+                                String operator, LocalDateTime startTime, LocalDateTime endTime) {
+        LambdaQueryWrapper<AuditLog> qw = new LambdaQueryWrapper<>();
+        if (module != null && !module.isEmpty()) {
+            qw.eq(AuditLog::getModule, module);
+        }
+        if (action != null && !action.isEmpty()) {
+            qw.eq(AuditLog::getAction, action);
+        }
+        if (operator != null && !operator.isEmpty()) {
+            qw.like(AuditLog::getOperator, operator);
+        }
+        if (startTime != null) {
+            qw.ge(AuditLog::getCreatedAt, startTime);
+        }
+        if (endTime != null) {
+            qw.le(AuditLog::getCreatedAt, endTime);
+        }
+        qw.orderByDesc(AuditLog::getCreatedAt);
+        return auditLogMapper.selectPage(new Page<>(page, size), qw);
+    }
+
+    /**
+     * 获取日志详情
+     */
+    public AuditLog getDetail(Long id) {
+        return auditLogMapper.selectById(id);
+    }
+
+    /**
+     * 按模块统计操作数量
+     */
+    public List<Map<String, Object>> statsByModule() {
+        LambdaQueryWrapper<AuditLog> qw = new LambdaQueryWrapper<>();
+        qw.select(AuditLog::getModule);
+        List<AuditLog> list = auditLogMapper.selectList(qw);
+        Map<String, Long> countMap = new LinkedHashMap<>();
+        for (AuditLog a : list) {
+            countMap.put(a.getModule(), countMap.getOrDefault(a.getModule(), 0L) + 1);
+        }
+        List<Map<String, Object>> result = new ArrayList<>();
+        countMap.forEach((module, count) -> {
+            Map<String, Object> m = new HashMap<>();
+            m.put("module", module);
+            m.put("count", count);
+            result.add(m);
+        });
+        return result;
+    }
+
+    /**
+     * 按操作类型统计
+     */
+    public List<Map<String, Object>> statsByAction() {
+        LambdaQueryWrapper<AuditLog> qw = new LambdaQueryWrapper<>();
+        qw.select(AuditLog::getAction);
+        List<AuditLog> list = auditLogMapper.selectList(qw);
+        Map<String, Long> countMap = new LinkedHashMap<>();
+        for (AuditLog a : list) {
+            countMap.put(a.getAction(), countMap.getOrDefault(a.getAction(), 0L) + 1);
+        }
+        List<Map<String, Object>> result = new ArrayList<>();
+        countMap.forEach((action, count) -> {
+            Map<String, Object> m = new HashMap<>();
+            m.put("action", action);
+            m.put("count", count);
+            result.add(m);
+        });
+        return result;
+    }
+
+    /**
+     * 导出日志（返回全量数据，由Controller处理下载）
+     */
+    public List<AuditLog> export(String module, String action, String operator,
+                                  LocalDateTime startTime, LocalDateTime endTime) {
+        LambdaQueryWrapper<AuditLog> qw = new LambdaQueryWrapper<>();
+        if (module != null && !module.isEmpty()) {
+            qw.eq(AuditLog::getModule, module);
+        }
+        if (action != null && !action.isEmpty()) {
+            qw.eq(AuditLog::getAction, action);
+        }
+        if (operator != null && !operator.isEmpty()) {
+            qw.like(AuditLog::getOperator, operator);
+        }
+        if (startTime != null) {
+            qw.ge(AuditLog::getCreatedAt, startTime);
+        }
+        if (endTime != null) {
+            qw.le(AuditLog::getCreatedAt, endTime);
+        }
+        qw.orderByDesc(AuditLog::getCreatedAt);
+        return auditLogMapper.selectList(qw);
+    }
+
+    /**
+     * 清理指定天数前的日志
+     */
+    public int cleanOldLogs(int days) {
+        LocalDateTime cutoff = LocalDateTime.now().minusDays(days);
+        LambdaQueryWrapper<AuditLog> qw = new LambdaQueryWrapper<>();
+        qw.lt(AuditLog::getCreatedAt, cutoff);
+        int deleted = auditLogMapper.delete(qw);
+        log.info("Cleaned {} audit logs older than {} days", deleted, days);
+        return deleted;
+    }
+}

wm-revenue/src/main/java/com/water/revenue/service/PlatformUserService.java

@@ -0,0 +1,164 @@
+package com.water.revenue.service;
+
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import com.water.revenue.entity.PlatformUser;
+import com.water.revenue.mapper.PlatformUserMapper;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+
+import java.time.LocalDateTime;
+import java.util.List;
+
+/**
+ * 平台用户管理服务
+ */
+@Slf4j
+@Service
+@RequiredArgsConstructor
+public class PlatformUserService {
+
+    private final PlatformUserMapper userMapper;
+
+    /**
+     * 分页查询用户
+     */
+    public Page<PlatformUser> listUsers(int page, int size, String keyword,
+                                         Integer status, Long departmentId) {
+        LambdaQueryWrapper<PlatformUser> qw = new LambdaQueryWrapper<>();
+        if (keyword != null && !keyword.isEmpty()) {
+            qw.and(w -> w.like(PlatformUser::getUsername, keyword)
+                    .or().like(PlatformUser::getRealName, keyword)
+                    .or().like(PlatformUser::getPhone, keyword));
+        }
+        if (status != null) {
+            qw.eq(PlatformUser::getStatus, status);
+        }
+        if (departmentId != null) {
+            qw.eq(PlatformUser::getDepartmentId, departmentId);
+        }
+        qw.orderByDesc(PlatformUser::getCreatedAt);
+        return userMapper.selectPage(new Page<>(page, size), qw);
+    }
+
+    /**
+     * 获取用户详情
+     */
+    public PlatformUser getUser(Long id) {
+        PlatformUser user = userMapper.selectById(id);
+        if (user != null) {
+            user.setPassword(null); // 不返回密码
+        }
+        return user;
+    }
+
+    /**
+     * 根据用户名查找用户
+     */
+    public PlatformUser findByUsername(String username) {
+        LambdaQueryWrapper<PlatformUser> qw = new LambdaQueryWrapper<>();
+        qw.eq(PlatformUser::getUsername, username);
+        return userMapper.selectOne(qw);
+    }
+
+    /**
+     * 创建用户
+     */
+    public PlatformUser createUser(PlatformUser user) {
+        // 检查用户名是否已存在
+        PlatformUser existing = findByUsername(user.getUsername());
+        if (existing != null) {
+            throw new RuntimeException("用户名已存在: " + user.getUsername());
+        }
+        if (user.getStatus() == null) {
+            user.setStatus(1); // 默认启用
+        }
+        userMapper.insert(user);
+        log.info("Platform user created: id={}, username={}", user.getId(), user.getUsername());
+        user.setPassword(null);
+        return user;
+    }
+
+    /**
+     * 更新用户信息
+     */
+    public void updateUser(Long id, PlatformUser user) {
+        user.setId(id);
+        // 不允许通过此方法修改密码
+        user.setPassword(null);
+        userMapper.updateById(user);
+        log.info("Platform user updated: id={}", id);
+    }
+
+    /**
+     * 删除用户（逻辑删除）
+     */
+    public void deleteUser(Long id) {
+        userMapper.deleteById(id);
+        log.info("Platform user deleted: id={}", id);
+    }
+
+    /**
+     * 启用/禁用用户
+     */
+    public void toggleStatus(Long id, Integer status) {
+        PlatformUser user = new PlatformUser();
+        user.setId(id);
+        user.setStatus(status);
+        userMapper.updateById(user);
+        log.info("Platform user status changed: id={}, status={}", id, status);
+    }
+
+    /**
+     * 密码重置（设置为默认密码）
+     */
+    public void resetPassword(Long id, String newPassword) {
+        PlatformUser user = new PlatformUser();
+        user.setId(id);
+        user.setPassword(newPassword);
+        userMapper.updateById(user);
+        log.info("Platform user password reset: id={}", id);
+    }
+
+    /**
+     * 分配角色
+     */
+    public void assignRole(Long userId, Long roleId) {
+        PlatformUser user = new PlatformUser();
+        user.setId(userId);
+        user.setRoleId(roleId);
+        userMapper.updateById(user);
+        log.info("Platform user role assigned: userId={}, roleId={}", userId, roleId);
+    }
+
+    /**
+     * 更新最后登录时间
+     */
+    public void updateLastLogin(Long userId) {
+        PlatformUser user = new PlatformUser();
+        user.setId(userId);
+        user.setLastLoginAt(LocalDateTime.now());
+        userMapper.updateById(user);
+    }
+
+    /**
+     * 根据角色ID查询用户列表
+     */
+    public List<PlatformUser> getUsersByRoleId(Long roleId) {
+        LambdaQueryWrapper<PlatformUser> qw = new LambdaQueryWrapper<>();
+        qw.eq(PlatformUser::getRoleId, roleId);
+        qw.eq(PlatformUser::getStatus, 1);
+        return userMapper.selectList(qw);
+    }
+
+    /**
+     * 根据部门ID查询用户列表
+     */
+    public List<PlatformUser> getUsersByDepartment(Long departmentId) {
+        LambdaQueryWrapper<PlatformUser> qw = new LambdaQueryWrapper<>();
+        qw.eq(PlatformUser::getDepartmentId, departmentId);
+        qw.eq(PlatformUser::getStatus, 1);
+        return userMapper.selectList(qw);
+    }
+}

wm-revenue/src/main/java/com/water/revenue/service/RoleService.java

@@ -0,0 +1,186 @@
+package com.water.revenue.service;
+
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import com.water.revenue.entity.PlatformRole;
+import com.water.revenue.entity.RoleUserRelation;
+import com.water.revenue.mapper.PlatformRoleMapper;
+import com.water.revenue.mapper.RoleUserRelationMapper;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.util.*;
+import java.util.stream.Collectors;
+
+/**
+ * 角色权限服务
+ */
+@Slf4j
+@Service
+@RequiredArgsConstructor
+public class RoleService {
+
+    private final PlatformRoleMapper roleMapper;
+    private final RoleUserRelationMapper relationMapper;
+
+    // ==================== 角色 CRUD ====================
+
+    /**
+     * 分页查询角色
+     */
+    public Page<PlatformRole> listRoles(int page, int size, String keyword, Integer enabled) {
+        LambdaQueryWrapper<PlatformRole> qw = new LambdaQueryWrapper<>();
+        if (keyword != null && !keyword.isEmpty()) {
+            qw.and(w -> w.like(PlatformRole::getRoleName, keyword)
+                    .or().like(PlatformRole::getRoleCode, keyword)
+                    .or().like(PlatformRole::getDescription, keyword));
+        }
+        if (enabled != null) {
+            qw.eq(PlatformRole::getEnabled, enabled);
+        }
+        qw.orderByDesc(PlatformRole::getCreatedAt);
+        return roleMapper.selectPage(new Page<>(page, size), qw);
+    }
+
+    /**
+     * 获取所有角色列表
+     */
+    public List<PlatformRole> allRoles() {
+        LambdaQueryWrapper<PlatformRole> qw = new LambdaQueryWrapper<>();
+        qw.eq(PlatformRole::getEnabled, 1);
+        qw.orderByDesc(PlatformRole::getCreatedAt);
+        return roleMapper.selectList(qw);
+    }
+
+    /**
+     * 获取角色详情
+     */
+    public PlatformRole getRole(Long id) {
+        return roleMapper.selectById(id);
+    }
+
+    /**
+     * 创建角色
+     */
+    public PlatformRole createRole(PlatformRole role) {
+        if (role.getEnabled() == null) {
+            role.setEnabled(1);
+        }
+        if (role.getDataScope() == null) {
+            role.setDataScope("self");
+        }
+        roleMapper.insert(role);
+        log.info("Role created: id={}, name={}, code={}", role.getId(), role.getRoleName(), role.getRoleCode());
+        return role;
+    }
+
+    /**
+     * 更新角色
+     */
+    public void updateRole(Long id, PlatformRole role) {
+        role.setId(id);
+        roleMapper.updateById(role);
+        log.info("Role updated: id={}", id);
+    }
+
+    /**
+     * 删除角色（逻辑删除，同时清理关联关系）
+     */
+    @Transactional
+    public void deleteRole(Long id) {
+        roleMapper.deleteById(id);
+        LambdaQueryWrapper<RoleUserRelation> qw = new LambdaQueryWrapper<>();
+        qw.eq(RoleUserRelation::getRoleId, id);
+        relationMapper.delete(qw);
+        log.info("Role deleted: id={}, relations cleaned", id);
+    }
+
+    // ==================== 权限分配 ====================
+
+    /**
+     * 更新角色权限
+     */
+    public void updatePermissions(Long roleId, String permissions) {
+        PlatformRole role = new PlatformRole();
+        role.setId(roleId);
+        role.setPermissions(permissions);
+        roleMapper.updateById(role);
+        log.info("Role permissions updated: roleId={}", roleId);
+    }
+
+    /**
+     * 获取角色权限
+     */
+    public String getPermissions(Long roleId) {
+        PlatformRole role = roleMapper.selectById(roleId);
+        return role != null ? role.getPermissions() : null;
+    }
+
+    // ==================== 角色-用户关联 ====================
+
+    /**
+     * 为用户分配角色
+     */
+    @Transactional
+    public void assignRole(Long userId, Long roleId) {
+        // 检查是否已存在
+        LambdaQueryWrapper<RoleUserRelation> qw = new LambdaQueryWrapper<>();
+        qw.eq(RoleUserRelation::getUserId, userId);
+        qw.eq(RoleUserRelation::getRoleId, roleId);
+        if (relationMapper.selectCount(qw) > 0) {
+            log.info("User {} already has role {}", userId, roleId);
+            return;
+        }
+        RoleUserRelation relation = new RoleUserRelation();
+        relation.setUserId(userId);
+        relation.setRoleId(roleId);
+        relationMapper.insert(relation);
+        log.info("Role assigned: userId={}, roleId={}", userId, roleId);
+    }
+
+    /**
+     * 移除用户角色
+     */
+    public void removeRole(Long userId, Long roleId) {
+        LambdaQueryWrapper<RoleUserRelation> qw = new LambdaQueryWrapper<>();
+        qw.eq(RoleUserRelation::getUserId, userId);
+        qw.eq(RoleUserRelation::getRoleId, roleId);
+        relationMapper.delete(qw);
+        log.info("Role removed: userId={}, roleId={}", userId, roleId);
+    }
+
+    /**
+     * 获取用户的所有角色ID
+     */
+    public List<Long> getUserRoleIds(Long userId) {
+        LambdaQueryWrapper<RoleUserRelation> qw = new LambdaQueryWrapper<>();
+        qw.eq(RoleUserRelation::getUserId, userId);
+        return relationMapper.selectList(qw).stream()
+                .map(RoleUserRelation::getRoleId)
+                .collect(Collectors.toList());
+    }
+
+    /**
+     * 获取角色下的所有用户ID
+     */
+    public List<Long> getRoleUserIds(Long roleId) {
+        LambdaQueryWrapper<RoleUserRelation> qw = new LambdaQueryWrapper<>();
+        qw.eq(RoleUserRelation::getRoleId, roleId);
+        return relationMapper.selectList(qw).stream()
+                .map(RoleUserRelation::getUserId)
+                .collect(Collectors.toList());
+    }
+
+    /**
+     * 批量分配角色给多个用户
+     */
+    @Transactional
+    public void batchAssignRole(List<Long> userIds, Long roleId) {
+        for (Long userId : userIds) {
+            assignRole(userId, roleId);
+        }
+        log.info("Batch role assigned: userIds={}, roleId={}", userIds, roleId);
+    }
+}

wm-revenue/src/test/java/com/water/revenue/PlatformAuditTest.java

@@ -0,0 +1,265 @@
+package com.water.revenue;
+
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import com.water.revenue.entity.AuditLog;
+import com.water.revenue.entity.PlatformRole;
+import com.water.revenue.entity.PlatformUser;
+import com.water.revenue.entity.RoleUserRelation;
+import com.water.revenue.mapper.AuditLogMapper;
+import com.water.revenue.mapper.PlatformRoleMapper;
+import com.water.revenue.mapper.PlatformUserMapper;
+import com.water.revenue.mapper.RoleUserRelationMapper;
+import com.water.revenue.service.AuditLogService;
+import com.water.revenue.service.PlatformUserService;
+import com.water.revenue.service.RoleService;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Nested;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import java.util.List;
+import java.util.Map;
+
+import static org.junit.jupiter.api.Assertions.*;
+import static org.mockito.ArgumentMatchers.*;
+import static org.mockito.Mockito.*;
+
+@ExtendWith(MockitoExtension.class)
+class PlatformAuditTest {
+
+    @Mock
+    private AuditLogMapper auditLogMapper;
+
+    @Mock
+    private PlatformRoleMapper roleMapper;
+
+    @Mock
+    private RoleUserRelationMapper relationMapper;
+
+    @Mock
+    private PlatformUserMapper userMapper;
+
+    private AuditLogService auditLogService;
+    private RoleService roleService;
+    private PlatformUserService userService;
+
+    @BeforeEach
+    void setUp() {
+        auditLogService = new AuditLogService(auditLogMapper);
+        roleService = new RoleService(roleMapper, relationMapper);
+        userService = new PlatformUserService(userMapper);
+    }
+
+    // ==================== 操作日志测试 ====================
+
+    @Nested
+    @DisplayName("操作日志服务测试")
+    class AuditLogTests {
+
+        @Test
+        @DisplayName("记录操作日志 - 正常记录")
+        void record_success() {
+            when(auditLogMapper.insert(any(AuditLog.class))).thenReturn(1);
+
+            AuditLog log = auditLogService.record(
+                    "admin", 1L, "用户管理", "create",
+                    "user", 100L, null, "{\"name\":\"test\"}",
+                    "192.168.1.1", "Mozilla/5.0");
+
+            assertNotNull(log);
+            assertEquals("admin", log.getOperator());
+            assertEquals("create", log.getAction());
+            assertEquals("success", log.getResult());
+            verify(auditLogMapper).insert(any(AuditLog.class));
+        }
+
+        @Test
+        @DisplayName("分页查询日志 - 按模块过滤")
+        void list_filterByModule() {
+            Page<AuditLog> mockPage = new Page<>(1, 10);
+            mockPage.setRecords(List.of(createLog(1L, "用户管理", "create")));
+            mockPage.setTotal(1);
+            when(auditLogMapper.selectPage(any(Page.class), any(LambdaQueryWrapper.class)))
+                    .thenReturn(mockPage);
+
+            Page<AuditLog> result = auditLogService.list(1, 10, "用户管理", null, null, null, null);
+
+            assertNotNull(result);
+            assertEquals(1, result.getRecords().size());
+            assertEquals("用户管理", result.getRecords().get(0).getModule());
+        }
+
+        @Test
+        @DisplayName("按模块统计 - 返回统计列表")
+        void statsByModule_returnsStats() {
+            List<AuditLog> logs = List.of(
+                    createLog(1L, "用户管理", "create"),
+                    createLog(2L, "用户管理", "update"),
+                    createLog(3L, "角色管理", "create")
+            );
+            when(auditLogMapper.selectList(any(LambdaQueryWrapper.class))).thenReturn(logs);
+
+            List<Map<String, Object>> stats = auditLogService.statsByModule();
+
+            assertNotNull(stats);
+            assertEquals(2, stats.size());
+        }
+
+        @Test
+        @DisplayName("清理历史日志")
+        void cleanOldLogs_deletesRecords() {
+            when(auditLogMapper.delete(any(LambdaQueryWrapper.class))).thenReturn(15);
+
+            int deleted = auditLogService.cleanOldLogs(90);
+
+            assertEquals(15, deleted);
+            verify(auditLogMapper).delete(any(LambdaQueryWrapper.class));
+        }
+    }
+
+    // ==================== 角色服务测试 ====================
+
+    @Nested
+    @DisplayName("角色权限服务测试")
+    class RoleTests {
+
+        @Test
+        @DisplayName("创建角色 - 设置默认值")
+        void createRole_setsDefaults() {
+            PlatformRole role = new PlatformRole();
+            role.setRoleName("测试角色");
+            role.setRoleCode("TEST_ROLE");
+
+            when(roleMapper.insert(any(PlatformRole.class))).thenReturn(1);
+
+            PlatformRole result = roleService.createRole(role);
+
+            assertEquals(1, result.getEnabled());
+            assertEquals("self", result.getDataScope());
+            verify(roleMapper).insert(role);
+        }
+
+        @Test
+        @DisplayName("删除角色 - 同时清理关联关系")
+        void deleteRole_cleansRelations() {
+            when(roleMapper.deleteById(1L)).thenReturn(1);
+            when(relationMapper.delete(any(LambdaQueryWrapper.class))).thenReturn(2);
+
+            roleService.deleteRole(1L);
+
+            verify(roleMapper).deleteById(1L);
+            verify(relationMapper).delete(any(LambdaQueryWrapper.class));
+        }
+
+        @Test
+        @DisplayName("分配角色 - 用户已有角色时不重复分配")
+        void assignRole_skipIfExists() {
+            when(relationMapper.selectCount(any(LambdaQueryWrapper.class))).thenReturn(1L);
+
+            roleService.assignRole(1L, 1L);
+
+            verify(relationMapper, never()).insert(any(RoleUserRelation.class));
+        }
+
+        @Test
+        @DisplayName("分配角色 - 正常分配")
+        void assignRole_success() {
+            when(relationMapper.selectCount(any(LambdaQueryWrapper.class))).thenReturn(0L);
+            when(relationMapper.insert(any(RoleUserRelation.class))).thenReturn(1);
+
+            roleService.assignRole(1L, 1L);
+
+            verify(relationMapper).insert(any(RoleUserRelation.class));
+        }
+
+        @Test
+        @DisplayName("更新角色权限")
+        void updatePermissions_success() {
+            when(roleMapper.updateById(any(PlatformRole.class))).thenReturn(1);
+
+            roleService.updatePermissions(1L, "[\"user:read\",\"user:write\"]");
+
+            verify(roleMapper).updateById(argThat(r ->
+                    r.getId() == 1L && "[\"user:read\",\"user:write\"]".equals(r.getPermissions())));
+        }
+    }
+
+    // ==================== 用户管理服务测试 ====================
+
+    @Nested
+    @DisplayName("用户管理服务测试")
+    class UserTests {
+
+        @Test
+        @DisplayName("创建用户 - 用户名已存在时抛异常")
+        void createUser_duplicateUsername_throwsException() {
+            PlatformUser user = new PlatformUser();
+            user.setUsername("existing");
+            user.setRealName("已存在");
+
+            when(userMapper.selectOne(any(LambdaQueryWrapper.class))).thenReturn(user);
+
+            assertThrows(RuntimeException.class, () -> userService.createUser(user));
+            verify(userMapper, never()).insert(any(PlatformUser.class));
+        }
+
+        @Test
+        @DisplayName("创建用户 - 正常创建")
+        void createUser_success() {
+            PlatformUser user = new PlatformUser();
+            user.setUsername("newuser");
+            user.setRealName("新用户");
+
+            when(userMapper.selectOne(any(LambdaQueryWrapper.class))).thenReturn(null);
+            when(userMapper.insert(any(PlatformUser.class))).thenReturn(1);
+
+            PlatformUser result = userService.createUser(user);
+
+            assertEquals(1, result.getStatus());
+            assertNull(result.getPassword()); // 密码不应返回
+            verify(userMapper).insert(user);
+        }
+
+        @Test
+        @DisplayName("启用/禁用用户")
+        void toggleStatus_success() {
+            when(userMapper.updateById(any(PlatformUser.class))).thenReturn(1);
+
+            userService.toggleStatus(1L, 0);
+
+            verify(userMapper).updateById(argThat(u ->
+                    u.getId() == 1L && u.getStatus() == 0));
+        }
+
+        @Test
+        @DisplayName("获取用户详情 - 不返回密码")
+        void getUser_hidesPassword() {
+            PlatformUser user = new PlatformUser();
+            user.setId(1L);
+            user.setUsername("admin");
+            user.setPassword("$2a$10$hashed_password");
+            when(userMapper.selectById(1L)).thenReturn(user);
+
+            PlatformUser result = userService.getUser(1L);
+
+            assertNotNull(result);
+            assertNull(result.getPassword());
+        }
+    }
+
+    // ==================== Helper ====================
+
+    private AuditLog createLog(Long id, String module, String action) {
+        AuditLog log = new AuditLog();
+        log.setId(id);
+        log.setModule(module);
+        log.setAction(action);
+        log.setOperator("admin");
+        log.setResult("success");
+        return log;
+    }
+}