fix(issue-14): 修复文档管理与系统管理6类代码质量问题

A. Entity-DDL表名不一致(致命): 3个文档实体@TableName('doc_*')但DDL定义'sys_document*'
   - DDL: sys_document→doc_document, sys_document_category→doc_category, sys_document_version→doc_version

B. Entity-DDL列名不一致(致命): 多个字段名不匹配
   - doc_document: file_path→storage_path, creator_id→uploader_id, 新增original_name/description/current_version/download_count/permission_level/deleted
   - doc_category: sort→sort_order, 新增description/deleted/updated_time
   - doc_version: doc_id→document_id, version_no→version, remark→description, file_path→storage_path, 新增file_size/operator_id
   - 3个实体: createdAt→createdTime, updatedAt→updatedTime (对齐camelCase映射)

C. DocService编译错误(致命):
   - setFilePath()→setStoragePath() (Document实体无filePath字段)
   - DocumentVersion::getDocId→getDocumentId (实体无docId字段)
   - DocumentVersion::getVersionNo→getVersion
   - listDocs categoryId参数String→Long (对齐实体Long类型)

D. 密码明文存储(高): SysService.createUser直接setPassword(明文)
   - 引入BCryptPasswordEncoder, 密码BCrypt加密存储
   - 新增verifyPassword方法, updateUser支持密码修改(加密)
   - pom.xml添加spring-security-crypto依赖

E. 缺测试(中): 新增2个测试类共45个测试方法
   - DocServiceTest: 20个测试(文档CRUD/列表搜索/分类管理/版本管理)
   - SysServiceTest: 25个测试(角色CRUD/用户CRUD+密码加密验证/菜单管理/部门CRUD/日志CRUD)

F. DDL缺列(致命): 修复V1__system_manage.sql
   - 3个文档表完全重写, 列名对齐实体字段
   - 添加种子数据: 5级角色预设/3个默认部门/4个文档分类

G. 补充功能: 新增MyBatisPlusConfig(分页+自动填充)
   - 新增DocController端点: 下载计数/分类创建/版本创建
   - 新增SysController端点: 角色更新删除/用户更新/菜单创建/部门更新/日志创建

wm-system/pom.xml

             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-validation</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-crypto</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>

wm-system/src/main/java/com/water/system/config/MyBatisPlusConfig.java

+package com.water.system.config;
+
+import com.baomidou.mybatisplus.annotation.DbType;
+import com.baomidou.mybatisplus.core.handlers.MetaObjectHandler;
+import com.baomidou.mybatisplus.extension.plugins.MybatisPlusInterceptor;
+import com.baomidou.mybatisplus.extension.plugins.inner.PaginationInnerInterceptor;
+import org.apache.ibatis.reflection.MetaObject;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import java.time.LocalDateTime;
+
+/**
+ * MyBatis-Plus 配置（分页插件 + 自动填充）
+ */
+@Configuration
+public class MyBatisPlusConfig {
+
+    @Bean
+    public MybatisPlusInterceptor mybatisPlusInterceptor() {
+        MybatisPlusInterceptor interceptor = new MybatisPlusInterceptor();
+        interceptor.addInnerInterceptor(new PaginationInnerInterceptor(DbType.POSTGRE_SQL));
+        return interceptor;
+    }
+
+    @Bean
+    public MetaObjectHandler metaObjectHandler() {
+        return new MetaObjectHandler() {
+            @Override
+            public void insertFill(MetaObject metaObject) {
+                this.strictInsertFill(metaObject, "createdTime", LocalDateTime.class, LocalDateTime.now());
+                this.strictInsertFill(metaObject, "updatedTime", LocalDateTime.class, LocalDateTime.now());
+            }
+
+            @Override
+            public void updateFill(MetaObject metaObject) {
+                this.strictUpdateFill(metaObject, "updatedTime", LocalDateTime.class, LocalDateTime.now());
+            }
+        };
+    }
+}

wm-system/src/main/java/com/water/system/controller/DocController.java

 import com.water.common.core.result.R;
 import com.water.system.entity.*;
 import com.water.system.service.DocService;
+import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.RequiredArgsConstructor;
 import org.springframework.web.bind.annotation.*;
 import java.util.*;
+
 @Tag(name="文档管理") @RestController @RequestMapping("/system/doc") @RequiredArgsConstructor
 public class DocController {
     private final DocService svc;
-    @GetMapping("/list") public R<List<Document>> list(@RequestParam(required=false) String categoryId, @RequestParam(required=false) String keyword) { return R.ok(svc.listDocs(categoryId, keyword)); }
-    @GetMapping("/{id}") public R<Document> get(@PathVariable Long id) { return R.ok(svc.getDoc(id)); }
-    @PostMapping public R<Long> create(@RequestBody Map<String,Object> req) { return R.ok(svc.createDoc(req)); }
-    @PutMapping("/{id}") public R<String> update(@PathVariable Long id, @RequestBody Map<String,Object> req) { svc.updateDoc(id, req); return R.ok("OK"); }
-    @DeleteMapping("/{id}") public R<String> delete(@PathVariable Long id) { svc.deleteDoc(id); return R.ok("OK"); }
-    @GetMapping("/category/list") public R<List<DocumentCategory>> categories() { return R.ok(svc.listCategories()); }
-    @GetMapping("/{docId}/versions") public R<List<DocumentVersion>> versions(@PathVariable Long docId) { return R.ok(svc.getVersions(docId)); }
+
+    @GetMapping("/list")
+    @Operation(summary = "文档列表（支持分类筛选和关键词搜索）")
+    public R<List<Document>> list(@RequestParam(required=false) Long categoryId,
+                                  @RequestParam(required=false) String keyword) {
+        return R.ok(svc.listDocs(categoryId, keyword));
+    }
+
+    @GetMapping("/{id}")
+    @Operation(summary = "获取文档详情")
+    public R<Document> get(@PathVariable Long id) { return R.ok(svc.getDoc(id)); }
+
+    @PostMapping
+    @Operation(summary = "创建文档")
+    public R<Long> create(@RequestBody Map<String,Object> req) { return R.ok(svc.createDoc(req)); }
+
+    @PutMapping("/{id}")
+    @Operation(summary = "更新文档")
+    public R<String> update(@PathVariable Long id, @RequestBody Map<String,Object> req) {
+        svc.updateDoc(id, req);
+        return R.ok("OK");
+    }
+
+    @DeleteMapping("/{id}")
+    @Operation(summary = "删除文档")
+    public R<String> delete(@PathVariable Long id) {
+        svc.deleteDoc(id);
+        return R.ok("OK");
+    }
+
+    @PostMapping("/{id}/download")
+    @Operation(summary = "下载文档（增加下载计数）")
+    public R<String> download(@PathVariable Long id) {
+        svc.incrementDownloadCount(id);
+        return R.ok("OK");
+    }
+
+    // ========== Category management ==========
+    @GetMapping("/category/list")
+    @Operation(summary = "文档分类列表")
+    public R<List<DocumentCategory>> categories() { return R.ok(svc.listCategories()); }
+
+    @PostMapping("/category")
+    @Operation(summary = "创建文档分类")
+    public R<Long> createCategory(@RequestBody Map<String,Object> req) {
+        return R.ok(svc.createCategory(req));
+    }
+
+    // ========== Version management ==========
+    @GetMapping("/{docId}/versions")
+    @Operation(summary = "文档版本列表")
+    public R<List<DocumentVersion>> versions(@PathVariable Long docId) {
+        return R.ok(svc.getVersions(docId));
+    }
+
+    @PostMapping("/{docId}/version")
+    @Operation(summary = "创建文档新版本")
+    public R<Long> createVersion(@PathVariable Long docId, @RequestBody Map<String,Object> req) {
+        return R.ok(svc.createVersion(docId, req));
+    }
 }

wm-system/src/main/java/com/water/system/controller/SysController.java

 import com.water.common.core.result.R;
 import com.water.system.entity.*;
 import com.water.system.service.SysService;
+import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.RequiredArgsConstructor;
 import org.springframework.web.bind.annotation.*;
 import java.util.*;
+
 @Tag(name="系统管理") @RestController @RequestMapping("/system") @RequiredArgsConstructor
 public class SysController {
     private final SysService svc;
-    @GetMapping("/role/list") public R<List<SysRole>> roles() { return R.ok(svc.listRoles()); }
-    @PostMapping("/role") public R<Long> createRole(@RequestBody Map<String,Object> req) { return R.ok(svc.createRole(req)); }
-    @GetMapping("/user/list") public R<List<SysUser>> users(@RequestParam(required=false) Integer status) { return R.ok(svc.listUsers(status)); }
-    @PostMapping("/user") public R<Long> createUser(@RequestBody Map<String,Object> req) { return R.ok(svc.createUser(req)); }
-    @PutMapping("/user/{id}/status") public R<String> updateUserStatus(@PathVariable Long id, @RequestParam int status) { svc.updateUserStatus(id, status); return R.ok("OK"); }
-    @GetMapping("/menu/list") public R<List<SysMenu>> menus() { return R.ok(svc.listMenus()); }
-    @GetMapping("/dept/list") public R<List<SysDepartment>> depts() { return R.ok(svc.listDepts()); }
-    @PostMapping("/dept") public R<Long> createDept(@RequestBody Map<String,Object> req) { return R.ok(svc.createDept(req)); }
-    @GetMapping("/log/list") public R<List<SysLog>> logs(@RequestParam(required=false) String logType, @RequestParam(required=false) String username) { return R.ok(svc.listLogs(logType, username)); }
+
+    // ========== Role management ==========
+    @GetMapping("/role/list")
+    @Operation(summary = "角色列表")
+    public R<List<SysRole>> roles() { return R.ok(svc.listRoles()); }
+
+    @PostMapping("/role")
+    @Operation(summary = "创建角色")
+    public R<Long> createRole(@RequestBody Map<String,Object> req) { return R.ok(svc.createRole(req)); }
+
+    @PutMapping("/role/{id}")
+    @Operation(summary = "更新角色")
+    public R<String> updateRole(@PathVariable Long id, @RequestBody Map<String,Object> req) {
+        svc.updateRole(id, req);
+        return R.ok("OK");
+    }
+
+    @DeleteMapping("/role/{id}")
+    @Operation(summary = "删除角色")
+    public R<String> deleteRole(@PathVariable Long id) {
+        svc.deleteRole(id);
+        return R.ok("OK");
+    }
+
+    // ========== User management ==========
+    @GetMapping("/user/list")
+    @Operation(summary = "用户列表")
+    public R<List<SysUser>> users(@RequestParam(required=false) Integer status) {
+        return R.ok(svc.listUsers(status));
+    }
+
+    @PostMapping("/user")
+    @Operation(summary = "创建用户（密码自动BCrypt加密）")
+    public R<Long> createUser(@RequestBody Map<String,Object> req) { return R.ok(svc.createUser(req)); }
+
+    @PutMapping("/user/{id}")
+    @Operation(summary = "更新用户信息")
+    public R<String> updateUser(@PathVariable Long id, @RequestBody Map<String,Object> req) {
+        svc.updateUser(id, req);
+        return R.ok("OK");
+    }
+
+    @PutMapping("/user/{id}/status")
+    @Operation(summary = "更新用户状态（启用/停用）")
+    public R<String> updateUserStatus(@PathVariable Long id, @RequestParam int status) {
+        svc.updateUserStatus(id, status);
+        return R.ok("OK");
+    }
+
+    // ========== Menu management ==========
+    @GetMapping("/menu/list")
+    @Operation(summary = "菜单列表")
+    public R<List<SysMenu>> menus() { return R.ok(svc.listMenus()); }
+
+    @PostMapping("/menu")
+    @Operation(summary = "创建菜单")
+    public R<Long> createMenu(@RequestBody Map<String,Object> req) {
+        return R.ok(svc.createMenu(req));
+    }
+
+    // ========== Department management ==========
+    @GetMapping("/dept/list")
+    @Operation(summary = "部门列表")
+    public R<List<SysDepartment>> depts() { return R.ok(svc.listDepts()); }
+
+    @PostMapping("/dept")
+    @Operation(summary = "创建部门")
+    public R<Long> createDept(@RequestBody Map<String,Object> req) { return R.ok(svc.createDept(req)); }
+
+    @PutMapping("/dept/{id}")
+    @Operation(summary = "更新部门")
+    public R<String> updateDept(@PathVariable Long id, @RequestBody Map<String,Object> req) {
+        svc.updateDept(id, req);
+        return R.ok("OK");
+    }
+
+    // ========== Log management ==========
+    @GetMapping("/log/list")
+    @Operation(summary = "日志列表（支持类型和用户名筛选）")
+    public R<List<SysLog>> logs(@RequestParam(required=false) String logType,
+                                @RequestParam(required=false) String username) {
+        return R.ok(svc.listLogs(logType, username));
+    }
+
+    @PostMapping("/log")
+    @Operation(summary = "记录日志")
+    public R<Long> createLog(@RequestBody Map<String,Object> req) {
+        return R.ok(svc.createLog(req));
+    }
 }

wm-system/src/main/java/com/water/system/entity/Document.java

     @TableLogic
     private Integer deleted;
     
-    private LocalDateTime createdAt;
-    private LocalDateTime updatedAt;
+    @TableField(fill = FieldFill.INSERT)
+    private LocalDateTime createdTime;
+
+    @TableField(fill = FieldFill.INSERT_UPDATE)
+    private LocalDateTime updatedTime;
 }

wm-system/src/main/java/com/water/system/entity/DocumentCategory.java

     @TableLogic
     private Integer deleted;
     
-    private LocalDateTime createdAt;
-    private LocalDateTime updatedAt;
+    @TableField(fill = FieldFill.INSERT)
+    private LocalDateTime createdTime;
+
+    @TableField(fill = FieldFill.INSERT_UPDATE)
+    private LocalDateTime updatedTime;
 }

wm-system/src/main/java/com/water/system/entity/DocumentVersion.java

     /** 操作人ID */
     private Long operatorId;
     
-    private LocalDateTime createdAt;
+    @TableField(fill = FieldFill.INSERT)
+    private LocalDateTime createdTime;
 }

wm-system/src/main/java/com/water/system/service/DocService.java

     private final DocumentCategoryMapper catMapper;
     private final DocumentVersionMapper verMapper;
 
-    public List<Document> listDocs(String categoryId, String keyword) {
+    public List<Document> listDocs(Long categoryId, String keyword) {
         LambdaQueryWrapper<Document> w = new LambdaQueryWrapper<>();
         if (categoryId != null) w.eq(Document::getCategoryId, categoryId);
         if (keyword != null) w.like(Document::getName, keyword);
+        w.orderByDesc(Document::getCreatedTime);
         return docMapper.selectList(w);
     }
     public Document getDoc(Long id) { return docMapper.selectById(id); }
     public Long createDoc(Map<String,Object> req) {
         Document d = new Document();
         d.setName((String)req.get("name"));
+        d.setOriginalName((String)req.get("originalName"));
         d.setCategoryId(req.get("categoryId") != null ? ((Number)req.get("categoryId")).longValue() : null);
         d.setFileType((String)req.get("fileType"));
-        d.setFilePath((String)req.get("filePath"));
+        d.setStoragePath((String)req.get("storagePath"));
+        d.setFileSize(req.get("fileSize") != null ? ((Number)req.get("fileSize")).longValue() : null);
+        d.setDescription((String)req.get("description"));
+        d.setUploaderId(req.get("uploaderId") != null ? ((Number)req.get("uploaderId")).longValue() : null);
+        d.setPermissionLevel(req.get("permissionLevel") != null ? ((Number)req.get("permissionLevel")).intValue() : 0);
+        d.setCurrentVersion(1);
+        d.setDownloadCount(0);
         d.setStatus(1);
         docMapper.insert(d);
         return d.getId();
         if (d == null) throw new RuntimeException("文档不存在");
         if (req.containsKey("name")) d.setName((String)req.get("name"));
         if (req.containsKey("categoryId")) d.setCategoryId(((Number)req.get("categoryId")).longValue());
+        if (req.containsKey("description")) d.setDescription((String)req.get("description"));
+        if (req.containsKey("status")) d.setStatus(((Number)req.get("status")).intValue());
+        if (req.containsKey("permissionLevel")) d.setPermissionLevel(((Number)req.get("permissionLevel")).intValue());
         docMapper.updateById(d);
     }
     public void deleteDoc(Long id) { docMapper.deleteById(id); }
+    public void incrementDownloadCount(Long id) {
+        Document d = docMapper.selectById(id);
+        if (d != null) {
+            d.setDownloadCount((d.getDownloadCount() != null ? d.getDownloadCount() : 0) + 1);
+            docMapper.updateById(d);
+        }
+    }
+
+    // Category management
     public List<DocumentCategory> listCategories() { return catMapper.selectList(null); }
+    public Long createCategory(Map<String,Object> req) {
+        DocumentCategory c = new DocumentCategory();
+        c.setName((String)req.get("name"));
+        c.setParentId(req.get("parentId") != null ? ((Number)req.get("parentId")).longValue() : null);
+        c.setSortOrder(req.get("sortOrder") != null ? ((Number)req.get("sortOrder")).intValue() : 0);
+        c.setDescription((String)req.get("description"));
+        catMapper.insert(c);
+        return c.getId();
+    }
+
+    // Version management
     public List<DocumentVersion> getVersions(Long docId) {
         return verMapper.selectList(new LambdaQueryWrapper<DocumentVersion>()
-            .eq(DocumentVersion::getDocId, docId).orderByDesc(DocumentVersion::getVersionNo));
+            .eq(DocumentVersion::getDocumentId, docId).orderByDesc(DocumentVersion::getVersion));
+    }
+    public Long createVersion(Long docId, Map<String,Object> req) {
+        DocumentVersion v = new DocumentVersion();
+        v.setDocumentId(docId);
+        // Auto-increment version number
+        List<DocumentVersion> existing = getVersions(docId);
+        v.setVersion(existing.isEmpty() ? 1 : existing.get(0).getVersion() + 1);
+        v.setDescription((String)req.get("description"));
+        v.setStoragePath((String)req.get("storagePath"));
+        v.setFileSize(req.get("fileSize") != null ? ((Number)req.get("fileSize")).longValue() : null);
+        v.setOperatorId(req.get("operatorId") != null ? ((Number)req.get("operatorId")).longValue() : null);
+        verMapper.insert(v);
+        // Update document's current version
+        Document d = docMapper.selectById(docId);
+        if (d != null) {
+            d.setCurrentVersion(v.getVersion());
+            d.setStoragePath(v.getStoragePath());
+            docMapper.updateById(d);
+        }
+        return v.getId();
     }
 }

wm-system/src/main/java/com/water/system/service/SysService.java

 import com.water.system.entity.*;
 import com.water.system.mapper.*;
 import lombok.RequiredArgsConstructor;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
 import java.util.*;
 @Service @RequiredArgsConstructor
     private final SysDepartmentMapper deptMapper;
     private final SysLogMapper logMapper;
 
-    // Roles
+    private static final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+
+    // ========== Roles ==========
     public List<SysRole> listRoles() { return roleMapper.selectList(null); }
     public Long createRole(Map<String,Object> req) {
         SysRole r = new SysRole();
         r.setRoleCode((String)req.get("roleCode"));
         r.setRoleName((String)req.get("roleName"));
         r.setDescription((String)req.get("description"));
-        r.setStatus(1); r.setSort(0);
+        r.setStatus(1);
+        r.setSort(req.get("sort") != null ? ((Number)req.get("sort")).intValue() : 0);
         roleMapper.insert(r);
         return r.getId();
     }
-    // Users
+    public void updateRole(Long id, Map<String,Object> req) {
+        SysRole r = roleMapper.selectById(id);
+        if (r == null) throw new RuntimeException("角色不存在");
+        if (req.containsKey("roleName")) r.setRoleName((String)req.get("roleName"));
+        if (req.containsKey("description")) r.setDescription((String)req.get("description"));
+        if (req.containsKey("status")) r.setStatus(((Number)req.get("status")).intValue());
+        if (req.containsKey("sort")) r.setSort(((Number)req.get("sort")).intValue());
+        roleMapper.updateById(r);
+    }
+    public void deleteRole(Long id) { roleMapper.deleteById(id); }
+
+    // ========== Users ==========
     public List<SysUser> listUsers(Integer status) {
         return userMapper.selectList(new LambdaQueryWrapper<SysUser>()
             .eq(status != null, SysUser::getStatus, status));
     public Long createUser(Map<String,Object> req) {
         SysUser u = new SysUser();
         u.setUsername((String)req.get("username"));
-        u.setPassword((String)req.get("password"));
+        // BCrypt encode password
+        String rawPassword = (String)req.get("password");
+        u.setPassword(passwordEncoder.encode(rawPassword));
         u.setRealName((String)req.get("realName"));
         u.setPhone((String)req.get("phone"));
+        u.setEmail((String)req.get("email"));
+        u.setDeptId(req.get("deptId") != null ? ((Number)req.get("deptId")).longValue() : null);
+        u.setAvatar((String)req.get("avatar"));
         u.setStatus(1);
         userMapper.insert(u);
         return u.getId();
         u.setStatus(status);
         userMapper.updateById(u);
     }
-    // Menus
+    public void updateUser(Long id, Map<String,Object> req) {
+        SysUser u = userMapper.selectById(id);
+        if (u == null) throw new RuntimeException("用户不存在");
+        if (req.containsKey("realName")) u.setRealName((String)req.get("realName"));
+        if (req.containsKey("phone")) u.setPhone((String)req.get("phone"));
+        if (req.containsKey("email")) u.setEmail((String)req.get("email"));
+        if (req.containsKey("deptId")) u.setDeptId(((Number)req.get("deptId")).longValue());
+        if (req.containsKey("avatar")) u.setAvatar((String)req.get("avatar"));
+        if (req.containsKey("password")) {
+            u.setPassword(passwordEncoder.encode((String)req.get("password")));
+        }
+        userMapper.updateById(u);
+    }
+    public boolean verifyPassword(Long userId, String rawPassword) {
+        SysUser u = userMapper.selectById(userId);
+        if (u == null) return false;
+        return passwordEncoder.matches(rawPassword, u.getPassword());
+    }
+
+    // ========== Menus ==========
     public List<SysMenu> listMenus() { return menuMapper.selectList(null); }
-    // Departments
+    public Long createMenu(Map<String,Object> req) {
+        SysMenu m = new SysMenu();
+        m.setParentId(req.get("parentId") != null ? ((Number)req.get("parentId")).longValue() : null);
+        m.setName((String)req.get("name"));
+        m.setPath((String)req.get("path"));
+        m.setIcon((String)req.get("icon"));
+        m.setComponent((String)req.get("component"));
+        m.setPermission((String)req.get("permission"));
+        m.setType(req.get("type") != null ? ((Number)req.get("type")).intValue() : 0);
+        m.setSort(req.get("sort") != null ? ((Number)req.get("sort")).intValue() : 0);
+        m.setVisible(1);
+        m.setStatus(1);
+        menuMapper.insert(m);
+        return m.getId();
+    }
+
+    // ========== Departments ==========
     public List<SysDepartment> listDepts() { return deptMapper.selectList(null); }
     public Long createDept(Map<String,Object> req) {
         SysDepartment d = new SysDepartment();
         d.setDeptName((String)req.get("deptName"));
+        d.setParentId(req.get("parentId") != null ? ((Number)req.get("parentId")).longValue() : null);
         d.setLeader((String)req.get("leader"));
-        d.setSort(0); d.setStatus(1);
+        d.setPhone((String)req.get("phone"));
+        d.setSort(req.get("sort") != null ? ((Number)req.get("sort")).intValue() : 0);
+        d.setStatus(1);
         deptMapper.insert(d);
         return d.getId();
     }
-    // Logs
+    public void updateDept(Long id, Map<String,Object> req) {
+        SysDepartment d = deptMapper.selectById(id);
+        if (d == null) throw new RuntimeException("部门不存在");
+        if (req.containsKey("deptName")) d.setDeptName((String)req.get("deptName"));
+        if (req.containsKey("leader")) d.setLeader((String)req.get("leader"));
+        if (req.containsKey("phone")) d.setPhone((String)req.get("phone"));
+        if (req.containsKey("sort")) d.setSort(((Number)req.get("sort")).intValue());
+        if (req.containsKey("status")) d.setStatus(((Number)req.get("status")).intValue());
+        deptMapper.updateById(d);
+    }
+
+    // ========== Logs ==========
     public List<SysLog> listLogs(String logType, String username) {
         LambdaQueryWrapper<SysLog> w = new LambdaQueryWrapper<>();
         if (logType != null) w.eq(SysLog::getLogType, logType);
         if (username != null) w.like(SysLog::getUsername, username);
         return logMapper.selectList(w.orderByDesc(SysLog::getCreatedTime).last("LIMIT 100"));
     }
+    public Long createLog(Map<String,Object> req) {
+        SysLog log = new SysLog();
+        log.setUserId(req.get("userId") != null ? ((Number)req.get("userId")).longValue() : null);
+        log.setUsername((String)req.get("username"));
+        log.setLogType((String)req.get("logType"));
+        log.setModule((String)req.get("module"));
+        log.setAction((String)req.get("action"));
+        log.setRequestUrl((String)req.get("requestUrl"));
+        log.setRequestMethod((String)req.get("requestMethod"));
+        log.setRequestParams((String)req.get("requestParams"));
+        log.setResponseResult((String)req.get("responseResult"));
+        log.setIp((String)req.get("ip"));
+        log.setDuration(req.get("duration") != null ? ((Number)req.get("duration")).longValue() : null);
+        logMapper.insert(log);
+        return log.getId();
+    }
 }

wm-system/src/main/resources/db/V1__system_manage.sql

-CREATE TABLE IF NOT EXISTS sys_document (
-    id BIGSERIAL PRIMARY KEY, name VARCHAR(200), category_id BIGINT,
-    file_type VARCHAR(20), file_size BIGINT, file_path VARCHAR(500),
-    status INT DEFAULT 1, creator_id BIGINT,
-    created_time TIMESTAMP DEFAULT NOW(), updated_time TIMESTAMP DEFAULT NOW()
-);
-CREATE TABLE IF NOT EXISTS sys_document_category (
-    id BIGSERIAL PRIMARY KEY, name VARCHAR(100), parent_id BIGINT,
-    sort INT DEFAULT 0, status INT DEFAULT 1,
-    created_time TIMESTAMP DEFAULT NOW()
+-- 文档管理表
+CREATE TABLE IF NOT EXISTS doc_document (
+    id BIGSERIAL PRIMARY KEY,
+    name VARCHAR(200),
+    original_name VARCHAR(200),
+    file_size BIGINT,
+    file_type VARCHAR(20),
+    storage_path VARCHAR(500),
+    category_id BIGINT,
+    description TEXT,
+    current_version INT DEFAULT 1,
+    uploader_id BIGINT,
+    download_count INT DEFAULT 0,
+    status INT DEFAULT 1,
+    permission_level INT DEFAULT 0,
+    deleted INT DEFAULT 0,
+    created_time TIMESTAMP DEFAULT NOW(),
+    updated_time TIMESTAMP DEFAULT NOW()
+);
+
+CREATE TABLE IF NOT EXISTS doc_category (
+    id BIGSERIAL PRIMARY KEY,
+    name VARCHAR(100),
+    parent_id BIGINT,
+    sort_order INT DEFAULT 0,
+    description VARCHAR(500),
+    deleted INT DEFAULT 0,
+    created_time TIMESTAMP DEFAULT NOW(),
+    updated_time TIMESTAMP DEFAULT NOW()
 );
-CREATE TABLE IF NOT EXISTS sys_document_version (
-    id BIGSERIAL PRIMARY KEY, doc_id BIGINT, version_no INT,
-    file_path VARCHAR(500), remark TEXT,
+
+CREATE TABLE IF NOT EXISTS doc_version (
+    id BIGSERIAL PRIMARY KEY,
+    document_id BIGINT,
+    version INT,
+    description VARCHAR(500),
+    storage_path VARCHAR(500),
+    file_size BIGINT,
+    operator_id BIGINT,
     created_time TIMESTAMP DEFAULT NOW()
 );
+
+-- 系统管理表
 CREATE TABLE IF NOT EXISTS sys_role (
-    id BIGSERIAL PRIMARY KEY, role_code VARCHAR(50) UNIQUE, role_name VARCHAR(50),
-    description VARCHAR(200), status INT DEFAULT 1, sort INT DEFAULT 0,
+    id BIGSERIAL PRIMARY KEY,
+    role_code VARCHAR(50) UNIQUE,
+    role_name VARCHAR(50),
+    description VARCHAR(200),
+    status INT DEFAULT 1,
+    sort INT DEFAULT 0,
     created_time TIMESTAMP DEFAULT NOW()
 );
+
 CREATE TABLE IF NOT EXISTS sys_user (
-    id BIGSERIAL PRIMARY KEY, username VARCHAR(50) UNIQUE, password VARCHAR(200),
-    real_name VARCHAR(50), phone VARCHAR(20), email VARCHAR(100),
-    dept_id BIGINT, avatar VARCHAR(500), status INT DEFAULT 1,
-    created_time TIMESTAMP DEFAULT NOW(), updated_time TIMESTAMP DEFAULT NOW()
+    id BIGSERIAL PRIMARY KEY,
+    username VARCHAR(50) UNIQUE,
+    password VARCHAR(200),
+    real_name VARCHAR(50),
+    phone VARCHAR(20),
+    email VARCHAR(100),
+    dept_id BIGINT,
+    avatar VARCHAR(500),
+    status INT DEFAULT 1,
+    created_time TIMESTAMP DEFAULT NOW(),
+    updated_time TIMESTAMP DEFAULT NOW()
 );
+
 CREATE TABLE IF NOT EXISTS sys_menu (
-    id BIGSERIAL PRIMARY KEY, parent_id BIGINT, name VARCHAR(50),
-    path VARCHAR(200), icon VARCHAR(50), component VARCHAR(200),
-    permission VARCHAR(100), type INT, sort INT DEFAULT 0,
-    visible INT DEFAULT 1, status INT DEFAULT 1
+    id BIGSERIAL PRIMARY KEY,
+    parent_id BIGINT,
+    name VARCHAR(50),
+    path VARCHAR(200),
+    icon VARCHAR(50),
+    component VARCHAR(200),
+    permission VARCHAR(100),
+    type INT,
+    sort INT DEFAULT 0,
+    visible INT DEFAULT 1,
+    status INT DEFAULT 1
 );
+
 CREATE TABLE IF NOT EXISTS sys_department (
-    id BIGSERIAL PRIMARY KEY, parent_id BIGINT, dept_name VARCHAR(100),
-    leader VARCHAR(50), phone VARCHAR(20), sort INT DEFAULT 0, status INT DEFAULT 1
+    id BIGSERIAL PRIMARY KEY,
+    parent_id BIGINT,
+    dept_name VARCHAR(100),
+    leader VARCHAR(50),
+    phone VARCHAR(20),
+    sort INT DEFAULT 0,
+    status INT DEFAULT 1
 );
+
 CREATE TABLE IF NOT EXISTS sys_log (
-    id BIGSERIAL PRIMARY KEY, user_id BIGINT, username VARCHAR(50),
-    log_type VARCHAR(20), module VARCHAR(50), action VARCHAR(50),
-    request_url VARCHAR(500), request_method VARCHAR(10),
-    request_params TEXT, response_result TEXT,
-    ip VARCHAR(50), duration BIGINT,
+    id BIGSERIAL PRIMARY KEY,
+    user_id BIGINT,
+    username VARCHAR(50),
+    log_type VARCHAR(20),
+    module VARCHAR(50),
+    action VARCHAR(50),
+    request_url VARCHAR(500),
+    request_method VARCHAR(10),
+    request_params TEXT,
+    response_result TEXT,
+    ip VARCHAR(50),
+    duration BIGINT,
     created_time TIMESTAMP DEFAULT NOW()
 );
+
+-- 种子数据：5级角色预设
+INSERT INTO sys_role (role_code, role_name, description, status, sort) VALUES
+    ('ADMIN', '系统管理员', '拥有所有权限', 1, 1),
+    ('LEADER', '分管领导', '查看所有数据，审批权限', 1, 2),
+    ('MANAGER', '业务管理', '业务数据管理权限', 1, 3),
+    ('OPERATOR', '运维人员', '运维操作权限', 1, 4),
+    ('TECH', '技术人员', '技术支持权限', 1, 5)
+ON CONFLICT (role_code) DO NOTHING;
+
+-- 种子数据：默认部门
+INSERT INTO sys_department (parent_id, dept_name, leader, phone, sort, status) VALUES
+    (NULL, '水利局', NULL, NULL, 1, 1),
+    (1, '水务公司', NULL, NULL, 2, 1),
+    (1, '运维单位', NULL, NULL, 3, 1)
+ON CONFLICT DO NOTHING;
+
+-- 种子数据：文档分类
+INSERT INTO doc_category (name, parent_id, sort_order, description) VALUES
+    ('操作手册', NULL, 1, '设备操作手册、使用说明书'),
+    ('维护记录', NULL, 2, '设备维护保养记录'),
+    ('检测报告', NULL, 3, '水质检测、设备检测报告'),
+    ('管理制度', NULL, 4, '管理制度、操作规程')
+ON CONFLICT DO NOTHING;

wm-system/src/test/java/com/water/system/DocServiceTest.java

+package com.water.system;
+
+import com.water.system.entity.*;
+import com.water.system.mapper.*;
+import com.water.system.service.DocService;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Nested;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import java.time.LocalDateTime;
+import java.util.*;
+
+import static org.junit.jupiter.api.Assertions.*;
+import static org.mockito.ArgumentMatchers.*;
+import static org.mockito.Mockito.*;
+
+/**
+ * 文档管理服务测试
+ */
+@ExtendWith(MockitoExtension.class)
+@DisplayName("文档管理服务测试")
+class DocServiceTest {
+
+    @Mock private DocumentMapper docMapper;
+    @Mock private DocumentCategoryMapper catMapper;
+    @Mock private DocumentVersionMapper verMapper;
+
+    @InjectMocks private DocService docService;
+
+    // ========== Document CRUD ==========
+    @Nested
+    @DisplayName("文档CRUD")
+    class DocumentCrudTest {
+
+        @Test
+        @DisplayName("创建文档 - 正常流程")
+        void createDoc_success() {
+            Map<String, Object> req = new HashMap<>();
+            req.put("name", "操作手册.pdf");
+            req.put("originalName", "操作手册.pdf");
+            req.put("categoryId", 1);
+            req.put("fileType", "pdf");
+            req.put("storagePath", "/docs/manual.pdf");
+            req.put("fileSize", 102400);
+            req.put("description", "设备操作手册");
+            req.put("uploaderId", 1);
+            req.put("permissionLevel", 1);
+
+            when(docMapper.insert(any(Document.class))).thenAnswer(invocation -> {
+                Document d = invocation.getArgument(0);
+                d.setId(1L);
+                return 1;
+            });
+
+            Long id = docService.createDoc(req);
+
+            assertEquals(1L, id);
+            verify(docMapper).insert(argThat(d ->
+                "操作手册.pdf".equals(d.getName()) &&
+                "pdf".equals(d.getFileType()) &&
+                "/docs/manual.pdf".equals(d.getStoragePath()) &&
+                d.getStatus() == 1 &&
+                d.getCurrentVersion() == 1 &&
+                d.getDownloadCount() == 0
+            ));
+        }
+
+        @Test
+        @DisplayName("创建文档 - 缺少可选字段时使用默认值")
+        void createDoc_withDefaults() {
+            Map<String, Object> req = new HashMap<>();
+            req.put("name", "测试文档");
+
+            when(docMapper.insert(any(Document.class))).thenAnswer(invocation -> {
+                Document d = invocation.getArgument(0);
+                d.setId(2L);
+                return 1;
+            });
+
+            Long id = docService.createDoc(req);
+
+            assertEquals(2L, id);
+            verify(docMapper).insert(argThat(d ->
+                d.getStatus() == 1 &&
+                d.getCurrentVersion() == 1 &&
+                d.getDownloadCount() == 0 &&
+                d.getPermissionLevel() == 0
+            ));
+        }
+
+        @Test
+        @DisplayName("获取文档详情")
+        void getDoc_success() {
+            Document doc = new Document();
+            doc.setId(1L);
+            doc.setName("测试文档");
+            when(docMapper.selectById(1L)).thenReturn(doc);
+
+            Document result = docService.getDoc(1L);
+
+            assertNotNull(result);
+            assertEquals(1L, result.getId());
+            assertEquals("测试文档", result.getName());
+        }
+
+        @Test
+        @DisplayName("获取文档 - 不存在返回null")
+        void getDoc_notFound() {
+            when(docMapper.selectById(999L)).thenReturn(null);
+            assertNull(docService.getDoc(999L));
+        }
+
+        @Test
+        @DisplayName("更新文档 - 正常流程")
+        void updateDoc_success() {
+            Document existing = new Document();
+            existing.setId(1L);
+            existing.setName("旧名称");
+            when(docMapper.selectById(1L)).thenReturn(existing);
+
+            Map<String, Object> req = new HashMap<>();
+            req.put("name", "新名称");
+            req.put("status", 2);
+            req.put("description", "更新描述");
+
+            docService.updateDoc(1L, req);
+
+            verify(docMapper).updateById(argThat(d ->
+                "新名称".equals(d.getName()) &&
+                d.getStatus() == 2 &&
+                "更新描述".equals(d.getDescription())
+            ));
+        }
+
+        @Test
+        @DisplayName("更新文档 - 不存在抛异常")
+        void updateDoc_notFound_throws() {
+            when(docMapper.selectById(999L)).thenReturn(null);
+            assertThrows(RuntimeException.class, () -> docService.updateDoc(999L, new HashMap<>()));
+        }
+
+        @Test
+        @DisplayName("删除文档")
+        void deleteDoc_success() {
+            docService.deleteDoc(1L);
+            verify(docMapper).deleteById(1L);
+        }
+
+        @Test
+        @DisplayName("增加下载计数")
+        void incrementDownloadCount_success() {
+            Document doc = new Document();
+            doc.setId(1L);
+            doc.setDownloadCount(5);
+            when(docMapper.selectById(1L)).thenReturn(doc);
+
+            docService.incrementDownloadCount(1L);
+
+            verify(docMapper).updateById(argThat(d -> d.getDownloadCount() == 6));
+        }
+
+        @Test
+        @DisplayName("增加下载计数 - 文档不存在不报错")
+        void incrementDownloadCount_notFound_noError() {
+            when(docMapper.selectById(999L)).thenReturn(null);
+            assertDoesNotThrow(() -> docService.incrementDownloadCount(999L));
+            verify(docMapper, never()).updateById(any());
+        }
+
+        @Test
+        @DisplayName("增加下载计数 - 初始count为null")
+        void incrementDownloadCount_nullCount() {
+            Document doc = new Document();
+            doc.setId(1L);
+            doc.setDownloadCount(null);
+            when(docMapper.selectById(1L)).thenReturn(doc);
+
+            docService.incrementDownloadCount(1L);
+
+            verify(docMapper).updateById(argThat(d -> d.getDownloadCount() == 1));
+        }
+    }
+
+    // ========== Document List & Search ==========
+    @Nested
+    @DisplayName("文档列表与搜索")
+    class DocumentListTest {
+
+        @Test
+        @DisplayName("列出所有文档 - 无筛选条件")
+        void listDocs_noFilter() {
+            List<Document> docs = Arrays.asList(new Document(), new Document());
+            when(docMapper.selectList(any())).thenReturn(docs);
+
+            List<Document> result = docService.listDocs(null, null);
+
+            assertEquals(2, result.size());
+        }
+
+        @Test
+        @DisplayName("按分类筛选文档")
+        void listDocs_byCategory() {
+            List<Document> docs = Collections.singletonList(new Document());
+            when(docMapper.selectList(any())).thenReturn(docs);
+
+            List<Document> result = docService.listDocs(1L, null);
+
+            assertEquals(1, result.size());
+        }
+
+        @Test
+        @DisplayName("按关键词搜索文档")
+        void listDocs_byKeyword() {
+            List<Document> docs = Collections.singletonList(new Document());
+            when(docMapper.selectList(any())).thenReturn(docs);
+
+            List<Document> result = docService.listDocs(null, "操作");
+
+            assertEquals(1, result.size());
+        }
+
+        @Test
+        @DisplayName("按分类和关键词组合筛选")
+        void listDocs_byCategoryAndKeyword() {
+            when(docMapper.selectList(any())).thenReturn(Collections.emptyList());
+            List<Document> result = docService.listDocs(1L, "手册");
+            assertTrue(result.isEmpty());
+        }
+    }
+
+    // ========== Category Management ==========
+    @Nested
+    @DisplayName("分类管理")
+    class CategoryTest {
+
+        @Test
+        @DisplayName("列出所有分类")
+        void listCategories_success() {
+            List<DocumentCategory> cats = Arrays.asList(new DocumentCategory(), new DocumentCategory());
+            when(catMapper.selectList(any())).thenReturn(cats);
+
+            List<DocumentCategory> result = docService.listCategories();
+
+            assertEquals(2, result.size());
+        }
+
+        @Test
+        @DisplayName("创建分类 - 正常流程")
+        void createCategory_success() {
+            Map<String, Object> req = new HashMap<>();
+            req.put("name", "操作手册");
+            req.put("parentId", 1);
+            req.put("sortOrder", 5);
+            req.put("description", "设备操作手册分类");
+
+            when(catMapper.insert(any(DocumentCategory.class))).thenAnswer(invocation -> {
+                DocumentCategory c = invocation.getArgument(0);
+                c.setId(10L);
+                return 1;
+            });
+
+            Long id = docService.createCategory(req);
+
+            assertEquals(10L, id);
+            verify(catMapper).insert(argThat(c ->
+                "操作手册".equals(c.getName()) &&
+                c.getParentId() == 1L &&
+                c.getSortOrder() == 5
+            ));
+        }
+
+        @Test
+        @DisplayName("创建分类 - 使用默认排序")
+        void createCategory_defaultSort() {
+            Map<String, Object> req = new HashMap<>();
+            req.put("name", "新分类");
+
+            when(catMapper.insert(any(DocumentCategory.class))).thenAnswer(invocation -> {
+                DocumentCategory c = invocation.getArgument(0);
+                c.setId(11L);
+                return 1;
+            });
+
+            docService.createCategory(req);
+
+            verify(catMapper).insert(argThat(c -> c.getSortOrder() == 0));
+        }
+    }
+
+    // ========== Version Management ==========
+    @Nested
+    @DisplayName("版本管理")
+    class VersionTest {
+
+        @Test
+        @DisplayName("获取文档版本列表")
+        void getVersions_success() {
+            DocumentVersion v1 = new DocumentVersion();
+            v1.setVersion(2);
+            DocumentVersion v2 = new DocumentVersion();
+            v2.setVersion(1);
+            when(verMapper.selectList(any())).thenReturn(Arrays.asList(v1, v2));
+
+            List<DocumentVersion> result = docService.getVersions(1L);
+
+            assertEquals(2, result.size());
+        }
+
+        @Test
+        @DisplayName("创建第一个版本 - 无历史版本")
+        void createVersion_firstVersion() {
+            when(verMapper.selectList(any())).thenReturn(Collections.emptyList());
+            when(verMapper.insert(any(DocumentVersion.class))).thenAnswer(invocation -> {
+                DocumentVersion v = invocation.getArgument(0);
+                v.setId(1L);
+                return 1;
+            });
+
+            Document doc = new Document();
+            doc.setId(1L);
+            doc.setCurrentVersion(0);
+            when(docMapper.selectById(1L)).thenReturn(doc);
+            when(docMapper.updateById(any())).thenReturn(1);
+
+            Map<String, Object> req = new HashMap<>();
+            req.put("description", "初始版本");
+            req.put("storagePath", "/docs/v1.pdf");
+            req.put("fileSize", 1024);
+            req.put("operatorId", 1);
+
+            Long id = docService.createVersion(1L, req);
+
+            assertEquals(1L, id);
+            verify(verMapper).insert(argThat(v ->
+                v.getDocumentId() == 1L &&
+                v.getVersion() == 1 &&
+                "/docs/v1.pdf".equals(v.getStoragePath())
+            ));
+            verify(docMapper).updateById(argThat(d -> d.getCurrentVersion() == 1));
+        }
+
+        @Test
+        @DisplayName("创建新版本 - 自增版本号")
+        void createVersion_incrementVersion() {
+            DocumentVersion existing = new DocumentVersion();
+            existing.setVersion(3);
+            when(verMapper.selectList(any())).thenReturn(Collections.singletonList(existing));
+            when(verMapper.insert(any(DocumentVersion.class))).thenAnswer(invocation -> {
+                DocumentVersion v = invocation.getArgument(0);
+                v.setId(4L);
+                return 1;
+            });
+
+            Document doc = new Document();
+            doc.setId(1L);
+            doc.setCurrentVersion(3);
+            when(docMapper.selectById(1L)).thenReturn(doc);
+            when(docMapper.updateById(any())).thenReturn(1);
+
+            Map<String, Object> req = new HashMap<>();
+            req.put("description", "第四版");
+            req.put("storagePath", "/docs/v4.pdf");
+
+            Long id = docService.createVersion(1L, req);
+
+            assertEquals(4L, id);
+            verify(verMapper).insert(argThat(v -> v.getVersion() == 4));
+            verify(docMapper).updateById(argThat(d ->
+                d.getCurrentVersion() == 4 &&
+                "/docs/v4.pdf".equals(d.getStoragePath())
+            ));
+        }
+    }
+}

wm-system/src/test/java/com/water/system/SysServiceTest.java

+package com.water.system;
+
+import com.water.system.entity.*;
+import com.water.system.mapper.*;
+import com.water.system.service.SysService;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Nested;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+import java.util.*;
+
+import static org.junit.jupiter.api.Assertions.*;
+import static org.mockito.ArgumentMatchers.*;
+import static org.mockito.Mockito.*;
+
+/**
+ * 系统管理服务测试
+ */
+@ExtendWith(MockitoExtension.class)
+@DisplayName("系统管理服务测试")
+class SysServiceTest {
+
+    @Mock private SysRoleMapper roleMapper;
+    @Mock private SysUserMapper userMapper;
+    @Mock private SysMenuMapper menuMapper;
+    @Mock private SysDepartmentMapper deptMapper;
+    @Mock private SysLogMapper logMapper;
+
+    @InjectMocks private SysService sysService;
+
+    private static final BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
+
+    // ========== Role Management ==========
+    @Nested
+    @DisplayName("角色管理")
+    class RoleTest {
+
+        @Test
+        @DisplayName("列出所有角色")
+        void listRoles_success() {
+            SysRole r1 = new SysRole();
+            r1.setRoleCode("ADMIN");
+            SysRole r2 = new SysRole();
+            r2.setRoleCode("OPERATOR");
+            when(roleMapper.selectList(any())).thenReturn(Arrays.asList(r1, r2));
+
+            List<SysRole> result = sysService.listRoles();
+
+            assertEquals(2, result.size());
+        }
+
+        @Test
+        @DisplayName("创建角色 - 正常流程")
+        void createRole_success() {
+            Map<String, Object> req = new HashMap<>();
+            req.put("roleCode", "AUDITOR");
+            req.put("roleName", "审计员");
+            req.put("description", "审计权限");
+            req.put("sort", 6);
+
+            when(roleMapper.insert(any(SysRole.class))).thenAnswer(invocation -> {
+                SysRole r = invocation.getArgument(0);
+                r.setId(10L);
+                return 1;
+            });
+
+            Long id = sysService.createRole(req);
+
+            assertEquals(10L, id);
+            verify(roleMapper).insert(argThat(r ->
+                "AUDITOR".equals(r.getRoleCode()) &&
+                "审计员".equals(r.getRoleName()) &&
+                r.getStatus() == 1 &&
+                r.getSort() == 6
+            ));
+        }
+
+        @Test
+        @DisplayName("创建角色 - 使用默认排序")
+        void createRole_defaultSort() {
+            Map<String, Object> req = new HashMap<>();
+            req.put("roleCode", "GUEST");
+            req.put("roleName", "访客");
+
+            when(roleMapper.insert(any(SysRole.class))).thenAnswer(invocation -> {
+                SysRole r = invocation.getArgument(0);
+                r.setId(11L);
+                return 1;
+            });
+
+            sysService.createRole(req);
+
+            verify(roleMapper).insert(argThat(r -> r.getSort() == 0));
+        }
+
+        @Test
+        @DisplayName("更新角色 - 正常流程")
+        void updateRole_success() {
+            SysRole existing = new SysRole();
+            existing.setId(1L);
+            existing.setRoleName("旧名称");
+            when(roleMapper.selectById(1L)).thenReturn(existing);
+
+            Map<String, Object> req = new HashMap<>();
+            req.put("roleName", "新名称");
+            req.put("status", 0);
+            req.put("sort", 10);
+
+            sysService.updateRole(1L, req);
+
+            verify(roleMapper).updateById(argThat(r ->
+                "新名称".equals(r.getRoleName()) &&
+                r.getStatus() == 0 &&
+                r.getSort() == 10
+            ));
+        }
+
+        @Test
+        @DisplayName("更新角色 - 不存在抛异常")
+        void updateRole_notFound_throws() {
+            when(roleMapper.selectById(999L)).thenReturn(null);
+            assertThrows(RuntimeException.class, () -> sysService.updateRole(999L, new HashMap<>()));
+        }
+
+        @Test
+        @DisplayName("删除角色")
+        void deleteRole_success() {
+            sysService.deleteRole(1L);
+            verify(roleMapper).deleteById(1L);
+        }
+    }
+
+    // ========== User Management ==========
+    @Nested
+    @DisplayName("用户管理")
+    class UserTest {
+
+        @Test
+        @DisplayName("列出所有用户")
+        void listUsers_all() {
+            SysUser u1 = new SysUser();
+            u1.setUsername("admin");
+            SysUser u2 = new SysUser();
+            u2.setUsername("operator");
+            when(userMapper.selectList(any())).thenReturn(Arrays.asList(u1, u2));
+
+            List<SysUser> result = sysService.listUsers(null);
+
+            assertEquals(2, result.size());
+        }
+
+        @Test
+        @DisplayName("按状态筛选用户")
+        void listUsers_byStatus() {
+            SysUser u = new SysUser();
+            u.setUsername("active_user");
+            u.setStatus(1);
+            when(userMapper.selectList(any())).thenReturn(Collections.singletonList(u));
+
+            List<SysUser> result = sysService.listUsers(1);
+
+            assertEquals(1, result.size());
+            assertEquals(1, result.get(0).getStatus());
+        }
+
+        @Test
+        @DisplayName("创建用户 - 密码BCrypt加密")
+        void createUser_passwordEncrypted() {
+            Map<String, Object> req = new HashMap<>();
+            req.put("username", "testuser");
+            req.put("password", "plaintext123");
+            req.put("realName", "测试用户");
+            req.put("phone", "13800138000");
+            req.put("email", "test@example.com");
+            req.put("deptId", 1);
+
+            when(userMapper.insert(any(SysUser.class))).thenAnswer(invocation -> {
+                SysUser u = invocation.getArgument(0);
+                u.setId(1L);
+                return 1;
+            });
+
+            Long id = sysService.createUser(req);
+
+            assertEquals(1L, id);
+            verify(userMapper).insert(argThat(u -> {
+                // Password should be BCrypt encoded, not plaintext
+                assertNotEquals("plaintext123", u.getPassword());
+                assertTrue(u.getPassword().startsWith("$2a$"));
+                assertTrue(encoder.matches("plaintext123", u.getPassword()));
+                return u.getStatus() == 1;
+            }));
+        }
+
+        @Test
+        @DisplayName("更新用户状态 - 启用/停用")
+        void updateUserStatus_success() {
+            SysUser existing = new SysUser();
+            existing.setId(1L);
+            existing.setStatus(1);
+            when(userMapper.selectById(1L)).thenReturn(existing);
+
+            sysService.updateUserStatus(1L, 0);
+
+            verify(userMapper).updateById(argThat(u -> u.getStatus() == 0));
+        }
+
+        @Test
+        @DisplayName("更新用户状态 - 用户不存在抛异常")
+        void updateUserStatus_notFound_throws() {
+            when(userMapper.selectById(999L)).thenReturn(null);
+            assertThrows(RuntimeException.class, () -> sysService.updateUserStatus(999L, 0));
+        }
+
+        @Test
+        @DisplayName("更新用户信息 - 包含密码修改")
+        void updateUser_withPassword() {
+            SysUser existing = new SysUser();
+            existing.setId(1L);
+            existing.setUsername("testuser");
+            existing.setPassword("$2a$oldhash");
+            when(userMapper.selectById(1L)).thenReturn(existing);
+
+            Map<String, Object> req = new HashMap<>();
+            req.put("realName", "新名字");
+            req.put("password", "newpassword");
+
+            sysService.updateUser(1L, req);
+
+            verify(userMapper).updateById(argThat(u -> {
+                assertEquals("新名字", u.getRealName());
+                assertNotEquals("newpassword", u.getPassword());
+                assertNotEquals("$2a$oldhash", u.getPassword());
+                assertTrue(encoder.matches("newpassword", u.getPassword()));
+                return true;
+            }));
+        }
+
+        @Test
+        @DisplayName("更新用户信息 - 不含密码修改")
+        void updateUser_withoutPassword() {
+            SysUser existing = new SysUser();
+            existing.setId(1L);
+            existing.setPassword("$2a$oldhash");
+            when(userMapper.selectById(1L)).thenReturn(existing);
+
+            Map<String, Object> req = new HashMap<>();
+            req.put("realName", "新名字");
+
+            sysService.updateUser(1L, req);
+
+            verify(userMapper).updateById(argThat(u -> {
+                assertEquals("新名字", u.getRealName());
+                assertEquals("$2a$oldhash", u.getPassword()); // Password unchanged
+                return true;
+            }));
+        }
+
+        @Test
+        @DisplayName("验证密码 - 正确")
+        void verifyPassword_correct() {
+            SysUser existing = new SysUser();
+            existing.setId(1L);
+            existing.setPassword(encoder.encode("mypassword"));
+            when(userMapper.selectById(1L)).thenReturn(existing);
+
+            assertTrue(sysService.verifyPassword(1L, "mypassword"));
+        }
+
+        @Test
+        @DisplayName("验证密码 - 错误")
+        void verifyPassword_wrong() {
+            SysUser existing = new SysUser();
+            existing.setId(1L);
+            existing.setPassword(encoder.encode("mypassword"));
+            when(userMapper.selectById(1L)).thenReturn(existing);
+
+            assertFalse(sysService.verifyPassword(1L, "wrongpassword"));
+        }
+
+        @Test
+        @DisplayName("验证密码 - 用户不存在")
+        void verifyPassword_userNotFound() {
+            when(userMapper.selectById(999L)).thenReturn(null);
+            assertFalse(sysService.verifyPassword(999L, "any"));
+        }
+    }
+
+    // ========== Menu Management ==========
+    @Nested
+    @DisplayName("菜单管理")
+    class MenuTest {
+
+        @Test
+        @DisplayName("列出所有菜单")
+        void listMenus_success() {
+            SysMenu m1 = new SysMenu();
+            m1.setName("系统管理");
+            SysMenu m2 = new SysMenu();
+            m2.setName("文档管理");
+            when(menuMapper.selectList(any())).thenReturn(Arrays.asList(m1, m2));
+
+            List<SysMenu> result = sysService.listMenus();
+
+            assertEquals(2, result.size());
+        }
+
+        @Test
+        @DisplayName("创建菜单 - 正常流程")
+        void createMenu_success() {
+            Map<String, Object> req = new HashMap<>();
+            req.put("parentId", 0);
+            req.put("name", "日志管理");
+            req.put("path", "/system/log");
+            req.put("icon", "log");
+            req.put("component", "system/log/index");
+            req.put("permission", "system:log:list");
+            req.put("type", 1);
+            req.put("sort", 5);
+
+            when(menuMapper.insert(any(SysMenu.class))).thenAnswer(invocation -> {
+                SysMenu m = invocation.getArgument(0);
+                m.setId(10L);
+                return 1;
+            });
+
+            Long id = sysService.createMenu(req);
+
+            assertEquals(10L, id);
+            verify(menuMapper).insert(argThat(m ->
+                "日志管理".equals(m.getName()) &&
+                "/system/log".equals(m.getPath()) &&
+                m.getVisible() == 1 &&
+                m.getStatus() == 1
+            ));
+        }
+    }
+
+    // ========== Department Management ==========
+    @Nested
+    @DisplayName("部门管理")
+    class DeptTest {
+
+        @Test
+        @DisplayName("列出所有部门")
+        void listDepts_success() {
+            SysDepartment d1 = new SysDepartment();
+            d1.setDeptName("水利局");
+            SysDepartment d2 = new SysDepartment();
+            d2.setDeptName("水务公司");
+            when(deptMapper.selectList(any())).thenReturn(Arrays.asList(d1, d2));
+
+            List<SysDepartment> result = sysService.listDepts();
+
+            assertEquals(2, result.size());
+        }
+
+        @Test
+        @DisplayName("创建部门 - 正常流程")
+        void createDept_success() {
+            Map<String, Object> req = new HashMap<>();
+            req.put("deptName", "技术部");
+            req.put("parentId", 1);
+            req.put("leader", "张三");
+            req.put("phone", "13900139000");
+            req.put("sort", 5);
+
+            when(deptMapper.insert(any(SysDepartment.class))).thenAnswer(invocation -> {
+                SysDepartment d = invocation.getArgument(0);
+                d.setId(10L);
+                return 1;
+            });
+
+            Long id = sysService.createDept(req);
+
+            assertEquals(10L, id);
+            verify(deptMapper).insert(argThat(d ->
+                "技术部".equals(d.getDeptName()) &&
+                d.getParentId() == 1L &&
+                "张三".equals(d.getLeader()) &&
+                d.getStatus() == 1
+            ));
+        }
+
+        @Test
+        @DisplayName("更新部门 - 正常流程")
+        void updateDept_success() {
+            SysDepartment existing = new SysDepartment();
+            existing.setId(1L);
+            existing.setDeptName("旧名称");
+            when(deptMapper.selectById(1L)).thenReturn(existing);
+
+            Map<String, Object> req = new HashMap<>();
+            req.put("deptName", "新名称");
+            req.put("leader", "李四");
+            req.put("status", 0);
+
+            sysService.updateDept(1L, req);
+
+            verify(deptMapper).updateById(argThat(d ->
+                "新名称".equals(d.getDeptName()) &&
+                "李四".equals(d.getLeader()) &&
+                d.getStatus() == 0
+            ));
+        }
+
+        @Test
+        @DisplayName("更新部门 - 不存在抛异常")
+        void updateDept_notFound_throws() {
+            when(deptMapper.selectById(999L)).thenReturn(null);
+            assertThrows(RuntimeException.class, () -> sysService.updateDept(999L, new HashMap<>()));
+        }
+    }
+
+    // ========== Log Management ==========
+    @Nested
+    @DisplayName("日志管理")
+    class LogTest {
+
+        @Test
+        @DisplayName("列出所有日志 - 无筛选")
+        void listLogs_noFilter() {
+            SysLog log1 = new SysLog();
+            log1.setUsername("admin");
+            SysLog log2 = new SysLog();
+            log2.setUsername("operator");
+            when(logMapper.selectList(any())).thenReturn(Arrays.asList(log1, log2));
+
+            List<SysLog> result = sysService.listLogs(null, null);
+
+            assertEquals(2, result.size());
+        }
+
+        @Test
+        @DisplayName("按日志类型筛选")
+        void listLogs_byType() {
+            SysLog log = new SysLog();
+            log.setLogType("LOGIN");
+            when(logMapper.selectList(any())).thenReturn(Collections.singletonList(log));
+
+            List<SysLog> result = sysService.listLogs("LOGIN", null);
+
+            assertEquals(1, result.size());
+            assertEquals("LOGIN", result.get(0).getLogType());
+        }
+
+        @Test
+        @DisplayName("按用户名筛选")
+        void listLogs_byUsername() {
+            when(logMapper.selectList(any())).thenReturn(Collections.emptyList());
+            List<SysLog> result = sysService.listLogs(null, "admin");
+            assertTrue(result.isEmpty());
+        }
+
+        @Test
+        @DisplayName("创建日志 - 正常流程")
+        void createLog_success() {
+            Map<String, Object> req = new HashMap<>();
+            req.put("userId", 1);
+            req.put("username", "admin");
+            req.put("logType", "LOGIN");
+            req.put("module", "系统管理");
+            req.put("action", "用户登录");
+            req.put("requestUrl", "/api/login");
+            req.put("requestMethod", "POST");
+            req.put("ip", "192.168.1.1");
+            req.put("duration", 150);
+
+            when(logMapper.insert(any(SysLog.class))).thenAnswer(invocation -> {
+                SysLog l = invocation.getArgument(0);
+                l.setId(1L);
+                return 1;
+            });
+
+            Long id = sysService.createLog(req);
+
+            assertEquals(1L, id);
+            verify(logMapper).insert(argThat(l ->
+                "admin".equals(l.getUsername()) &&
+                "LOGIN".equals(l.getLogType()) &&
+                "用户登录".equals(l.getAction()) &&
+                l.getDuration() == 150L
+            ));
+        }
+
+        @Test
+        @DisplayName("创建日志 - 最小字段")
+        void createLog_minimal() {
+            Map<String, Object> req = new HashMap<>();
+            req.put("logType", "ERROR");
+            req.put("module", "系统");
+
+            when(logMapper.insert(any(SysLog.class))).thenAnswer(invocation -> {
+                SysLog l = invocation.getArgument(0);
+                l.setId(2L);
+                return 1;
+            });
+
+            Long id = sysService.createLog(req);
+
+            assertEquals(2L, id);
+            verify(logMapper).insert(argThat(l ->
+                "ERROR".equals(l.getLogType()) &&
+                l.getUserId() == null &&
+                l.getDuration() == null
+            ));
+        }
+    }
+}