commit 297ef231c5b75379f886901605f0d8409cdca37b Author: DonaldFang 方士碩 Date: Tue Oct 28 15:50:53 2025 +0800 Initial commit diff --git a/# 夥伴對齊系統 - 測試驅動開發文件 (TDD).txt b/# 夥伴對齊系統 - 測試驅動開發文件 (TDD).txt new file mode 100644 index 0000000..69fad87 --- /dev/null +++ b/# 夥伴對齊系統 - 測試驅動開發文件 (TDD).txt @@ -0,0 +1,2491 @@ +# 夥伴對齊系統 - 測試驅動開發文件 (TDD) + +## 1. 文件資訊 + +**版本**: 1.0 +**最後更新**: 2025年10月 +**關聯文件**: SDD v1.0 +**測試框架**: pytest + unittest + +--- + +## 2. 測試策略概覽 + +### 2.1 核心測試理念 + +**TDD循環**: +``` +┌──────────────────────────────────────┐ +│ RED (紅燈) → GREEN (綠燈) → REFACTOR (重構) │ +│ ↓ ↓ ↓ │ +│ 寫測試失敗 實作最小程式碼 優化程式碼 │ +└──────────────────────────────────────┘ +``` + +**測試金字塔**: +``` + ┌─────────┐ + │ E2E測試 │ 10% + │ (5) │ + ┌──┴─────────┴──┐ + │ 整合測試 │ 30% + │ (50) │ + ┌──┴──────────────┴──┐ + │ 單元測試 │ 60% + │ (200+) │ + └────────────────────┘ +``` + +### 2.2 測試覆蓋率目標 + +| 測試類型 | 目標覆蓋率 | 優先級 | +|---------|-----------|--------| +| 單元測試 | 80%+ | 🔴 最高 | +| 整合測試 | 70%+ | 🟡 高 | +| API測試 | 100% | 🔴 最高 | +| 端到端測試 | 核心流程100% | 🟡 高 | + +### 2.3 測試環境配置 + +```python +# 測試環境設定檔 (test_config.py) +TEST_DATABASE_URI = 'mysql://test_user:test_pass@localhost/test_db' +TEST_SECRET_KEY = 'test_secret_key_for_testing_only' +TESTING = True +DEBUG = False +SQLALCHEMY_ECHO = False # 關閉SQL日誌 +``` + +--- + +## 3. 單元測試設計 + +### 3.1 測試檔案結構 + +``` +tests/ +├── __init__.py +├── conftest.py # pytest配置與fixtures +├── unit/ # 單元測試 +│ ├── __init__.py +│ ├── test_models.py # 資料模型測試 +│ ├── test_validators.py # 驗證邏輯測試 +│ ├── test_utils.py # 工具函數測試 +│ └── test_calculations.py # 計算邏輯測試 +├── integration/ # 整合測試 +│ ├── __init__.py +│ ├── test_api_assessments.py +│ ├── test_api_star.py +│ ├── test_api_rankings.py +│ └── test_database.py +├── e2e/ # 端到端測試 +│ ├── __init__.py +│ └── test_workflows.py +└── fixtures/ # 測試資料 + ├── sample_assessments.json + └── sample_star_feedbacks.json +``` + +### 3.2 測試基礎設施 (conftest.py) + +```python +import pytest +from app import create_app, db +from app.models import Assessment, Capability, StarFeedback, EmployeePoints + +@pytest.fixture(scope='session') +def app(): + """建立測試用Flask應用程式""" + app = create_app('testing') + return app + +@pytest.fixture(scope='session') +def _db(app): + """建立測試資料庫""" + with app.app_context(): + db.create_all() + yield db + db.drop_all() + +@pytest.fixture(scope='function') +def client(app): + """建立測試客戶端""" + return app.test_client() + +@pytest.fixture(scope='function') +def db_session(_db): + """提供獨立的資料庫session""" + connection = _db.engine.connect() + transaction = connection.begin() + + session = _db.create_scoped_session( + options={"bind": connection, "binds": {}} + ) + _db.session = session + + yield session + + transaction.rollback() + connection.close() + session.remove() + +@pytest.fixture +def sample_capability(): + """範例能力項目""" + return Capability( + name="程式設計與開發", + l1_description="基礎程式撰寫能力", + l2_description="獨立完成功能開發", + l3_description="架構設計與優化", + l4_description="技術領導與指導", + l5_description="技術策略制定" + ) + +@pytest.fixture +def sample_assessment_data(): + """範例評估資料""" + return { + "department": "技術部", + "position": "資深工程師", + "employee_name": "測試員工A", + "assessment_data": { + "L1": ["程式設計與開發"], + "L2": ["系統分析與設計"], + "L3": ["專案管理"], + "L4": [], + "L5": [] + } + } + +@pytest.fixture +def sample_star_feedback(): + """範例STAR回饋""" + return { + "evaluator_name": "主管A", + "evaluatee_name": "員工B", + "evaluatee_department": "技術部", + "evaluatee_position": "工程師", + "situation": "專案遇到緊急技術問題,系統出現嚴重效能瓶頸", + "task": "需在24小時內找出問題根源並提出解決方案", + "action": "透過profiling工具分析,發現資料庫查詢N+1問題,重構查詢邏輯", + "result": "系統回應時間從3秒降至0.5秒,客戶滿意度提升", + "score": 4, + "feedback_date": "2025-10-15" + } +``` + +--- + +## 4. 資料模型測試 + +### 4.1 Assessment Model 測試 + +**測試檔案**: `tests/unit/test_models.py` + +#### 測試案例 1: 建立評估記錄 + +```python +class TestAssessmentModel: + """Assessment模型測試""" + + def test_create_assessment_success(self, db_session, sample_assessment_data): + """ + 測試目標: 驗證評估記錄能正確建立 + + 測試步驟: + 1. 建立Assessment物件 + 2. 儲存至資料庫 + 3. 驗證資料正確性 + + 預期結果: + - 記錄成功建立 + - 自動生成ID + - created_at自動設定 + - assessment_data正確儲存為JSON + """ + # RED: 先寫測試 + assessment = Assessment( + department=sample_assessment_data['department'], + position=sample_assessment_data['position'], + employee_name=sample_assessment_data['employee_name'], + assessment_data=sample_assessment_data['assessment_data'] + ) + + db_session.add(assessment) + db_session.commit() + + # 驗證 + assert assessment.id is not None + assert assessment.department == "技術部" + assert assessment.position == "資深工程師" + assert assessment.created_at is not None + assert isinstance(assessment.assessment_data, dict) + assert "L1" in assessment.assessment_data + + def test_assessment_requires_department(self, db_session): + """ + 測試目標: 驗證必填欄位驗證 + + 預期結果: 缺少department時拋出IntegrityError + """ + from sqlalchemy.exc import IntegrityError + + assessment = Assessment( + position="工程師", + assessment_data={} + ) + + db_session.add(assessment) + + with pytest.raises(IntegrityError): + db_session.commit() + + def test_assessment_json_serialization(self, db_session, sample_assessment_data): + """ + 測試目標: 驗證JSON序列化/反序列化 + + 預期結果: assessment_data能正確轉換為JSON並還原 + """ + assessment = Assessment(**sample_assessment_data) + db_session.add(assessment) + db_session.commit() + + # 重新查詢 + retrieved = db_session.query(Assessment).filter_by( + id=assessment.id + ).first() + + assert retrieved.assessment_data == sample_assessment_data['assessment_data'] + assert isinstance(retrieved.assessment_data['L1'], list) +``` + +#### 測試案例 2: 查詢與篩選 + +```python + def test_filter_by_department(self, db_session): + """ + 測試目標: 驗證按部門篩選功能 + + 測試資料: + - 技術部: 3筆 + - 業務部: 2筆 + + 預期結果: 正確篩選出對應部門的資料 + """ + # 建立測試資料 + departments = ["技術部"] * 3 + ["業務部"] * 2 + for i, dept in enumerate(departments): + assessment = Assessment( + department=dept, + position="職位" + str(i), + assessment_data={} + ) + db_session.add(assessment) + db_session.commit() + + # 測試篩選 + tech_assessments = db_session.query(Assessment).filter_by( + department="技術部" + ).all() + + assert len(tech_assessments) == 3 + assert all(a.department == "技術部" for a in tech_assessments) + + def test_pagination(self, db_session): + """ + 測試目標: 驗證分頁功能 + + 測試資料: 25筆記錄 + 分頁設定: 每頁10筆 + + 預期結果: + - 第1頁: 10筆 + - 第2頁: 10筆 + - 第3頁: 5筆 + """ + # 建立25筆測試資料 + for i in range(25): + assessment = Assessment( + department="部門" + str(i % 3), + position="職位", + assessment_data={} + ) + db_session.add(assessment) + db_session.commit() + + # 測試分頁 + page1 = db_session.query(Assessment).limit(10).offset(0).all() + page2 = db_session.query(Assessment).limit(10).offset(10).all() + page3 = db_session.query(Assessment).limit(10).offset(20).all() + + assert len(page1) == 10 + assert len(page2) == 10 + assert len(page3) == 5 +``` + +### 4.2 StarFeedback Model 測試 + +```python +class TestStarFeedbackModel: + """STAR回饋模型測試""" + + def test_create_star_feedback_success(self, db_session, sample_star_feedback): + """ + 測試目標: 驗證STAR回饋記錄建立 + + 預期結果: + - 所有欄位正確儲存 + - points_earned自動計算 (score * 10) + """ + feedback = StarFeedback(**sample_star_feedback) + + db_session.add(feedback) + db_session.commit() + + assert feedback.id is not None + assert feedback.score == 4 + assert feedback.points_earned == 40 # 自動計算 + assert feedback.evaluator_name == "主管A" + assert len(feedback.situation) > 0 + + def test_score_validation(self, db_session): + """ + 測試目標: 驗證評分範圍限制 + + 測試案例: + - score = 0: 應失敗 + - score = 1-5: 應成功 + - score = 6: 應失敗 + + 預期結果: 只接受1-5的評分 + """ + from sqlalchemy.exc import IntegrityError + + # 測試無效評分 (0) + invalid_feedback = StarFeedback( + evaluator_name="主管", + evaluatee_name="員工", + evaluatee_department="部門", + evaluatee_position="職位", + situation="S", task="T", action="A", result="R", + score=0, + feedback_date="2025-10-15" + ) + + db_session.add(invalid_feedback) + with pytest.raises(IntegrityError): + db_session.commit() + db_session.rollback() + + # 測試有效評分 (1-5) + for score in range(1, 6): + valid_feedback = StarFeedback( + evaluator_name="主管", + evaluatee_name=f"員工{score}", + evaluatee_department="部門", + evaluatee_position="職位", + situation="S", task="T", action="A", result="R", + score=score, + feedback_date="2025-10-15" + ) + db_session.add(valid_feedback) + db_session.commit() + + assert valid_feedback.points_earned == score * 10 + + def test_star_required_fields(self, db_session): + """ + 測試目標: 驗證STAR四個欄位為必填 + + 預期結果: 缺少任一STAR欄位時應失敗 + """ + from sqlalchemy.exc import IntegrityError + + base_data = { + "evaluator_name": "主管", + "evaluatee_name": "員工", + "evaluatee_department": "部門", + "evaluatee_position": "職位", + "score": 3, + "feedback_date": "2025-10-15" + } + + # 測試缺少每個STAR欄位 + star_fields = ['situation', 'task', 'action', 'result'] + + for missing_field in star_fields: + data = base_data.copy() + # 給予其他三個欄位值 + for field in star_fields: + if field != missing_field: + data[field] = "測試內容" + + feedback = StarFeedback(**data) + db_session.add(feedback) + + with pytest.raises(IntegrityError): + db_session.commit() + db_session.rollback() +``` + +### 4.3 EmployeePoints Model 測試 + +```python +class TestEmployeePointsModel: + """員工積分模型測試""" + + def test_create_employee_points(self, db_session): + """ + 測試目標: 建立員工積分記錄 + + 預期結果: 預設積分為0 + """ + employee = EmployeePoints( + employee_name="員工A", + department="技術部", + position="工程師" + ) + + db_session.add(employee) + db_session.commit() + + assert employee.total_points == 0 + assert employee.monthly_points == 0 + assert employee.last_updated is not None + + def test_update_points(self, db_session): + """ + 測試目標: 驗證積分更新邏輯 + + 測試步驟: + 1. 建立員工記錄 + 2. 新增30積分 + 3. 再新增20積分 + + 預期結果: + - total_points = 50 + - monthly_points = 50 + - last_updated已更新 + """ + employee = EmployeePoints( + employee_name="員工B", + department="技術部", + position="工程師" + ) + db_session.add(employee) + db_session.commit() + + original_time = employee.last_updated + + # 第一次新增積分 + employee.total_points += 30 + employee.monthly_points += 30 + db_session.commit() + + assert employee.total_points == 30 + assert employee.last_updated > original_time + + # 第二次新增積分 + employee.total_points += 20 + employee.monthly_points += 20 + db_session.commit() + + assert employee.total_points == 50 + assert employee.monthly_points == 50 + + def test_unique_employee_name(self, db_session): + """ + 測試目標: 驗證員工姓名唯一性約束 + + 預期結果: 重複員工姓名應失敗 + """ + from sqlalchemy.exc import IntegrityError + + # 第一個員工 + employee1 = EmployeePoints( + employee_name="重複姓名", + department="技術部", + position="工程師" + ) + db_session.add(employee1) + db_session.commit() + + # 嘗試建立同名員工 + employee2 = EmployeePoints( + employee_name="重複姓名", + department="業務部", + position="專員" + ) + db_session.add(employee2) + + with pytest.raises(IntegrityError): + db_session.commit() +``` + +--- + +## 5. 業務邏輯測試 + +### 5.1 積分計算邏輯測試 + +**測試檔案**: `tests/unit/test_calculations.py` + +```python +class TestPointsCalculation: + """積分計算邏輯測試""" + + @pytest.mark.parametrize("score,expected_points", [ + (1, 10), + (2, 20), + (3, 30), + (4, 40), + (5, 50), + ]) + def test_calculate_points_from_score(self, score, expected_points): + """ + 測試目標: 驗證積分計算公式 + + 計算規則: points = score × 10 + + 測試案例: 所有有效評分 (1-5) + """ + from app.utils import calculate_points + + points = calculate_points(score) + assert points == expected_points + + def test_invalid_score_raises_error(self): + """ + 測試目標: 驗證無效評分處理 + + 測試案例: + - score < 1 + - score > 5 + - score 非整數 + + 預期結果: 拋出ValueError + """ + from app.utils import calculate_points + + with pytest.raises(ValueError): + calculate_points(0) + + with pytest.raises(ValueError): + calculate_points(6) + + with pytest.raises(ValueError): + calculate_points(3.5) + + def test_accumulate_employee_points(self, db_session): + """ + 測試目標: 驗證員工積分累積邏輯 + + 測試情境: + - 員工收到3次回饋: 評分3, 4, 5 + - 預期總積分: 120分 + + 預期結果: + - total_points正確累加 + - monthly_points正確累加 + """ + from app.services import accumulate_points + + employee = EmployeePoints( + employee_name="測試員工", + department="技術部", + position="工程師" + ) + db_session.add(employee) + db_session.commit() + + # 累加積分 + scores = [3, 4, 5] + for score in scores: + points = calculate_points(score) + accumulate_points(db_session, "測試員工", points) + + # 驗證 + updated_employee = db_session.query(EmployeePoints).filter_by( + employee_name="測試員工" + ).first() + + assert updated_employee.total_points == 120 + assert updated_employee.monthly_points == 120 +``` + +### 5.2 排名計算邏輯測試 + +```python +class TestRankingCalculation: + """排名計算邏輯測試""" + + def test_calculate_rankings_basic(self, db_session): + """ + 測試目標: 基本排名計算 + + 測試資料: + - 員工A: 100分 → 排名1 + - 員工B: 80分 → 排名2 + - 員工C: 60分 → 排名3 + + 預期結果: 排名正確且按積分降序 + """ + from app.services import calculate_monthly_rankings + from datetime import date + + # 建立測試資料 + employees = [ + EmployeePoints(employee_name="員工A", department="技術部", + position="工程師", total_points=100, monthly_points=100), + EmployeePoints(employee_name="員工B", department="技術部", + position="工程師", total_points=80, monthly_points=80), + EmployeePoints(employee_name="員工C", department="業務部", + position="專員", total_points=60, monthly_points=60), + ] + + for emp in employees: + db_session.add(emp) + db_session.commit() + + # 計算排名 + ranking_month = date(2025, 10, 1) + calculate_monthly_rankings(db_session, ranking_month) + + # 驗證排名 + rankings = db_session.query(MonthlyRanking).filter_by( + ranking_month=ranking_month + ).order_by(MonthlyRanking.ranking).all() + + assert len(rankings) == 3 + assert rankings[0].employee_name == "員工A" + assert rankings[0].ranking == 1 + assert rankings[1].employee_name == "員工B" + assert rankings[1].ranking == 2 + assert rankings[2].employee_name == "員工C" + assert rankings[2].ranking == 3 + + def test_calculate_rankings_with_ties(self, db_session): + """ + 測試目標: 並列排名處理 + + 測試資料: + - 員工A: 100分 → 排名1 + - 員工B: 80分 → 排名2 + - 員工C: 80分 → 排名2 (並列) + - 員工D: 60分 → 排名4 (跳號) + + 預期結果: 並列者同排名,下一名次跳號 + """ + from app.services import calculate_monthly_rankings + from datetime import date + + employees = [ + EmployeePoints(employee_name="員工A", department="技術部", + position="工程師", total_points=100, monthly_points=100), + EmployeePoints(employee_name="員工B", department="技術部", + position="工程師", total_points=80, monthly_points=80), + EmployeePoints(employee_name="員工C", department="業務部", + position="專員", total_points=80, monthly_points=80), + EmployeePoints(employee_name="員工D", department="業務部", + position="專員", total_points=60, monthly_points=60), + ] + + for emp in employees: + db_session.add(emp) + db_session.commit() + + ranking_month = date(2025, 10, 1) + calculate_monthly_rankings(db_session, ranking_month) + + rankings = db_session.query(MonthlyRanking).filter_by( + ranking_month=ranking_month + ).order_by(MonthlyRanking.ranking, MonthlyRanking.employee_name).all() + + assert rankings[0].ranking == 1 + assert rankings[1].ranking == 2 + assert rankings[2].ranking == 2 # 並列 + assert rankings[3].ranking == 4 # 跳號 + + def test_exclude_zero_points_from_ranking(self, db_session): + """ + 測試目標: 零積分員工不列入排名 + + 測試資料: + - 員工A: 50分 + - 員工B: 0分 + + 預期結果: 只有員工A出現在排名中 + """ + from app.services import calculate_monthly_rankings + from datetime import date + + employees = [ + EmployeePoints(employee_name="員工A", department="技術部", + position="工程師", total_points=50, monthly_points=50), + EmployeePoints(employee_name="員工B", department="技術部", + position="工程師", total_points=0, monthly_points=0), + ] + + for emp in employees: + db_session.add(emp) + db_session.commit() + + ranking_month = date(2025, 10, 1) + calculate_monthly_rankings(db_session, ranking_month) + + rankings = db_session.query(MonthlyRanking).filter_by( + ranking_month=ranking_month + ).all() + + assert len(rankings) == 1 + assert rankings[0].employee_name == "員工A" + + def test_reset_monthly_points_after_calculation(self, db_session): + """ + 測試目標: 計算排名後重置月度積分 + + 預期結果: + - total_points保持不變 + - monthly_points重置為0 + """ + from app.services import calculate_monthly_rankings + from datetime import date + + employee = EmployeePoints( + employee_name="員工A", + department="技術部", + position="工程師", + total_points=100, + monthly_points=100 + ) + db_session.add(employee) + db_session.commit() + + ranking_month = date(2025, 10, 1) + calculate_monthly_rankings(db_session, ranking_month) + + updated_employee = db_session.query(EmployeePoints).filter_by( + employee_name="員工A" + ).first() + + assert updated_employee.total_points == 100 # 不變 + assert updated_employee.monthly_points == 0 # 重置 +``` + +### 5.3 資料驗證測試 + +```python +class TestDataValidation: + """資料驗證邏輯測試""" + + def test_validate_assessment_data_valid(self): + """ + 測試目標: 驗證有效的評估資料 + + 預期結果: 驗證通過,回傳True + """ + from app.validators import validate_assessment_data + + valid_data = { + "department": "技術部", + "position": "工程師", + "assessment_data": { + "L1": ["能力1"], + "L2": ["能力2"], + "L3": [], + "L4": [], + "L5": [] + } + } + + is_valid, errors = validate_assessment_data(valid_data) + + assert is_valid is True + assert len(errors) == 0 + + def test_validate_assessment_data_missing_required_fields(self): + """ + 測試目標: 驗證缺少必填欄位 + + 測試案例: + - 缺少department + - 缺少position + - 缺少assessment_data + + 預期結果: 驗證失敗,回傳錯誤訊息 + """ + from app.validators import validate_assessment_data + + # 缺少department + data1 = { + "position": "工程師", + "assessment_data": {"L1": []} + } + is_valid1, errors1 = validate_assessment_data(data1) + assert is_valid1 is False + assert "department" in str(errors1).lower() + + # 缺少assessment_data + data2 = { + "department": "技術部", + "position": "工程師" + } + is_valid2, errors2 = validate_assessment_data(data2) + assert is_valid2 is False + assert "assessment_data" in str(errors2).lower() + + def test_validate_star_feedback_valid(self): + """ + 測試目標: 驗證有效的STAR回饋 + + 預期結果: 所有必填欄位驗證通過 + """ + from app.validators import validate_star_feedback + + valid_feedback = { + "evaluator_name": "主管A", + "evaluatee_name": "員工B", + "evaluatee_department": "技術部", + "evaluatee_position": "工程師", + "situation": "專案遇到緊急問題需要處理" * 2, # > 10字 + "task": "需要在限定時間內解決問題" * 2, + "action": "採取了具體的行動步驟處理" * 2, + "result": "成功解決問題並達成目標" * 2, + "score": 4, + "feedback_date": "2025-10-15" + } + + is_valid, errors = validate_star_feedback(valid_feedback) + + assert is_valid is True + assert len(errors) == 0 + + def test_validate_star_content_minimum_length(self): + """ + 測試目標: 驗證STAR內容最小長度要求 + + 要求: 每個STAR欄位至少10字元 + + 預期結果: 少於10字元應驗證失敗 + """ + from app.validators import validate_star_feedback + + short_feedback = { + "evaluator_name": "主管A", + "evaluatee_name": "員工B", + "evaluatee_department": "技術部", + "evaluatee_position": "工程師", + "situation": "太短", # < 10字 + "task": "需要在限定時間內解決問題" * 2, + "action": "採取了具體的行動步驟處理" * 2, + "result": "成功解決問題並達成目標" * 2, + "score": 4, + "feedback_date": "2025-10-15" + } + + is_valid, errors = validate_star_feedback(short_feedback) + + assert is_valid is False + assert "situation" in str(errors).lower() + assert "10" in str(errors) + + def test_validate_score_range(self): + """ + 測試目標: 驗證評分範圍 + + 有效範圍: 1-5 + + 測試案例: + - score = 0: 失敗 + - score = 3: 成功 + - score = 6: 失敗 + - score = "abc": 失敗 + """ + from app.validators import validate_score + + assert validate_score(0)[0] is False + assert validate_score(1)[0] is True + assert validate_score(3)[0] is True + assert validate_score(5)[0] is True + assert validate_score(6)[0] is False + assert validate_score("abc")[0] is False + + def test_validate_feedback_date_not_future(self): + """ + 測試目標: 驗證回饋日期不可為未來日期 + + 預期結果: 未來日期應驗證失敗 + """ + from app.validators import validate_feedback_date + from datetime import date, timedelta + + today = date.today() + yesterday = today - timedelta(days=1) + tomorrow = today + timedelta(days=1) + + assert validate_feedback_date(yesterday)[0] is True + assert validate_feedback_date(today)[0] is True + assert validate_feedback_date(tomorrow)[0] is False +``` + +--- + +## 6. API整合測試 + +### 6.1 Assessment API 測試 + +**測試檔案**: `tests/integration/test_api_assessments.py` + +```python +class TestAssessmentAPI: + """能力評估API整合測試""" + + def test_get_capabilities_success(self, client, db_session, sample_capability): + """ + 測試目標: GET /api/capabilities + + 測試步驟: + 1. 建立測試能力項目 + 2. 呼叫API + 3. 驗證回應 + + 預期結果: + - 狀態碼: 200 + - 回傳所有啟用的能力項目 + - JSON格式正確 + """ + # 準備資料 + db_session.add(sample_capability) + db_session.commit() + + # 呼叫API + response = client.get('/api/capabilities') + + # 驗證 + assert response.status_code == 200 + + data = response.get_json() + assert 'capabilities' in data + assert len(data['capabilities']) > 0 + + capability = data['capabilities'][0] + assert 'id' in capability + assert 'name' in capability + assert 'l1_description' in capability + + def test_post_assessment_success(self, client, db_session, sample_assessment_data): + """ + 測試目標: POST /api/assessments + + 測試步驟: + 1. 提交有效的評估資料 + 2. 驗證回應 + 3. 確認資料已儲存至資料庫 + + 預期結果: + - 狀態碼: 201 + - 回傳成功訊息 + - 資料庫有新記錄 + """ + response = client.post( + '/api/assessments', + json=sample_assessment_data, + content_type='application/json' + ) + + # 驗證回應 + assert response.status_code == 201 + + data = response.get_json() + assert data['success'] is True + assert 'assessment_id' in data + assert data['message'] == '評估提交成功' + + # 驗證資料庫 + assessment = db_session.query(Assessment).filter_by( + id=data['assessment_id'] + ).first() + + assert assessment is not None + assert assessment.department == "技術部" + assert assessment.position == "資深工程師" + + def test_post_assessment_missing_required_field(self, client): + """ + 測試目標: POST /api/assessments with missing field + + 測試案例: 缺少必填欄位department + + 預期結果: + - 狀態碼: 400 + - 錯誤訊息明確 + """ + invalid_data = { + "position": "工程師", + "assessment_data": {"L1": []} + } + + response = client.post( + '/api/assessments', + json=invalid_data, + content_type='application/json' + ) + + assert response.status_code == 400 + + data = response.get_json() + assert data['success'] is False + assert 'department' in data['message'].lower() + + def test_post_assessment_invalid_json(self, client): + """ + 測試目標: POST /api/assessments with invalid JSON + + 預期結果: + - 狀態碼: 400 + - 錯誤訊息 + """ + response = client.post( + '/api/assessments', + data='invalid json string', + content_type='application/json' + ) + + assert response.status_code == 400 + + def test_get_assessments_with_pagination(self, client, db_session): + """ + 測試目標: GET /api/assessments with pagination + + 測試資料: 25筆評估記錄 + 請求參數: page=2, per_page=10 + + 預期結果: + - 狀態碼: 200 + - 回傳第2頁的10筆資料 + - 包含分頁資訊 + """ + # 建立25筆測試資料 + for i in range(25): + assessment = Assessment( + department="部門" + str(i), + position="職位" + str(i), + assessment_data={} + ) + db_session.add(assessment) + db_session.commit() + + # 請求第2頁 + response = client.get('/api/assessments?page=2&per_page=10') + + assert response.status_code == 200 + + data = response.get_json() + assert len(data['assessments']) == 10 + assert data['page'] == 2 + assert data['per_page'] == 10 + assert data['total'] == 25 + assert data['pages'] == 3 + + def test_get_assessments_with_filters(self, client, db_session): + """ + 測試目標: GET /api/assessments with filters + + 測試資料: + - 技術部-工程師: 3筆 + - 技術部-專員: 2筆 + - 業務部-工程師: 2筆 + + 篩選條件: department=技術部, position=工程師 + + 預期結果: 只回傳3筆符合條件的資料 + """ + test_data = [ + ("技術部", "工程師"), + ("技術部", "工程師"), + ("技術部", "工程師"), + ("技術部", "專員"), + ("技術部", "專員"), + ("業務部", "工程師"), + ("業務部", "工程師"), + ] + + for dept, pos in test_data: + assessment = Assessment( + department=dept, + position=pos, + assessment_data={} + ) + db_session.add(assessment) + db_session.commit() + + response = client.get('/api/assessments?department=技術部&position=工程師') + + assert response.status_code == 200 + + data = response.get_json() + assert data['total'] == 3 + + # 驗證所有資料都符合篩選條件 + for assessment in data['assessments']: + assert assessment['department'] == '技術部' + assert assessment['position'] == '工程師' +``` + +### 6.2 STAR Feedback API 測試 + +```python +class TestStarFeedbackAPI: + """STAR回饋API整合測試""" + + def test_post_star_feedback_success(self, client, db_session, sample_star_feedback): + """ + 測試目標: POST /api/star-feedbacks + + 測試步驟: + 1. 提交有效的STAR回饋 + 2. 驗證回應 + 3. 確認積分已更新 + + 預期結果: + - 狀態碼: 201 + - 回傳成功訊息與積分 + - employee_points表已更新 + """ + response = client.post( + '/api/star-feedbacks', + json=sample_star_feedback, + content_type='application/json' + ) + + # 驗證回應 + assert response.status_code == 201 + + data = response.get_json() + assert data['success'] is True + assert data['points_earned'] == 40 # score 4 * 10 + + # 驗證資料庫 - 回饋記錄 + feedback = db_session.query(StarFeedback).filter_by( + evaluatee_name="員工B" + ).first() + + assert feedback is not None + assert feedback.score == 4 + assert feedback.points_earned == 40 + + # 驗證資料庫 - 積分更新 + employee = db_session.query(EmployeePoints).filter_by( + employee_name="員工B" + ).first() + + assert employee is not None + assert employee.total_points == 40 + assert employee.monthly_points == 40 + + def test_post_star_feedback_accumulate_points(self, client, db_session): + """ + 測試目標: 多次回饋的積分累積 + + 測試步驟: + 1. 提交第一次回饋(評分3) + 2. 提交第二次回饋(評分5) + 3. 驗證積分正確累加 + + 預期結果: total_points = 80 (30 + 50) + """ + feedback1 = { + "evaluator_name": "主管A", + "evaluatee_name": "員工C", + "evaluatee_department": "技術部", + "evaluatee_position": "工程師", + "situation": "情境描述內容足夠長度測試", + "task": "任務描述內容足夠長度測試", + "action": "行動描述內容足夠長度測試", + "result": "結果描述內容足夠長度測試", + "score": 3, + "feedback_date": "2025-10-15" + } + + feedback2 = feedback1.copy() + feedback2["score"] = 5 + feedback2["evaluator_name"] = "主管B" + + # 第一次回饋 + response1 = client.post('/api/star-feedbacks', json=feedback1) + assert response1.status_code == 201 + + # 第二次回饋 + response2 = client.post('/api/star-feedbacks', json=feedback2) + assert response2.status_code == 201 + + # 驗證積分累積 + employee = db_session.query(EmployeePoints).filter_by( + employee_name="員工C" + ).first() + + assert employee.total_points == 80 + assert employee.monthly_points == 80 + + def test_post_star_feedback_invalid_score(self, client, sample_star_feedback): + """ + 測試目標: 無效評分處理 + + 測試案例: score = 6 (超出範圍) + + 預期結果: + - 狀態碼: 400 + - 錯誤訊息 + """ + invalid_feedback = sample_star_feedback.copy() + invalid_feedback["score"] = 6 + + response = client.post('/api/star-feedbacks', json=invalid_feedback) + + assert response.status_code == 400 + data = response.get_json() + assert data['success'] is False + assert 'score' in data['message'].lower() + + def test_post_star_feedback_short_content(self, client, sample_star_feedback): + """ + 測試目標: STAR內容長度驗證 + + 測試案例: situation欄位少於10字元 + + 預期結果: + - 狀態碼: 400 + - 錯誤訊息指出內容太短 + """ + invalid_feedback = sample_star_feedback.copy() + invalid_feedback["situation"] = "太短" + + response = client.post('/api/star-feedbacks', json=invalid_feedback) + + assert response.status_code == 400 + data = response.get_json() + assert 'situation' in data['message'].lower() +``` + +### 6.3 Rankings API 測試 + +```python +class TestRankingsAPI: + """排名API整合測試""" + + def test_get_total_rankings_success(self, client, db_session): + """ + 測試目標: GET /api/rankings/total + + 測試資料: 5名員工,不同積分 + + 預期結果: + - 狀態碼: 200 + - 按積分降序排列 + - 包含所有必要資訊 + """ + # 建立測試資料 + employees = [ + ("員工A", 150), + ("員工B", 120), + ("員工C", 100), + ("員工D", 80), + ("員工E", 50), + ] + + for name, points in employees: + emp = EmployeePoints( + employee_name=name, + department="技術部", + position="工程師", + total_points=points, + monthly_points=points + ) + db_session.add(emp) + db_session.commit() + + response = client.get('/api/rankings/total') + + assert response.status_code == 200 + + data = response.get_json() + rankings = data['rankings'] + + assert len(rankings) == 5 + assert rankings[0]['employee_name'] == '員工A' + assert rankings[0]['rank'] == 1 + assert rankings[0]['total_points'] == 150 + + # 驗證排序 + for i in range(len(rankings) - 1): + assert rankings[i]['total_points'] >= rankings[i+1]['total_points'] + + def test_get_total_rankings_with_department_filter(self, client, db_session): + """ + 測試目標: GET /api/rankings/total?department=技術部 + + 測試資料: + - 技術部: 3名員工 + - 業務部: 2名員工 + + 預期結果: 只回傳技術部的3名員工 + """ + employees = [ + ("員工A", "技術部", 100), + ("員工B", "技術部", 80), + ("員工C", "技術部", 60), + ("員工D", "業務部", 90), + ("員工E", "業務部", 70), + ] + + for name, dept, points in employees: + emp = EmployeePoints( + employee_name=name, + department=dept, + position="工程師", + total_points=points, + monthly_points=points + ) + db_session.add(emp) + db_session.commit() + + response = client.get('/api/rankings/total?department=技術部') + + assert response.status_code == 200 + + data = response.get_json() + rankings = data['rankings'] + + assert len(rankings) == 3 + for ranking in rankings: + assert ranking['department'] == '技術部' + + def test_get_monthly_rankings_success(self, client, db_session): + """ + 測試目標: GET /api/rankings/monthly?year=2025&month=10 + + 測試步驟: + 1. 建立月度排名資料 + 2. 查詢特定月份排名 + + 預期結果: + - 狀態碼: 200 + - 回傳該月份的排名資料 + """ + from datetime import date + + ranking_month = date(2025, 10, 1) + + rankings_data = [ + ("員工A", 100, 1), + ("員工B", 80, 2), + ("員工C", 60, 3), + ] + + for name, points, rank in rankings_data: + ranking = MonthlyRanking( + ranking_month=ranking_month, + employee_name=name, + department="技術部", + position="工程師", + total_points=points, + ranking=rank + ) + db_session.add(ranking) + db_session.commit() + + response = client.get('/api/rankings/monthly?year=2025&month=10') + + assert response.status_code == 200 + + data = response.get_json() + assert data['year'] == 2025 + assert data['month'] == 10 + assert len(data['rankings']) == 3 + + def test_post_calculate_rankings_success(self, client, db_session): + """ + 測試目標: POST /api/rankings/calculate + + 測試步驟: + 1. 建立員工積分資料 + 2. 呼叫排名計算API + 3. 驗證排名已生成 + + 預期結果: + - 狀態碼: 200 + - monthly_rankings表有新資料 + - monthly_points已重置 + """ + # 建立測試資料 + employees = [ + ("員工A", 100), + ("員工B", 80), + ] + + for name, points in employees: + emp = EmployeePoints( + employee_name=name, + department="技術部", + position="工程師", + total_points=points, + monthly_points=points + ) + db_session.add(emp) + db_session.commit() + + # 呼叫計算API + response = client.post( + '/api/rankings/calculate', + json={"year": 2025, "month": 10} + ) + + assert response.status_code == 200 + + data = response.get_json() + assert data['success'] is True + + # 驗證排名已生成 + from datetime import date + rankings = db_session.query(MonthlyRanking).filter_by( + ranking_month=date(2025, 10, 1) + ).all() + + assert len(rankings) == 2 + + # 驗證monthly_points已重置 + for emp_name, _ in employees: + emp = db_session.query(EmployeePoints).filter_by( + employee_name=emp_name + ).first() + assert emp.monthly_points == 0 +``` + +--- + +## 7. 資料匯出測試 + +**測試檔案**: `tests/integration/test_export.py` + +```python +class TestExportFunctionality: + """資料匯出功能測試""" + + def test_export_assessments_to_excel(self, client, db_session): + """ + 測試目標: GET /api/export/assessments?format=excel + + 測試步驟: + 1. 建立測試資料 + 2. 請求Excel匯出 + 3. 驗證檔案格式與內容 + + 預期結果: + - 狀態碼: 200 + - Content-Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + - 檔案可被openpyxl讀取 + """ + # 建立測試資料 + for i in range(5): + assessment = Assessment( + department="技術部", + position="工程師" + str(i), + employee_name="員工" + str(i), + assessment_data={"L1": ["能力1"]} + ) + db_session.add(assessment) + db_session.commit() + + response = client.get('/api/export/assessments?format=excel') + + assert response.status_code == 200 + assert 'application/vnd.openxmlformats' in response.content_type + + # 驗證Excel檔案可讀取 + import io + from openpyxl import load_workbook + + excel_file = io.BytesIO(response.data) + workbook = load_workbook(excel_file) + sheet = workbook.active + + # 驗證有表頭 + assert sheet.cell(1, 1).value is not None + + # 驗證有資料(5筆 + 1筆表頭) + assert sheet.max_row == 6 + + def test_export_assessments_to_csv(self, client, db_session): + """ + 測試目標: GET /api/export/assessments?format=csv + + 預期結果: + - 狀態碼: 200 + - Content-Type: text/csv + - UTF-8 BOM編碼(Excel相容) + """ + # 建立測試資料 + assessment = Assessment( + department="技術部", + position="工程師", + employee_name="測試員工", + assessment_data={} + ) + db_session.add(assessment) + db_session.commit() + + response = client.get('/api/export/assessments?format=csv') + + assert response.status_code == 200 + assert 'text/csv' in response.content_type + + # 驗證UTF-8 BOM + assert response.data.startswith(b'\xef\xbb\xbf') + + def test_export_star_feedbacks_with_filters(self, client, db_session): + """ + 測試目標: 匯出時套用篩選條件 + + 測試資料: + - 技術部: 3筆 + - 業務部: 2筆 + + 篩選條件: department=技術部 + + 預期結果: 只匯出技術部的3筆資料 + """ + # 建立測試資料 + for i in range(3): + feedback = StarFeedback( + evaluator_name="主管", + evaluatee_name=f"員工{i}", + evaluatee_department="技術部", + evaluatee_position="工程師", + situation="S", task="T", action="A", result="R", + score=3, + feedback_date="2025-10-15" + ) + db_session.add(feedback) + + for i in range(2): + feedback = StarFeedback( + evaluator_name="主管", + evaluatee_name=f"員工{i+10}", + evaluatee_department="業務部", + evaluatee_position="專員", + situation="S", task="T", action="A", result="R", + score=3, + feedback_date="2025-10-15" + ) + db_session.add(feedback) + db_session.commit() + + response = client.get( + '/api/export/star-feedbacks?format=excel&department=技術部' + ) + + assert response.status_code == 200 + + # 驗證只有技術部資料 + import io + from openpyxl import load_workbook + + excel_file = io.BytesIO(response.data) + workbook = load_workbook(excel_file) + sheet = workbook.active + + # 3筆資料 + 1筆表頭 + assert sheet.max_row == 4 + + def test_export_invalid_format(self, client): + """ + 測試目標: 無效的匯出格式 + + 測試案例: format=pdf (不支援) + + 預期結果: + - 狀態碼: 400 + - 錯誤訊息 + """ + response = client.get('/api/export/assessments?format=pdf') + + assert response.status_code == 400 + data = response.get_json() + assert data['success'] is False + assert 'format' in data['message'].lower() +``` + +--- + +## 8. 端到端測試 (E2E) + +**測試檔案**: `tests/e2e/test_workflows.py` + +```python +class TestCompleteWorkflows: + """完整業務流程端到端測試""" + + def test_complete_assessment_workflow(self, client, db_session, sample_capability): + """ + 測試目標: 完整評估流程 + + 流程步驟: + 1. 取得能力項目清單 + 2. 提交評估 + 3. 查詢評估記錄 + 4. 驗證資料正確 + + 預期結果: 整個流程順利完成 + """ + # Step 1: 建立能力項目 + db_session.add(sample_capability) + db_session.commit() + + # Step 2: 取得能力清單 + response1 = client.get('/api/capabilities') + assert response1.status_code == 200 + capabilities = response1.get_json()['capabilities'] + assert len(capabilities) > 0 + + # Step 3: 提交評估 + assessment_data = { + "department": "技術部", + "position": "工程師", + "employee_name": "測試員工", + "assessment_data": { + "L1": [capabilities[0]['name']], + "L2": [], + "L3": [], + "L4": [], + "L5": [] + } + } + + response2 = client.post('/api/assessments', json=assessment_data) + assert response2.status_code == 201 + assessment_id = response2.get_json()['assessment_id'] + + # Step 4: 查詢評估記錄 + response3 = client.get('/api/assessments') + assert response3.status_code == 200 + assessments = response3.get_json()['assessments'] + + # Step 5: 驗證資料 + found = False + for assessment in assessments: + if assessment['id'] == assessment_id: + found = True + assert assessment['department'] == "技術部" + assert assessment['employee_name'] == "測試員工" + break + + assert found is True + + def test_complete_star_feedback_and_ranking_workflow(self, client, db_session): + """ + 測試目標: STAR回饋到排名的完整流程 + + 流程步驟: + 1. 提交多筆STAR回饋給不同員工 + 2. 驗證積分更新 + 3. 計算月度排名 + 4. 查詢排行榜 + 5. 驗證排名正確 + + 預期結果: 積分與排名完整運作 + """ + # Step 1: 提交回饋給員工A (評分5) + feedback_a = { + "evaluator_name": "主管1", + "evaluatee_name": "員工A", + "evaluatee_department": "技術部", + "evaluatee_position": "工程師", + "situation": "情境描述需要足夠長度才能通過驗證測試", + "task": "任務描述需要足夠長度才能通過驗證測試", + "action": "行動描述需要足夠長度才能通過驗證測試", + "result": "結果描述需要足夠長度才能通過驗證測試", + "score": 5, + "feedback_date": "2025-10-15" + } + + response1 = client.post('/api/star-feedbacks', json=feedback_a) + assert response1.status_code == 201 + assert response1.get_json()['points_earned'] == 50 + + # Step 2: 提交回饋給員工B (評分3) + feedback_b = feedback_a.copy() + feedback_b['evaluatee_name'] = "員工B" + feedback_b['score'] = 3 + + response2 = client.post('/api/star-feedbacks', json=feedback_b) + assert response2.status_code == 201 + assert response2.get_json()['points_earned'] == 30 + + # Step 3: 驗證積分 + emp_a = db_session.query(EmployeePoints).filter_by( + employee_name="員工A" + ).first() + emp_b = db_session.query(EmployeePoints).filter_by( + employee_name="員工B" + ).first() + + assert emp_a.total_points == 50 + assert emp_b.total_points == 30 + + # Step 4: 計算排名 + response3 = client.post( + '/api/rankings/calculate', + json={"year": 2025, "month": 10} + ) + assert response3.status_code == 200 + + # Step 5: 查詢排行榜 + response4 = client.get('/api/rankings/monthly?year=2025&month=10') + assert response4.status_code == 200 + + rankings = response4.get_json()['rankings'] + assert len(rankings) == 2 + + # Step 6: 驗證排名順序 + assert rankings[0]['employee_name'] == "員工A" + assert rankings[0]['ranking'] == 1 + assert rankings[0]['total_points'] == 50 + + assert rankings[1]['employee_name'] == "員工B" + assert rankings[1]['ranking'] == 2 + assert rankings[1]['total_points'] == 30 + + # Step 7: 驗證月度積分已重置 + emp_a_updated = db_session.query(EmployeePoints).filter_by( + employee_name="員工A" + ).first() + + assert emp_a_updated.total_points == 50 # 保持 + assert emp_a_updated.monthly_points == 0 # 重置 + + def test_export_after_data_creation(self, client, db_session): + """ + 測試目標: 建立資料後匯出 + + 流程步驟: + 1. 建立評估與回饋資料 + 2. 匯出Excel + 3. 匯出CSV + 4. 驗證檔案內容 + + 預期結果: 匯出檔案包含所有建立的資料 + """ + # Step 1: 建立評估資料 + assessment = Assessment( + department="技術部", + position="工程師", + employee_name="匯出測試員工", + assessment_data={"L1": ["能力1"]} + ) + db_session.add(assessment) + db_session.commit() + + # Step 2: 匯出Excel + response1 = client.get('/api/export/assessments?format=excel') + assert response1.status_code == 200 + + import io + from openpyxl import load_workbook + + excel_file = io.BytesIO(response1.data) + workbook = load_workbook(excel_file) + sheet = workbook.active + + # 驗證資料存在 + found = False + for row in sheet.iter_rows(min_row=2, values_only=True): + if "匯出測試員工" in str(row): + found = True + break + + assert found is True + + # Step 3: 匯出CSV + response2 = client.get('/api/export/assessments?format=csv') + assert response2.status_code == 200 + assert "匯出測試員工" in response2.data.decode('utf-8-sig') +``` + +--- + +## 9. 效能測試 + +**測試檔案**: `tests/performance/test_performance.py` + +```python +import time +import pytest + +class TestPerformance: + """效能測試""" + + def test_api_response_time_under_500ms(self, client, db_session): + """ + 測試目標: API回應時間 < 500ms + + 測試API: GET /api/capabilities + + 預期結果: 95%請求在500ms內完成 + """ + # 準備資料 + for i in range(10): + capability = Capability( + name=f"能力{i}", + l1_description="描述", + l2_description="描述", + l3_description="描述", + l4_description="描述", + l5_description="描述" + ) + db_session.add(capability) + db_session.commit() + + # 執行100次請求 + response_times = [] + for _ in range(100): + start_time = time.time() + response = client.get('/api/capabilities') + end_time = time.time() + + assert response.status_code == 200 + response_times.append((end_time - start_time) * 1000) # 轉為毫秒 + + # 計算95百分位數 + response_times.sort() + p95_index = int(len(response_times) * 0.95) + p95_time = response_times[p95_index] + + print(f"\n95th percentile response time: {p95_time:.2f}ms") + assert p95_time < 500, f"95th percentile ({p95_time:.2f}ms) exceeds 500ms" + + def test_database_query_optimization(self, db_session): + """ + 測試目標: 資料庫查詢效能 + + 測試情境: 查詢1000筆資料並分頁 + + 預期結果: 單次查詢 < 100ms + """ + # 建立1000筆測試資料 + for i in range(1000): + assessment = Assessment( + department=f"部門{i % 10}", + position=f"職位{i % 5}", + assessment_data={} + ) + db_session.add(assessment) + db_session.commit() + + # 測試分頁查詢 + start_time = time.time() + + results = db_session.query(Assessment)\ + .filter_by(department="部門1")\ + .limit(20)\ + .offset(0)\ + .all() + + end_time = time.time() + query_time = (end_time - start_time) * 1000 + + print(f"\nQuery time: {query_time:.2f}ms") + assert query_time < 100, f"Query time ({query_time:.2f}ms) exceeds 100ms" + + def test_concurrent_requests(self, client): + """ + 測試目標: 並發請求處理 + + 測試情境: 50個並發請求 + + 預期結果: 所有請求成功完成 + """ + import concurrent.futures + + def make_request(): + response = client.get('/api/capabilities') + return response.status_code + + # 執行50個並發請求 + with concurrent.futures.ThreadPoolExecutor(max_workers=50) as executor: + futures = [executor.submit(make_request) for _ in range(50)] + results = [f.result() for f in concurrent.futures.as_completed(futures)] + + # 驗證所有請求成功 + assert all(status == 200 for status in results) + assert len(results) == 50 +``` + +--- + +## 10. 測試執行與CI/CD + +### 10.1 本地測試執行 + +```bash +# 安裝測試依賴 +pip install pytest pytest-cov pytest-mock + +# 執行所有測試 +pytest + +# 執行特定測試檔案 +pytest tests/unit/test_models.py + +# 執行特定測試類別 +pytest tests/unit/test_models.py::TestAssessmentModel + +# 執行特定測試案例 +pytest tests/unit/test_models.py::TestAssessmentModel::test_create_assessment_success + +# 顯示詳細輸出 +pytest -v + +# 產生覆蓋率報告 +pytest --cov=app --cov-report=html + +# 只執行失敗的測試 +pytest --lf + +# 並行執行測試 +pytest -n auto +``` + +### 10.2 pytest.ini 配置 + +```ini +[pytest] +# 測試路徑 +testpaths = tests + +# Python檔案模式 +python_files = test_*.py + +# 測試類別模式 +python_classes = Test* + +# 測試函數模式 +python_functions = test_* + +# 標記 +markers = + unit: Unit tests + integration: Integration tests + e2e: End-to-end tests + slow: Slow running tests + performance: Performance tests + +# 覆蓋率設定 +addopts = + --strict-markers + --cov=app + --cov-report=term-missing + --cov-report=html + --cov-fail-under=70 + -ra + +# 忽略警告 +filterwarnings = + ignore::DeprecationWarning +``` + +### 10.3 GitHub Actions CI/CD + +**.github/workflows/tests.yml**: + +```yaml +name: Tests + +on: + push: + branches: [ main, develop ] + pull_request: + branches: [ main, develop ] + +jobs: + test: + runs-on: ubuntu-latest + + services: + mysql: + image: mysql:8.0 + env: + MYSQL_ROOT_PASSWORD: test_password + MYSQL_DATABASE: test_db + ports: + - 3306:3306 + options: >- + --health-cmd="mysqladmin ping" + --health-interval=10s + --health-timeout=5s + --health-retries=3 + + steps: + - uses: actions/checkout@v3 + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: '3.10' + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install -r requirements.txt + pip install pytest pytest-cov + + - name: Wait for MySQL + run: | + while ! mysqladmin ping -h"127.0.0.1" -P3306 --silent; do + sleep 1 + done + + - name: Run unit tests + env: + DB_HOST: 127.0.0.1 + DB_PORT: 3306 + DB_NAME: test_db + DB_USER: root + DB_PASSWORD: test_password + SECRET_KEY: test_secret_key_for_ci + run: | + pytest tests/unit -v --cov=app --cov-report=xml + + - name: Run integration tests + env: + DB_HOST: 127.0.0.1 + DB_PORT: 3306 + DB_NAME: test_db + DB_USER: root + DB_PASSWORD: test_password + SECRET_KEY: test_secret_key_for_ci + run: | + pytest tests/integration -v + + - name: Upload coverage to Codecov + uses: codecov/codecov-action@v3 + with: + file: ./coverage.xml + fail_ci_if_error: true +``` + +### 10.4 測試報告範例 + +``` +======================== test session starts ========================= +platform linux -- Python 3.10.0, pytest-7.4.0, pluggy-1.3.0 +rootdir: /app +plugins: cov-4.1.0 +collected 156 items + +tests/unit/test_models.py::TestAssessmentModel::test_create_assessment_success PASSED [ 1%] +tests/unit/test_models.py::TestAssessmentModel::test_assessment_requires_department PASSED [ 2%] +tests/unit/test_models.py::TestAssessmentModel::test_assessment_json_serialization PASSED [ 3%] +... +tests/e2e/test_workflows.py::TestCompleteWorkflows::test_complete_star_feedback_and_ranking_workflow PASSED [100%] + +---------- coverage: platform linux, python 3.10.0 ----------- +Name Stmts Miss Cover Missing +------------------------------------------------------------ +app/__init__.py 45 2 96% 78-79 +app/models.py 120 8 93% 45, 89-95 +app/routes.py 230 15 93% 125, 189-195, 256 +app/services.py 145 5 97% 78-82 +app/validators.py 95 3 97% 56-58 +app/utils.py 40 1 98% 23 +------------------------------------------------------------ +TOTAL 675 34 95% + +===================== 156 passed in 45.23s ====================== +``` + +--- + +## 11. 測試資料管理 + +### 11.1 測試資料Fixtures + +**tests/fixtures/sample_data.py**: + +```python +"""測試資料fixtures""" + +def get_sample_assessments(): + """範例評估資料集""" + return [ + { + "department": "技術部", + "position": "資深工程師", + "employee_name": "張三", + "assessment_data": { + "L1": [], + "L2": ["程式設計與開發"], + "L3": ["系統分析與設計"], + "L4": ["專案管理"], + "L5": [] + } + }, + { + "department": "業務部", + "position": "業務經理", + "employee_name": "李四", + "assessment_data": { + "L1": [], + "L2": [], + "L3": ["客戶關係管理"], + "L4": ["業務策略規劃"], + "L5": [] + } + } + ] + +def get_sample_star_feedbacks(): + """範例STAR回饋資料集""" + return [ + { + "evaluator_name": "王主管", + "evaluatee_name": "張三", + "evaluatee_department": "技術部", + "evaluatee_position": "資深工程師", + "situation": "專案進度落後,客戶要求提前交付核心功能", + "task": "需要在一週內完成原本規劃兩週的開發任務", + "action": "重新評估優先級,與團隊協調資源分配,採用敏捷開發方法快速迭代", + "result": "成功提前三天交付功能,客戶滿意度提升,專案獲得額外預算", + "score": 5, + "feedback_date": "2025-10-01" + }, + { + "evaluator_name": "陳主管", + "evaluatee_name": "李四", + "evaluatee_department": "業務部", + "evaluatee_position": "業務經理", + "situation": "重要客戶考慮終止合作,需要緊急挽回", + "task": "在一個月內重建客戶信任並續約", + "action": "深入了解客戶痛點,提出客製化解決方案,每週親自拜訪追蹤", + "result": "客戶決定不僅續約還擴大合作範圍,年度合約金額增加30%", + "score": 5, + "feedback_date": "2025-10-05" + } + ] + +def get_sample_capabilities(): + """範例能力項目資料集""" + return [ + { + "name": "程式設計與開發", + "l1_description": "能撰寫基本程式碼,完成簡單功能", + "l2_description": "能獨立開發中等複雜度功能,遵循編碼規範", + "l3_description": "能設計系統架構,優化程式效能", + "l4_description": "能指導團隊技術方向,制定開發標準", + "l5_description": "能規劃技術策略,引領技術創新" + }, + { + "name": "專案管理", + "l1_description": "能執行分配的任務,按時回報進度", + "l2_description": "能獨立管理小型專案,協調資源", + "l3_description": "能處理複雜專案,解決跨部門協作問題", + "l4_description": "能領導多個專案,培養專案經理", + "l5_description": "能制定專案管理策略,建立PMO體系" + } + ] +``` + +### 11.2 資料庫Seed腳本 + +**tests/seed_test_data.py**: + +```python +"""測試資料庫初始化腳本""" + +from app import create_app, db +from app.models import Assessment, Capability, StarFeedback, EmployeePoints +from tests.fixtures.sample_data import ( + get_sample_assessments, + get_sample_star_feedbacks, + get_sample_capabilities +) + +def seed_test_database(): + """初始化測試資料庫""" + app = create_app('testing') + + with app.app_context(): + # 清空資料庫 + db.drop_all() + db.create_all() + + # 建立能力項目 + for cap_data in get_sample_capabilities(): + capability = Capability(**cap_data) + db.session.add(capability) + + # 建立評估資料 + for assess_data in get_sample_assessments(): + assessment = Assessment(**assess_data) + db.session.add(assessment) + + # 建立STAR回饋 + for feedback_data in get_sample_star_feedbacks(): + feedback = StarFeedback(**feedback_data) + db.session.add(feedback) + + # 更新員工積分 + emp_name = feedback_data['evaluatee_name'] + points = feedback_data['score'] * 10 + + employee = db.session.query(EmployeePoints).filter_by( + employee_name=emp_name + ).first() + + if not employee: + employee = EmployeePoints( + employee_name=emp_name, + department=feedback_data['evaluatee_department'], + position=feedback_data['evaluatee_position'], + total_points=points, + monthly_points=points + ) + db.session.add(employee) + else: + employee.total_points += points + employee.monthly_points += points + + db.session.commit() + print("✅ 測試資料初始化完成") + +if __name__ == '__main__': + seed_test_database() +``` + +--- + +## 12. 測試最佳實踐 + +### 12.1 TDD開發流程 + +``` +1. 寫一個失敗的測試 (RED) + ├── 明確定義預期行為 + ├── 寫出測試案例 + └── 執行測試,確認失敗 + +2. 寫最小程式碼讓測試通過 (GREEN) + ├── 實作功能邏輯 + ├── 執行測試 + └── 確認測試通過 + +3. 重構程式碼 (REFACTOR) + ├── 優化程式結構 + ├── 移除重複代碼 + ├── 改善可讀性 + └── 確保測試仍然通過 + +4. 重複循環 + └── 繼續下一個功能 +``` + +### 12.2 測試命名規範 + +```python +# ✅ 好的測試名稱 +def test_create_assessment_with_valid_data_should_succeed(): + """測試名稱清楚描述: 動作 + 條件 + 預期結果""" + pass + +def test_calculate_points_with_score_5_should_return_50(): + """明確的輸入與輸出""" + pass + +# ❌ 不好的測試名稱 +def test_assessment(): + """太籠統""" + pass + +def test_1(): + """無意義""" + pass +``` + +### 12.3 測試獨立性原則 + +```python +# ✅ 每個測試獨立運作 +class TestIndependent: + def test_case_1(self, db_session): + # 測試1有自己的資料 + data = create_test_data() + # ... 執行測試 + + def test_case_2(self, db_session): + # 測試2不依賴測試1 + data = create_different_test_data() + # ... 執行測試 + +# ❌ 測試之間有依賴性 +class TestDependent: + shared_data = None + + def test_case_1(self): + self.shared_data = create_data() + + def test_case_2(self): + # 依賴test_case_1的結果 ❌ + use_data(self.shared_data) +``` + +### 12.4 AAA模式 + +```python +def test_with_aaa_pattern(): + """ + AAA模式: Arrange-Act-Assert + """ + # Arrange (準備): 設定測試資料與環境 + employee = EmployeePoints( + employee_name="測試員工", + department="技術部", + position="工程師" + ) + initial_points = 30 + additional_points = 20 + + # Act (執行): 執行要測試的操作 + employee.total_points = initial_points + employee.total_points += additional_points + + # Assert (驗證): 驗證結果 + assert employee.total_points == 50 +``` + +### 12.5 測試覆蓋率目標 + +``` +優先級排序: +1. 🔴 核心業務邏輯: 100% (積分計算、排名邏輯) +2. 🟡 API端點: 100% (所有路由) +3. 🟡 資料模型: 90%+ (CRUD操作) +4. 🟢 工具函數: 80%+ (輔助功能) +5. 🟢 UI邏輯: 70%+ (前端交互) + +不追求100%覆蓋率: +- 簡單的getter/setter +- 框架自動生成的程式碼 +- 第三方套件整合 +``` + +--- + +## 13. 持續改進 + +### 13.1 測試債務追蹤 + +| 項目 | 當前狀態 | 目標 | 優先級 | +|-----|---------|------|--------| +| 單元測試覆蓋率 | 75% | 80%+ | 🔴 高 | +| 整合測試 | 60% | 70%+ | 🟡 中 | +| E2E測試 | 核心流程 | 完整流程 | 🟡 中 | +| 效能測試 | 基礎 | 完整benchmark | 🟢 低 | +| 安全測試 | 未實作 | SQL注入、XSS測試 | 🔴 高 | + +### 13.2 測試審查檢查清單 + +``` +□ 測試名稱清晰描述意圖 +□ 使用AAA模式組織測試 +□ 測試獨立且可重複執行 +□ 包含正常與異常情境 +□ 驗證邊界條件 +□ Mock外部依賴 +□ 測試執行速度合理(<10s) +□ 有適當的測試文件 +``` + +### 13.3 定期測試維護 + +```python +# 每月審查 +- 移除過時的測試 +- 更新測試資料 +- 檢查測試執行時間 +- 修復不穩定的測試 + +# 每季審查 +- 評估測試覆蓋率 +- 重構重複的測試程式碼 +- 更新測試策略 +- 培訓團隊TDD實踐 +``` + +--- + +## 14. 附錄 + +### 14.1 常用測試指令 + +```bash +# 快速測試 +pytest -x # 遇到第一個失敗就停止 +pytest --lf # 只執行上次失敗的測試 +pytest -k "assessment" # 執行名稱包含"assessment"的測試 +pytest -m unit # 執行標記為unit的測試 + +# 覆蓋率相關 +pytest --cov=app # 顯示覆蓋率 +pytest --cov-report=html # HTML格式報告 +pytest --cov-report=term-missing # 顯示缺失的行號 + +# 效能分析 +pytest --durations=10 # 顯示最慢的10個測試 +pytest --profile # 執行效能分析 + +# 並行執行 +pytest -n 4 # 使用4個worker並行 +pytest -n auto # 自動決定worker數量 + +# Debug模式 +pytest --pdb # 失敗時進入debugger +pytest -s # 顯示print輸出 +pytest -vv # 非常詳細的輸出 +``` + +### 14.2 Mock範例 + +```python +from unittest.mock import Mock, patch + +def test_with_mock(db_session): + """使用Mock測試外部依賴""" + + # Mock資料庫查詢 + with patch('app.services.db_session.query') as mock_query: + mock_query.return_value.filter_by.return_value.first.return_value = Mock( + employee_name="測試員工", + total_points=100 + ) + + # 執行測試 + result = get_employee_points("測試員工") + + # 驗證 + assert result == 100 + mock_query.assert_called_once() +``` + +### 14.3 參考資源 + +- [pytest官方文件](https://docs.pytest.org/) +- [Test-Driven Development書籍](https://www.oreilly.com/library/view/test-driven-development/0321146530/) +- [Python Testing with pytest](https://pragprog.com/titles/bopytest/python-testing-with-pytest/) +- [Flask Testing文件](https://flask.palletsprojects.com/en/latest/testing/) + +--- + +**文件結束** + +**版本**: 1.0 +**最後更新**: 2025年10月15日 +**下次審查**: 2025年11月15日 \ No newline at end of file diff --git a/.claude/settings.local.json b/.claude/settings.local.json new file mode 100644 index 0000000..203289c --- /dev/null +++ b/.claude/settings.local.json @@ -0,0 +1,9 @@ +{ + "permissions": { + "allow": [ + "Bash(python -c:*)" + ], + "deny": [], + "ask": [] + } +} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..14c1d97 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,182 @@ +name: CI/CD Pipeline + +on: + push: + branches: [ main, develop ] + pull_request: + branches: [ main, develop ] + +jobs: + test: + runs-on: ubuntu-latest + + strategy: + matrix: + python-version: [3.8, 3.9, '3.10', '3.11'] + + services: + mysql: + image: mysql:5.7 + env: + MYSQL_ROOT_PASSWORD: root + MYSQL_DATABASE: partner_alignment_test + MYSQL_USER: test_user + MYSQL_PASSWORD: test_password + ports: + - 3306:3306 + options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3 + + steps: + - uses: actions/checkout@v4 + + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v4 + with: + python-version: ${{ matrix.python-version }} + + - name: Cache pip dependencies + uses: actions/cache@v3 + with: + path: ~/.cache/pip + key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} + restore-keys: | + ${{ runner.os }}-pip- + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install -r requirements.txt + + - name: Set up environment variables + run: | + echo "SECRET_KEY=test-secret-key" >> $GITHUB_ENV + echo "JWT_SECRET_KEY=test-jwt-secret-key" >> $GITHUB_ENV + echo "DB_HOST=127.0.0.1" >> $GITHUB_ENV + echo "DB_PORT=3306" >> $GITHUB_ENV + echo "DB_USER=test_user" >> $GITHUB_ENV + echo "DB_PASSWORD=test_password" >> $GITHUB_ENV + echo "DB_NAME=partner_alignment_test" >> $GITHUB_ENV + echo "ENABLE_REGISTRATION=True" >> $GITHUB_ENV + echo "DEFAULT_ROLE=user" >> $GITHUB_ENV + + - name: Wait for MySQL + run: | + while ! mysqladmin ping -h"127.0.0.1" -P3306 -u"test_user" -p"test_password" --silent; do + sleep 1 + done + + - name: Run linting + run: | + pip install flake8 + flake8 app.py models.py auth.py auth_routes.py dashboard_routes.py admin_routes.py init_system.py --max-line-length=120 --ignore=E501,W503 + + - name: Run unit tests + run: | + python -m pytest tests/unit/ -v --tb=short --cov=app --cov=models --cov=auth --cov=auth_routes --cov=dashboard_routes --cov=admin_routes --cov-report=xml --cov-report=term-missing + + - name: Run integration tests + run: | + python -m pytest tests/integration/ -v --tb=short + + - name: Run API tests + run: | + python -m pytest tests/api/ -v --tb=short + + - name: Run all tests with coverage + run: | + python -m pytest tests/ -v --tb=short --cov=app --cov=models --cov=auth --cov=auth_routes --cov=dashboard_routes --cov=admin_routes --cov-report=xml --cov-report=html:htmlcov --cov-report=term-missing --cov-fail-under=80 + + - name: Upload coverage to Codecov + uses: codecov/codecov-action@v3 + with: + file: ./coverage.xml + flags: unittests + name: codecov-umbrella + fail_ci_if_error: false + + security: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: '3.10' + + - name: Install security tools + run: | + python -m pip install --upgrade pip + pip install bandit safety + + - name: Run Bandit security scan + run: | + bandit -r app.py models.py auth.py auth_routes.py dashboard_routes.py admin_routes.py init_system.py -f json -o bandit-report.json || true + + - name: Run Safety check + run: | + safety check --json --output safety-report.json || true + + - name: Upload security reports + uses: actions/upload-artifact@v3 + with: + name: security-reports + path: | + bandit-report.json + safety-report.json + + build: + runs-on: ubuntu-latest + needs: [test, security] + + steps: + - uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: '3.10' + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install -r requirements.txt + + - name: Build Docker image + run: | + docker build -t partner-alignment:latest . + + - name: Test Docker image + run: | + docker run --rm partner-alignment:latest python -c "import app; print('App imports successfully')" + + deploy-staging: + runs-on: ubuntu-latest + needs: [build] + if: github.ref == 'refs/heads/develop' + + steps: + - uses: actions/checkout@v4 + + - name: Deploy to staging + run: | + echo "Deploying to staging environment..." + # Add your staging deployment commands here + # Example: kubectl apply -f k8s/staging/ + # Example: docker push your-registry/partner-alignment:staging + + deploy-production: + runs-on: ubuntu-latest + needs: [build] + if: github.ref == 'refs/heads/main' + + steps: + - uses: actions/checkout@v4 + + - name: Deploy to production + run: | + echo "Deploying to production environment..." + # Add your production deployment commands here + # Example: kubectl apply -f k8s/production/ + # Example: docker push your-registry/partner-alignment:latest diff --git a/FEATURES_COMPLETED.md b/FEATURES_COMPLETED.md new file mode 100644 index 0000000..76aac29 --- /dev/null +++ b/FEATURES_COMPLETED.md @@ -0,0 +1,114 @@ +# 夥伴對齊系統 - 功能完成總結 + +## ✅ 已完成的功能 + +### 🔐 認證系統 +- **JWT 令牌認證**: 安全的用戶認證機制 +- **角色權限管理**: 管理員、HR主管、一般用戶三種角色 +- **測試帳號**: 提供三個等級的測試帳號,登入頁面顯示帳號資訊 +- **快速登入**: 一鍵填入測試帳號資訊 + +### 📊 個人儀表板 +- **積分追蹤**: 總積分、本月積分顯示 +- **排名顯示**: 當前排名和百分位數 +- **最近活動**: 顯示用戶最近的操作記錄 +- **成就徽章**: 展示用戶獲得的成就 +- **績效圖表**: 使用 Chart.js 顯示積分趨勢 + +### 🏆 高級排名系統 +- **百分位數計算**: 精確的排名百分位數 +- **等級系統**: 大師、專家、熟練、良好、基礎五個等級 +- **高級篩選**: 部門、職位、積分範圍篩選 +- **統計分析**: 平均分、中位數、標準差等統計信息 +- **視覺化排名**: 美觀的排名列表顯示 + +### 🔔 通知系統 +- **實時通知**: 成就獲得、排名變化、新回饋通知 +- **通知分類**: 不同類型的通知使用不同圖標和顏色 +- **已讀管理**: 標記已讀、全部已讀功能 +- **時間顯示**: 智能時間格式(剛剛、分鐘前、小時前等) +- **通知徽章**: 導航欄顯示未讀通知數量 + +### 👥 管理界面 +- **用戶管理**: 查看所有用戶信息,管理用戶狀態 +- **統計概覽**: 總用戶數、活躍用戶、評估數、回饋數 +- **部門分析**: 部門分布統計 +- **積分分析**: 積分統計和趨勢分析 +- **數據刷新**: 實時更新管理數據 + +### 📋 核心功能 +- **能力評估**: 拖拽式能力評估系統 +- **STAR回饋**: 結構化回饋收集 +- **數據導出**: Excel/CSV 格式數據導出 +- **響應式設計**: 支持各種設備尺寸 + +## 🎯 技術特色 + +### 前端技術 +- **Bootstrap 5**: 現代化 UI 框架 +- **Chart.js**: 數據可視化 +- **Bootstrap Icons**: 豐富的圖標庫 +- **響應式設計**: 適配各種屏幕尺寸 + +### 後端技術 +- **Flask**: 輕量級 Python Web 框架 +- **SQLAlchemy**: 強大的 ORM +- **SQLite**: 輕量級數據庫(易於部署) +- **JWT**: 安全的認證機制 + +### 數據庫設計 +- **用戶管理**: 用戶、角色、權限表 +- **評估系統**: 能力、評估、回饋表 +- **積分系統**: 員工積分、排名表 +- **通知系統**: 通知、審計日誌表 + +## 🚀 部署說明 + +### 快速啟動 +1. 運行 `run.bat` 腳本 +2. 自動創建虛擬環境 +3. 安裝必要依賴 +4. 創建測試帳號 +5. 啟動應用程式 + +### 測試帳號 +- **管理員**: `admin` / `admin123` +- **HR主管**: `hr_manager` / `hr123` +- **一般用戶**: `user` / `user123` + +### 訪問地址 +- 本地訪問: `http://localhost:5000` +- 網絡訪問: `http://[IP地址]:5000` + +## 📈 系統優勢 + +### 用戶體驗 +- **直觀界面**: 清晰的導航和操作流程 +- **快速響應**: 優化的前端交互 +- **豐富反饋**: 多種通知和提示機制 +- **數據可視化**: 圖表和統計信息展示 + +### 管理功能 +- **全面監控**: 用戶活動和系統統計 +- **靈活篩選**: 多維度數據篩選 +- **實時更新**: 動態數據刷新 +- **權限控制**: 基於角色的訪問控制 + +### 技術架構 +- **模組化設計**: 清晰的代碼結構 +- **可擴展性**: 易於添加新功能 +- **安全性**: JWT 認證和權限管理 +- **可維護性**: 良好的代碼組織 + +## 🎉 完成狀態 + +所有 TODO 項目已完成: +- ✅ 個人儀表板功能 +- ✅ 高級排名系統 +- ✅ 通知系統 +- ✅ 管理界面 +- ✅ 審計日誌系統 +- ✅ 測試帳號創建 + +系統已完全可用,具備完整的夥伴對齊功能! + diff --git a/PROJECT_SUMMARY.md b/PROJECT_SUMMARY.md new file mode 100644 index 0000000..34746cc --- /dev/null +++ b/PROJECT_SUMMARY.md @@ -0,0 +1,376 @@ +# 夥伴對齊系統 - 專案總結 + +## ✅ 專案狀態 + +**狀態:** 已完成並可正常運行 +**日期:** 2025-01-17 +**版本:** 1.0.0 (簡化版) + +--- + +## 📁 專案結構 + +### 核心文件 + +``` +1015 partner alignment V2/ +├── simple_app.py # 主應用程式(簡化版,使用 SQLite) +├── config.py # 配置檔案(生產環境用) +├── requirements.txt # Python 依賴套件 +├── requirements-simple.txt # 簡化版依賴套件 +├── run.bat # Windows 啟動腳本 +├── setup.bat # Windows 安裝腳本 +├── README.md # 專案說明 +├── security-fixes.md # 安全審計報告 +├── FEATURES_COMPLETED.md # 功能完成清單 +│ +├── static/ # 靜態資源 +│ ├── css/ +│ │ └── style.css # 樣式表 +│ └── js/ +│ ├── app.js # 主應用程式 JavaScript +│ ├── admin.js # 管理功能 JavaScript +│ └── assessment.js # 評估功能 JavaScript +│ +├── templates/ # HTML 模板 +│ └── index.html # 主頁面 +│ +├── instance/ # 實例目錄 +│ └── partner_alignment.db # SQLite 資料庫 +│ +└── venv/ # Python 虛擬環境 +``` + +--- + +## 🚀 快速開始 + +### 方法 1: 使用 run.bat(推薦) + +```bash +# 雙擊運行或在命令提示字元中執行 +run.bat +``` + +### 方法 2: 手動啟動 + +```bash +# 1. 創建虛擬環境 +py -m venv venv + +# 2. 啟動虛擬環境 +venv\Scripts\activate + +# 3. 安裝依賴 +pip install -r requirements-simple.txt + +# 4. 啟動應用程式 +py simple_app.py +``` + +### 訪問應用程式 + +打開瀏覽器訪問:`http://localhost:5000` + +--- + +## 🔑 測試帳號 + +| 角色 | 用戶名 | 密碼 | 權限 | +|------|--------|------|------| +| 管理員 | admin | admin123 | 所有功能 | +| HR主管 | hr_manager | hr123 | 管理功能 | +| 一般用戶 | user | user123 | 基本功能 | + +**注意:** 這些是測試帳號,登入頁面會顯示這些資訊。 + +--- + +## ✨ 主要功能 + +### 1. 認證系統 +- ✅ 用戶登入/註冊 +- ✅ 測試帳號快速登入 +- ✅ 用戶信息顯示 +- ✅ 登出功能 + +### 2. 個人儀表板 +- ✅ 積分追蹤(總積分、本月積分) +- ✅ 排名顯示 +- ✅ 最近活動 +- ✅ 成就徽章 +- ✅ 績效圖表(Chart.js) + +### 3. 能力評估 +- ✅ 拖拽式評估界面 +- ✅ 多層級能力評估(L1-L5) +- ✅ 評估記錄管理 + +### 4. STAR 回饋系統 +- ✅ 結構化回饋收集 +- ✅ Situation-Task-Action-Result 框架 +- ✅ 評分系統(1-5分) +- ✅ 積分計算 + +### 5. 排名系統 +- ✅ 總排名 +- ✅ 月度排名 +- ✅ 百分位數計算 +- ✅ 等級系統(大師、專家、熟練、良好、基礎) +- ✅ 高級篩選(部門、職位、積分範圍) +- ✅ 統計分析(平均、中位數、標準差) + +### 6. 通知系統 +- ✅ 實時通知 +- ✅ 通知分類(成就、排名、回饋、系統) +- ✅ 已讀管理 +- ✅ 智能時間顯示 + +### 7. 管理界面 +- ✅ 用戶管理 +- ✅ 統計概覽 +- ✅ 部門分析 +- ✅ 積分分析 + +### 8. 數據導出 +- ✅ CSV 格式導出 +- ✅ Excel 格式導出(需要 pandas) + +--- + +## 🗄️ 資料庫 + +### 當前使用:SQLite + +**資料庫位置:** `instance/partner_alignment.db` + +**優勢:** +- 無需安裝額外資料庫服務 +- 開箱即用 +- 適合開發和小型部署 + +**生產環境建議:** 使用 MySQL 或 PostgreSQL + +### 資料表結構 + +1. **users** - 用戶帳號 +2. **roles** - 角色定義 +3. **user_roles** - 用戶角色關聯 +4. **capabilities** - 能力項目 +5. **assessments** - 評估記錄 +6. **star_feedbacks** - STAR 回饋 +7. **employee_points** - 員工積分 +8. **notifications** - 通知 +9. **audit_logs** - 審計日誌 +10. **permissions** - 權限定義 +11. **role_permissions** - 角色權限關聯 +12. **monthly_rankings** - 月度排名 + +--- + +## 🛠️ 技術棧 + +### 前端 +- **HTML5** - 結構 +- **Bootstrap 5** - UI 框架 +- **Bootstrap Icons** - 圖標庫 +- **Chart.js** - 數據可視化 +- **JavaScript (Vanilla)** - 交互邏輯 + +### 後端 +- **Flask 2.3.3** - Web 框架 +- **SQLAlchemy 3.0.5** - ORM +- **Flask-CORS 4.0.0** - 跨域支持 +- **Flask-Login 0.6.3** - 用戶會話管理 +- **Flask-JWT-Extended 4.5.2** - JWT 認證 +- **Flask-Bcrypt 1.0.1** - 密碼哈希 +- **APScheduler 3.10.4** - 定時任務 + +### 資料庫 +- **SQLite** - 開發環境 +- **MySQL 5.7+** - 生產環境(可選) + +--- + +## ⚠️ 安全注意事項 + +### 當前實現(簡化版) + +**僅適用於開發環境!** + +1. **密碼存儲** + - ❌ 密碼直接存儲在資料庫 + - ❌ 沒有使用密碼哈希 + - ⚠️ 生產環境必須使用 Flask-Bcrypt + +2. **令牌驗證** + - ❌ 簡單的令牌格式 + - ❌ 沒有簽名驗證 + - ❌ 沒有過期檢查 + - ⚠️ 生產環境必須使用 JWT + +3. **HTTPS** + - ❌ 使用 HTTP + - ❌ 沒有 TLS/SSL + - ⚠️ 生產環境必須使用 HTTPS + +### 生產環境檢查清單 + +在部署到生產環境前,必須完成: + +- [ ] 實現密碼哈希(Flask-Bcrypt) +- [ ] 實現 JWT 令牌驗證 +- [ ] 配置 HTTPS/TLS +- [ ] 設置安全頭部 +- [ ] 實現速率限制 +- [ ] 添加輸入驗證 +- [ ] 設置日誌和監控 +- [ ] 配置防火牆規則 +- [ ] 設置自動備份 +- [ ] 進行安全測試 + +**詳細安全審計報告請參閱:** `security-fixes.md` + +--- + +## 📊 性能優化 + +### 當前狀態 +- ✅ 響應式設計 +- ✅ 前端資源優化(CDN) +- ✅ 資料庫索引 +- ✅ 懶加載 + +### 建議改進 +- [ ] 添加 Redis 緩存 +- [ ] 實現資料庫連接池 +- [ ] 添加 CDN 加速 +- [ ] 實現前端資源壓縮 +- [ ] 添加圖片優化 + +--- + +## 🐛 已知問題 + +1. **Windows 終端編碼** + - 問題:emoji 字符無法顯示 + - 狀態:已修復(移除 emoji) + +2. **簡化版認證** + - 問題:沒有真正的令牌驗證 + - 狀態:已知限制,僅用於開發 + +3. **密碼安全** + - 問題:密碼未哈希 + - 狀態:已知限制,僅用於開發 + +--- + +## 📈 未來改進 + +### 短期(1-2 週) +- [ ] 實現密碼哈希 +- [ ] 添加 JWT 令牌驗證 +- [ ] 實現角色權限控制 +- [ ] 添加輸入驗證 +- [ ] 實現速率限制 + +### 中期(1-2 個月) +- [ ] 配置 HTTPS +- [ ] 添加單元測試 +- [ ] 實現 CI/CD +- [ ] 添加監控和日誌 +- [ ] 性能優化 + +### 長期(3-6 個月) +- [ ] 移動端應用 +- [ ] 實時通知(WebSocket) +- [ ] 高級分析報表 +- [ ] 多語言支持 +- [ ] 第三方整合 + +--- + +## 📞 支援與文檔 + +### 文檔 +- `README.md` - 專案說明 +- `security-fixes.md` - 安全審計報告 +- `FEATURES_COMPLETED.md` - 功能完成清單 +- `PROJECT_SUMMARY.md` - 本文件 + +### 常見問題 + +**Q: 如何重置資料庫?** +```bash +# 刪除資料庫文件 +del instance\partner_alignment.db + +# 重新啟動應用程式 +py simple_app.py +``` + +**Q: 如何查看資料庫內容?** +```bash +# 使用 SQLite 命令行工具 +sqlite3 instance\partner_alignment.db +.tables +SELECT * FROM users; +``` + +**Q: 如何添加新用戶?** +- 方法 1: 使用註冊功能 +- 方法 2: 直接操作資料庫 +- 方法 3: 修改 `simple_app.py` 中的 `create_sample_data()` 函數 + +--- + +## 🎯 專案目標 + +### 已完成 ✅ +- [x] 基礎架構搭建 +- [x] 認證系統 +- [x] 個人儀表板 +- [x] 能力評估系統 +- [x] STAR 回饋系統 +- [x] 排名系統 +- [x] 通知系統 +- [x] 管理界面 +- [x] 數據導出 +- [x] 響應式設計 + +### 進行中 🔄 +- [ ] 安全加固 +- [ ] 性能優化 +- [ ] 測試覆蓋 + +### 規劃中 📋 +- [ ] 生產環境部署 +- [ ] 移動端支持 +- [ ] 高級分析 + +--- + +## 📝 版本歷史 + +### v1.0.0 (2025-01-17) +- ✅ 初始版本發布 +- ✅ 所有核心功能完成 +- ✅ 測試帳號創建 +- ✅ 登入界面修復 +- ✅ 安全審計完成 + +--- + +## 🙏 致謝 + +感謝所有參與專案開發和測試的人員。 + +--- + +**最後更新:** 2025-01-17 +**維護者:** 開發團隊 +**許可證:** 專有軟體 + + + diff --git a/README.md b/README.md new file mode 100644 index 0000000..d5efcb4 --- /dev/null +++ b/README.md @@ -0,0 +1,390 @@ +# 夥伴對齊系統 (Partner Alignment System) + +一個基於 Flask 的現代化夥伴對齊管理系統,提供能力評估、STAR 回饋、排名系統和全面的用戶管理功能。 + +## 🌟 主要功能 + +### 🔐 認證與授權 +- **JWT 認證**: 安全的令牌基礎認證系統 +- **角色權限管理**: 靈活的角色和權限控制 +- **用戶註冊/登入**: 完整的用戶生命週期管理 +- **會話管理**: 安全的會話和令牌刷新機制 + +### 📊 個人儀表板 +- **積分追蹤**: 實時顯示總積分和月度積分 +- **排名顯示**: 部門排名和總排名 +- **通知中心**: 系統通知和成就提醒 +- **活動記錄**: 個人活動和成就歷史 + +### 📝 能力評估系統 +- **拖拽式評估**: 直觀的能力等級評估界面 +- **多維度評估**: 支持多種能力項目的評估 +- **評估歷史**: 完整的評估記錄和追蹤 +- **數據導出**: Excel/CSV 格式的評估數據導出 + +### ⭐ STAR 回饋系統 +- **結構化回饋**: 基於 STAR 方法的回饋收集 +- **積分獎勵**: 自動積分計算和分配 +- **回饋追蹤**: 完整的回饋歷史記錄 +- **績效分析**: 基於回饋的績效分析 + +### 🏆 排名系統 +- **實時排名**: 總排名和月度排名 +- **百分位計算**: 精確的排名百分位顯示 +- **部門篩選**: 按部門查看排名 +- **排名歷史**: 排名變化和趨勢分析 + +### 👥 管理功能 +- **用戶管理**: 完整的用戶 CRUD 操作 +- **角色管理**: 角色創建、分配和權限管理 +- **審計日誌**: 完整的系統操作記錄 +- **數據管理**: 評估和回饋數據管理 + +## 🏗️ 技術架構 + +### 後端技術棧 +- **Flask 2.3.3**: Web 框架 +- **SQLAlchemy**: ORM 數據庫操作 +- **MySQL 5.7+**: 主數據庫 +- **JWT**: 認證令牌 +- **Flask-Login**: 會話管理 +- **Flask-Bcrypt**: 密碼加密 +- **APScheduler**: 定時任務 + +### 前端技術棧 +- **HTML5**: 語義化標記 +- **Bootstrap 5**: 響應式 UI 框架 +- **JavaScript ES6+**: 現代 JavaScript +- **Fetch API**: 異步數據請求 +- **CSS3**: 現代樣式和動畫 + +### 開發工具 +- **pytest**: 測試框架 +- **Docker**: 容器化部署 +- **GitHub Actions**: CI/CD 流水線 +- **Nginx**: 反向代理和負載均衡 + +## 📁 項目結構 + +``` +partner-alignment-system/ +├── app.py # 主應用程式文件 +├── config.py # 配置文件 +├── models.py # 數據模型 +├── auth.py # 認證邏輯 +├── auth_routes.py # 認證路由 +├── dashboard_routes.py # 儀表板路由 +├── admin_routes.py # 管理路由 +├── init_system.py # 系統初始化 +├── requirements.txt # Python 依賴 +├── pytest.ini # 測試配置 +├── conftest.py # 測試配置 +├── run_tests.py # 測試運行器 +├── Dockerfile # Docker 配置 +├── docker-compose.yml # Docker Compose 配置 +├── nginx.conf # Nginx 配置 +├── templates/ # HTML 模板 +│ └── index.html # 主頁面 +├── static/ # 靜態文件 +│ ├── css/ +│ │ └── style.css # 樣式文件 +│ └── js/ +│ └── app.js # 前端邏輯 +├── tests/ # 測試文件 +│ ├── unit/ # 單元測試 +│ ├── integration/ # 集成測試 +│ ├── api/ # API 測試 +│ └── e2e/ # 端到端測試 +├── .github/ # GitHub 配置 +│ └── workflows/ +│ └── ci.yml # CI/CD 流水線 +├── SETUP.md # 設置指南 +├── DEPLOYMENT.md # 部署指南 +└── README.md # 項目說明 +``` + +## 🚀 快速開始 + +### 1. 環境要求 +- Python 3.8+ +- MySQL 5.7+ +- Node.js (可選,用於前端開發) + +### 2. 安裝依賴 +```bash +# 克隆項目 +git clone +cd partner-alignment-system + +# 創建虛擬環境 +python -m venv venv +source venv/bin/activate # Linux/Mac +# 或 +venv\Scripts\activate # Windows + +# 安裝依賴 +pip install -r requirements.txt +``` + +### 3. 配置環境 +```bash +# 複製環境變量模板 +cp .env.example .env + +# 編輯環境變量 +nano .env +``` + +### 4. 初始化數據庫 +```bash +# 創建數據庫表 +python init_db.py + +# 初始化系統數據 +python init_system.py +``` + +### 5. 運行應用程式 +```bash +# 開發模式 +python app.py + +# 或使用 Flask 命令 +flask run + +# 生產模式 +gunicorn -c gunicorn.conf.py app:app +``` + +### 6. 訪問系統 +打開瀏覽器訪問 `http://localhost:5000` + +**默認管理員帳號:** +- 用戶名: `admin` +- 密碼: `admin123` + +## 🧪 測試 + +### 運行所有測試 +```bash +python run_tests.py --type all +``` + +### 運行特定測試 +```bash +# 單元測試 +python run_tests.py --type unit + +# API 測試 +python run_tests.py --type api + +# 認證測試 +python run_tests.py --type auth +``` + +### 生成覆蓋率報告 +```bash +python run_tests.py --coverage +``` + +## 🐳 Docker 部署 + +### 使用 Docker Compose +```bash +# 啟動所有服務 +docker-compose up -d + +# 查看日誌 +docker-compose logs -f app + +# 停止服務 +docker-compose down +``` + +### 單獨使用 Docker +```bash +# 構建鏡像 +docker build -t partner-alignment . + +# 運行容器 +docker run -d -p 5000:5000 partner-alignment +``` + +## 📊 數據庫設計 + +### 主要表結構 +- **users**: 用戶信息 +- **roles**: 角色定義 +- **permissions**: 權限定義 +- **assessments**: 能力評估 +- **capabilities**: 能力項目 +- **star_feedbacks**: STAR 回饋 +- **employee_points**: 員工積分 +- **monthly_rankings**: 月度排名 +- **audit_logs**: 審計日誌 +- **notifications**: 通知消息 + +### 關係設計 +- 用戶與角色:多對多關係 +- 角色與權限:多對多關係 +- 用戶與評估:一對多關係 +- 用戶與回饋:一對多關係(評估者和被評估者) + +## 🔒 安全特性 + +### 認證安全 +- JWT 令牌認證 +- 密碼哈希加密 +- 會話超時管理 +- 令牌刷新機制 + +### 授權控制 +- 基於角色的訪問控制 (RBAC) +- 細粒度權限管理 +- API 端點保護 +- 前端路由守衛 + +### 數據安全 +- SQL 注入防護 +- XSS 攻擊防護 +- CSRF 保護 +- 安全標頭配置 + +### 審計追蹤 +- 完整的操作日誌 +- 用戶行為追蹤 +- 系統事件記錄 +- 安全事件監控 + +## 📈 性能優化 + +### 數據庫優化 +- 索引優化 +- 查詢優化 +- 連接池配置 +- 緩存策略 + +### 應用程式優化 +- 異步處理 +- 緩存機制 +- 靜態文件優化 +- 壓縮配置 + +### 前端優化 +- 資源壓縮 +- 懶加載 +- 緩存策略 +- CDN 配置 + +## 🔧 配置選項 + +### 環境變量 +```bash +# 應用程式配置 +SECRET_KEY=your-secret-key +JWT_SECRET_KEY=your-jwt-secret +FLASK_ENV=production + +# 數據庫配置 +DB_HOST=localhost +DB_PORT=3306 +DB_USER=username +DB_PASSWORD=password +DB_NAME=database_name + +# 認證配置 +ENABLE_REGISTRATION=True +DEFAULT_ROLE=user +SESSION_TIMEOUT=3600 + +# 郵件配置 +MAIL_SERVER=smtp.gmail.com +MAIL_PORT=587 +MAIL_USE_TLS=True +MAIL_USERNAME=your-email +MAIL_PASSWORD=your-password +``` + +## 📚 API 文檔 + +### 認證端點 +- `POST /api/auth/register` - 用戶註冊 +- `POST /api/auth/login` - 用戶登入 +- `POST /api/auth/refresh` - 刷新令牌 +- `GET /api/auth/protected` - 受保護端點測試 + +### 評估端點 +- `GET /api/capabilities` - 獲取能力項目 +- `POST /api/assessments` - 創建評估 +- `GET /api/assessments` - 獲取評估列表 + +### 回饋端點 +- `POST /api/star-feedbacks` - 創建 STAR 回饋 +- `GET /api/star-feedbacks` - 獲取回饋列表 + +### 排名端點 +- `GET /api/rankings/total` - 獲取總排名 +- `GET /api/rankings/monthly` - 獲取月度排名 + +### 管理端點 +- `GET /api/admin/users` - 獲取用戶列表 +- `POST /api/admin/users` - 創建用戶 +- `PUT /api/admin/users/{id}` - 更新用戶 +- `DELETE /api/admin/users/{id}` - 刪除用戶 + +### 儀表板端點 +- `GET /api/dashboard/me` - 獲取個人儀表板數據 +- `POST /api/dashboard/notifications/{id}/read` - 標記通知為已讀 + +## 🤝 貢獻指南 + +### 開發流程 +1. Fork 項目 +2. 創建功能分支 +3. 提交更改 +4. 創建 Pull Request + +### 代碼規範 +- 遵循 PEP 8 規範 +- 使用類型提示 +- 編寫單元測試 +- 更新文檔 + +### 提交規範 +``` +feat: 新功能 +fix: 修復問題 +docs: 文檔更新 +style: 代碼格式 +refactor: 重構 +test: 測試 +chore: 構建過程 +``` + +## 📄 許可證 + +本項目採用 MIT 許可證 - 查看 [LICENSE](LICENSE) 文件了解詳情。 + +## 📞 支持與聯繫 + +### 問題報告 +- GitHub Issues: [創建問題](https://github.com/your-org/partner-alignment/issues) +- 郵箱支持: support@company.com + +### 文檔 +- 在線文檔: [https://docs.company.com](https://docs.company.com) +- API 文檔: [https://api-docs.company.com](https://api-docs.company.com) + +### 社區 +- 討論區: [GitHub Discussions](https://github.com/your-org/partner-alignment/discussions) +- 技術博客: [https://blog.company.com](https://blog.company.com) + +## 🙏 致謝 + +感謝所有為這個項目做出貢獻的開發者和用戶。 + +--- + +**版本**: 2.0.0 +**最後更新**: 2024年10月 +**維護者**: 開發團隊 \ No newline at end of file diff --git a/__pycache__/admin_routes.cpython-313.pyc b/__pycache__/admin_routes.cpython-313.pyc new file mode 100644 index 0000000..5b4000e Binary files /dev/null and b/__pycache__/admin_routes.cpython-313.pyc differ diff --git a/__pycache__/app.cpython-313.pyc b/__pycache__/app.cpython-313.pyc new file mode 100644 index 0000000..80801c9 Binary files /dev/null and b/__pycache__/app.cpython-313.pyc differ diff --git a/__pycache__/auth.cpython-313.pyc b/__pycache__/auth.cpython-313.pyc new file mode 100644 index 0000000..28e9ab3 Binary files /dev/null and b/__pycache__/auth.cpython-313.pyc differ diff --git a/__pycache__/auth_routes.cpython-313.pyc b/__pycache__/auth_routes.cpython-313.pyc new file mode 100644 index 0000000..f596a86 Binary files /dev/null and b/__pycache__/auth_routes.cpython-313.pyc differ diff --git a/__pycache__/config.cpython-313.pyc b/__pycache__/config.cpython-313.pyc new file mode 100644 index 0000000..b4a2b08 Binary files /dev/null and b/__pycache__/config.cpython-313.pyc differ diff --git a/__pycache__/dashboard_routes.cpython-313.pyc b/__pycache__/dashboard_routes.cpython-313.pyc new file mode 100644 index 0000000..0a7e62f Binary files /dev/null and b/__pycache__/dashboard_routes.cpython-313.pyc differ diff --git a/__pycache__/models.cpython-313.pyc b/__pycache__/models.cpython-313.pyc new file mode 100644 index 0000000..6fdee71 Binary files /dev/null and b/__pycache__/models.cpython-313.pyc differ diff --git a/__pycache__/simple_app.cpython-311.pyc b/__pycache__/simple_app.cpython-311.pyc new file mode 100644 index 0000000..7186613 Binary files /dev/null and b/__pycache__/simple_app.cpython-311.pyc differ diff --git a/config.py b/config.py new file mode 100644 index 0000000..b8dfd15 --- /dev/null +++ b/config.py @@ -0,0 +1,31 @@ +import os +from dotenv import load_dotenv +from datetime import timedelta + +load_dotenv() + +class Config: + SECRET_KEY = os.environ.get('SECRET_KEY') or 'dev-secret-key-for-testing-only' + JWT_SECRET_KEY = os.environ.get('JWT_SECRET_KEY') or 'jwt-secret-key-for-development' + JWT_ACCESS_TOKEN_EXPIRES = timedelta(hours=int(os.environ.get('JWT_ACCESS_TOKEN_EXPIRES', 1))) + JWT_REFRESH_TOKEN_EXPIRES = timedelta(days=int(os.environ.get('JWT_REFRESH_TOKEN_EXPIRES', 7))) + + SQLALCHEMY_DATABASE_URI = f"mysql+pymysql://{os.environ.get('DB_USER', 'dev_user')}:{os.environ.get('DB_PASSWORD', 'dev_password')}@{os.environ.get('DB_HOST', 'localhost')}:{os.environ.get('DB_PORT', '3306')}/{os.environ.get('DB_NAME', 'partner_alignment_dev')}" + SQLALCHEMY_TRACK_MODIFICATIONS = False + + CORS_ORIGINS = os.environ.get('CORS_ORIGINS', 'http://localhost:5000,http://127.0.0.1:5000').split(',') + + # Authentication settings + ENABLE_REGISTRATION = os.environ.get('ENABLE_REGISTRATION', 'True').lower() == 'true' + DEFAULT_ROLE = os.environ.get('DEFAULT_ROLE', 'user') + SESSION_TIMEOUT = int(os.environ.get('SESSION_TIMEOUT', 3600)) + + # Security settings + BCRYPT_LOG_ROUNDS = int(os.environ.get('BCRYPT_LOG_ROUNDS', 12)) + + # Email settings (optional) + MAIL_SERVER = os.environ.get('MAIL_SERVER') + MAIL_PORT = int(os.environ.get('MAIL_PORT', 587)) + MAIL_USE_TLS = os.environ.get('MAIL_USE_TLS', 'True').lower() == 'true' + MAIL_USERNAME = os.environ.get('MAIL_USERNAME') + MAIL_PASSWORD = os.environ.get('MAIL_PASSWORD') diff --git a/instance/partner_alignment.db b/instance/partner_alignment.db new file mode 100644 index 0000000..a7629cd Binary files /dev/null and b/instance/partner_alignment.db differ diff --git a/migrate_db.py b/migrate_db.py new file mode 100644 index 0000000..c9492a6 --- /dev/null +++ b/migrate_db.py @@ -0,0 +1,17 @@ +#!/usr/bin/env python3 +""" +資料庫遷移腳本 - 添加 DepartmentCapability 表 +""" + +from simple_app import app, db, DepartmentCapability + +def migrate(): + with app.app_context(): + # 創建新表(如果不存在) + db.create_all() + print("✓ 資料庫表已更新") + print("✓ DepartmentCapability 表已創建") + +if __name__ == '__main__': + migrate() + print("\n資料庫遷移完成!") diff --git a/partner alignment SDD-2.txt b/partner alignment SDD-2.txt new file mode 100644 index 0000000..c2c50a6 --- /dev/null +++ b/partner alignment SDD-2.txt @@ -0,0 +1,2667 @@ +٦t - n]p (SDD) v2.0 +׭qO + ק ܧ󤺮e 1.0 2025-10-15 - 쪩SDDإ 2.0 2025-10-15 - sWvɥ\Pv޲zt +? v2.0 sW\෧ +1. vɻO +* ӤHnY +* ƦWʤp +* ıvɱƦ] +* Nt +* nͶչϪ +2. v޲zt +* Th[c]Wź޲z/޲z/ϥΪ̡^ +* ϥΪ̻{һPv +* Ӳɫv +* ާ@xl +* wSession޲z + +1. T +: 2.0 +̫s: 2025~10 +󪬺A: ׭q +M: ޲zt + +2. Kn +2.1 Mץؼ +إߤ@M㪺٦OP޲zxAzLıƩԤ²ƯOy{AþXSTAR^XBCƿnvɨtλPv޲zAɲ´H~oiP޲zIJvC +2.2 ֤߻ȥDi +* IJv: Ԧާ@50%HWɶ +* cƦ^X: STARج[TO^X~Pilܩ +* CƿEy: ?? vɱƦWPʤܫPi}v +* wޱ: ?? 㪺v޲zTOƦw +* X: 㪺ƤRPץX\ +2.3 䦨\ +* v30% +* ^X~зǤƹF90% +* tΨϥβvF80%HW +* ΤᬡD״40%]CƿEy^ +* wƥso͡]v޲z^ + +3. tά[c]p +3.1 ޳N[c +zwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww{ +x eݼh (Presentation) x +x HTML5 + Bootstrap 5 + JavaScript x +x + Chart.js (Ϫ) + ʺAO x +|wwwwwwwwwwwwwswwwwwwwwwwwwwwwwwwwwwwwwwww} + x HTTP/REST API + JWT Token +zwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww{ +x μh (Application) x +x Python Flask + SQLAlchemy x +x + Flask-Login ({) x +x + Flask-JWT-Extended (Token) x +x + v˹ (Authorization) x +|wwwwwwwwwwwwwswwwwwwwwwwwwwwwwwwwwwwwwwww} + x ORM +zwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww{ +x Ƽh (Data) x +x MySQL 5.7+ / 8.0+ x +x + Τ{Ҫ + v x +|wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww} +3.2 tΤh +3.2.1 eݼh]sW\^ +* ¾d: ϥΪ̤B޿BƮiܡBYɻO +* ޳N﫬: +o Bootstrap 5: TUIج[ +o JavaScript: ԥ\B +o Chart.js: nͶչϪPƦWı +o Counter.js: ƦrʵeĪG +o HTML5 Drag & Drop API: OԤ +* Ҳ: +o app.js: uƻPAPIqT +o assessment.js: O޿ +o admin.js: x޲z޿ +o dashboard.js: ?? ӤHOPvɱƦW +o auth.js: ?? nJ/nX/v +3.2.2 μh]sW\^ +* ¾d: ~޿BƳBzBAPIѡB{ұv +* ޳N﫬: +o Flask 2.x: qWebج[ +o SQLAlchemy: ORMƮwHh +o Flask-Login: ΤSession޲z +o Flask-JWT-Extended: Token{ +o Flask-Bcrypt: KX[K +o Flask-CORS: ШDBz +o pandas + openpyxl: ƶץX +* w: +o ܼƺ޲zӷPT +o CORS쭭 +o JһPSQL`J@ +o ~Bz +o KX]Bcrypt^ +o JWT Token{ +o vˬd˹ +o ާ@xO +3.2.3 Ƽh]sW\^ +* ¾d: ƫ[ơBduơBvƺ޲z +* ޳N﫬: MySQL 5.7+ / 8.0+ +* S: +o ưȳBzOҸƤ@P +o uƬd߮į +o JSONxsuʸ +o Τ{Ҹƥ[Kxs +o vpdu + +4. Ʈw]p]tsW^ +4.1 ERYϡ]v2.0^ +zwwwwwwwwwwwwww{ zwwwwwwwwwwwwww{ zwwwwwwwwwwwwww{ +x users xwwwwwwx user_roles xwwwwwwx roles x +x (Τ) x M:N x (Τᨤ) x M:N x () x +|wwwwwwswwwwwww} |wwwwwwwwwwwwww} |wwwwwwswwwwwww} + x x + x x M:N + x zwwwwwwwwwwwwww{ + x xrole_permissionsx + x x (v) x + x |wwwwwwswwwwwwww} + x x + x zwwwwwwwwwwwwww{ + x x permissions x + x x (v) x + x |wwwwwwwwwwwwwww} + x + uwwwwwwwwwwwww{ + x x + zwwwwwww{ zwwwwwwwwwwww{ zwwwwwwwwwwwwwwwwww{ + x audit_ x x assessments x x capabilities x + x logs x x (O) x x (O) x + x(x) x |wwwwwwwwwwwww} |wwwwwwwwwwwwwwwwww} + |wwwwwwww} + x + +zwwwwwwwwwwwwwwwww{ zwwwwwwwwwwwwwwwwww{ +x star_feedbacks xwwwww?x employee_points x +x (STAR^X) x x (un) x +|wwwwwwwwwwwwwwwww} |wwwwwwwwwwswwwwwww} + x x + x + x zwwwwwwwwwwwwwwwwww{ + |wwwwwwwwwwwwww?x monthly_rankings x + x (ױƦW) x + |wwwwwwwwwwwwwwwwww} +4.2 sWƪc +4.2.1 users (Τ) ?? +W ƫO id INT D PK, AUTO_INCREMENT username VARCHAR(50) ΤW NOT NULL, UNIQUE email VARCHAR(100) qll NOT NULL, UNIQUE password_hash VARCHAR(255) KX NOT NULL full_name VARCHAR(100) umW NOT NULL department VARCHAR(100) NOT NULL position VARCHAR(100) ¾ NOT NULL employee_id VARCHAR(50) us UNIQUE is_active BOOLEAN bA DEFAULT TRUE last_login_at DATETIME ̫nJɶ NULL created_at DATETIME إ߮ɶ DEFAULT CURRENT_TIMESTAMP updated_at DATETIME sɶ ON UPDATE CURRENT_TIMESTAMP ޵: +* idx_username: (username) UNIQUE +* idx_email: (email) UNIQUE +* idx_department: (department) +* idx_employee_id: (employee_id) UNIQUE +KXWh: +* ̤8r +* ]tjpgr +* ]tƦr +* ]tSŸ +4.2.2 roles () ?? +W ƫO id INT D PK, AUTO_INCREMENT name VARCHAR(50) W NOT NULL, UNIQUE display_name VARCHAR(100) ܦW NOT NULL description TEXT ⻡ NULL level INT h NOT NULL is_active BOOLEAN O_ҥ DEFAULT TRUE created_at DATETIME إ߮ɶ DEFAULT CURRENT_TIMESTAMP w]: +INSERT INTO roles (name, display_name, description, level) VALUES +('super_admin', 'Wź޲z', 'tγ̰vAi޲zҦ\PΤ', 100), +('admin', '޲z', '޲zvAi޲zΤP', 50), +('user', '@ϥΪ', '򥻨ϥvAidݭӤHƻPƦW', 10); +hŻ: +* Level 100: Wź޲z +* Level 50: ޲z +* Level 10: @ϥΪ +4.2.3 permissions (v) ?? +W ƫO id INT D PK, AUTO_INCREMENT name VARCHAR(100) vW NOT NULL, UNIQUE display_name VARCHAR(100) ܦW NOT NULL resource VARCHAR(50) 귽 NOT NULL action VARCHAR(50) ʧ@ NOT NULL description TEXT v NULL created_at DATETIME إ߮ɶ DEFAULT CURRENT_TIMESTAMP vRWWd: resource:action +* d: user:create, assessment:read, report:export +w]vM: +-- Τ޲zv +INSERT INTO permissions (name, display_name, resource, action, description) VALUES +('user:create', 'إߥΤ', 'user', 'create', 'إ߷sΤb'), +('user:read', 'dݥΤ', 'user', 'read', 'dݥΤ'), +('user:update', 'sΤ', 'user', 'update', 'sΤ'), +('user:delete', 'RΤ', 'user', 'delete', 'RΤb'), +('user:manage_roles', '޲z', 'user', 'manage_roles', 'tΤᨤ'), + +-- ޲zv +('assessment:create', 'إߵ', 'assessment', 'create', 'إ߯O'), +('assessment:read', 'dݵ', 'assessment', 'read', 'dݵ'), +('assessment:read_all', 'dݩҦ', 'assessment', 'read_all', 'dݩҦ'), +('assessment:update', 's', 'assessment', 'update', 's'), +('assessment:delete', 'R', 'assessment', 'delete', 'RO'), + +-- STAR^Xv +('feedback:create', 'إߦ^X', 'feedback', 'create', 'إSTAR^X'), +('feedback:read', 'dݦ^X', 'feedback', 'read', 'dݦ^X'), +('feedback:read_all', 'dݩҦ^X', 'feedback', 'read_all', 'dݩҦ^X'), + +-- ƦWv +('ranking:read', 'dݱƦW', 'ranking', 'read', 'dݭӤHƦW'), +('ranking:read_department', 'dݳƦW', 'ranking', 'read_department', 'dݳƦW'), +('ranking:read_all', 'dݩҦƦW', 'ranking', 'read_all', 'dݥqƦW'), +('ranking:calculate', 'pƦW', 'ranking', 'calculate', 'IJoƦWp'), + +-- v +('report:export', 'ץX', 'report', 'export', 'ץXƳ'), +('report:export_all', 'ץXҦ', 'report', 'export_all', 'ץXq'), + +-- tκ޲zv +('system:config', 'tγ]w', 'system', 'config', 'קtγ]w'), +('system:logs', 'dݤx', 'system', 'logs', 'dݨtξާ@x'), +('system:backup', 'Ƴƥ', 'system', 'backup', 'Ƴƥ'); +4.2.4 role_permissions (vp) ?? +W ƫO id INT D PK, AUTO_INCREMENT role_id INT ID FK roles.id permission_id INT vID FK permissions.id created_at DATETIME إ߮ɶ DEFAULT CURRENT_TIMESTAMP ޵: +* unique_role_permission: (role_id, permission_id) UNIQUE +* idx_role_id: (role_id) +* idx_permission_id: (permission_id) +w]vtm: +# Wź޲z: Ҧv +super_admin_permissions = [Ҧv] + +# ޲z: ޲zv +admin_permissions = [ + 'user:read', 'user:update', + 'assessment:create', 'assessment:read', 'assessment:read_all', + 'assessment:update', 'assessment:delete', + 'feedback:create', 'feedback:read', 'feedback:read_all', + 'ranking:read', 'ranking:read_department', 'ranking:read_all', + 'report:export' +] + +# ϥΪ: 򥻬dv +user_permissions = [ + 'assessment:read', + 'feedback:read', + 'ranking:read' +] +4.2.5 user_roles (Τᨤp) ?? +W ƫO id INT D PK, AUTO_INCREMENT user_id INT ΤID FK users.id role_id INT ID FK roles.id assigned_by INT tID FK users.id, NULL assigned_at DATETIME tɶ DEFAULT CURRENT_TIMESTAMP ޵: +* unique_user_role: (user_id, role_id) UNIQUE +* idx_user_id: (user_id) +* idx_role_id: (role_id) +~ȳWh: +* @ӥΤi֦hӨ +* vҦ⪺p +* w]sΤ۰ʤt user +4.2.6 audit_logs (ާ@x) ?? +W ƫO id INT D PK, AUTO_INCREMENT user_id INT ΤID FK users.id, NULL action VARCHAR(100) ާ@ʧ@ NOT NULL resource_type VARCHAR(50) 귽 NOT NULL resource_id INT 귽ID NULL details JSON ާ@Ա NULL ip_address VARCHAR(45) IP} NULL user_agent VARCHAR(255) ΤNz NULL status ENUM A 'success', 'failed' error_message TEXT ~T NULL created_at DATETIME إ߮ɶ DEFAULT CURRENT_TIMESTAMP ޵: +* idx_user_id: (user_id) +* idx_action: (action) +* idx_created_at: (created_at) +* idx_resource: (resource_type, resource_id) +Oާ@: +* login: nJ +* logout: nX +* create: إ߸귽 +* read: dݸ귽 +* update: s귽 +* delete: R귽 +* export: ץX +* permission_change: vܧ +4.3 즳ƪs +4.3.1 employee_points (un) - sW +sW: +W ƫO user_id INT pΤID FK users.id, NULL department_rank INT ƦW NULL department_percentile DECIMAL(5,2) ʤ NULL total_rank INT `ƦW NULL total_percentile DECIMAL(5,2) `ʤ NULL ʤp⻡: +# ʤ = (ӹLH / `H) 100 +# Ҧp: 10HAƦW3 +# department_percentile = (7 / 10) 100 = 70.00 +# ܳӹL70%P +4.3.2 star_feedbacks (STAR^X) - sW +sW: +W ƫO evaluator_user_id INT ̥ΤID FK users.id, NULL evaluatee_user_id INT ̥ΤID FK users.id, NULL +5. ?? vɥ\]p +5.1 ӤHO (Dashboard) +5.1.1 \෧z +: /dashboard +v: ҦwnJΤ +sWv: ɡ]CJɭp^ +5.1.2 OG +zwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww{ +x ?? w^ӡAiTI ̫nJ: 10/15 x +uwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwt +x x +x zwwwwwwwwwwwwww{ zwwwwwwwwwwwwww{ zwwwwwwwwwwwwww{ x +x x `n x x ƦW x x sW x x +x x x x x x x x +x x 450 pts x x #3 / 15 x x +80 pts x x +x x x x x x x x +x x ?? Top 20% x x ӹL 80% x x ?? +21% x x +x |wwwwwwwwwwwwww} |wwwwwwwwwwwwww} |wwwwwwwwwwwwww} x +x x +uwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwt +x nͶ x +x zwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww{ x +x x x x +x x ?? [u: Lh6ӤnͶ] x x +x x x x +x |wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww} x +uwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwt +x Ʀ] (Top 10) x +x zwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww{ x +x x ƦW mW n x x +x x ?? 1 580 ????? x x +x x ?? 2 | 520 ??? x x +x x ?? 3 iT 450 ?? (A) x x +x x 4 420 x x +x x 5 ... x x +x |wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww} x +uwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwt +x ̪񦬨쪺^X (̷s5) x +x zwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww{ x +x x 10/14 | D | ????? | "MץIuq..." x x +x x 10/10 | gz | ???? | "ζX@}n..." x x +x x ... x x +x |wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww} x +|wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww} +5.1.3 ֤߫л +1. `n (Total Points) +* : ֿn`n +* p: ҦSTAR^Xn`M +* CsX: +o ?? : Top 20% (uq) +o ?? : 21-50% (}n) +o ?? : 51-80% (q) +o ?? : Bottom 20% (ݧVO) +2. ƦW (Department Rank) +* : #eƦW / `H +* ʤ: ӹLX%P +* p⤽: +department_percentile = ((total_count - rank) / total_count) 100 +# Ҧp: 15HƦW3 +# percentile = ((15 - 3) / 15) 100 = 80% +3. sWn +* : ֿnn +* Ͷ: PWʤܤ +* ϥ: +o ?? W +o ?? U +o ?? +5.1.4 t +n: + W yz ?? P 1W nax ?? ȵP 2W nȭx ?? ɵP 3W nux ?? y{ Top 10% e10% ? uq{ Top 20% e20% ?? sӤ s3Ӥ1 ?? ʤ o510 V~ ?? iBP W>50% ֳt N: + W yz ?? F o^X XĤ@B ?? s6Ӥ릳^X { ?? ζP 󳡪^X X@ ?? 5LųO oi 5.2 vɱƦ] +5.2.1 \෧z +: /leaderboard +v: ҦwnJΤ +zﶵ: +* qƦW +* ƦW +* ױƦW +* ~ױƦW +5.2.2 Ʀ]]p +zwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww{ +x ?? vɱƦ] x +uwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwt +x z: [q] [롿] [޳N] ?? jM x +uwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwt +x x +x zwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww{ x +x x ?? ax x x +x x zwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww{ x x +x x x ?? (޳N - `u{v) x x x +x x x ?? 580 n x x x +x x x ????? ӹL 98% P x x x +x x |wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww} x x +x |wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww} x +x x +x zwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww{ x +x x ƦW mW ¾ n ʤ x x +x x wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww x x +x x ?? 1 ޳N `u{v 580 98% ????x x +x x ?? 2 | ~ȳ ~ȸgz 520 96% ???x x +x x ?? 3 iT ޳N u{v 450 94% ?? x x +x x 4 ޳N u{v 420 92% ? x x +x x 5 ]C H곡 M 380 90% x x +x x ... x x +x x 42 A ޳N u{v 150 45% x x +x x ... x x +x |wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww} x +x x +x [1] [2] [3] ... [10] U@ x +|wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww} +5.2.3 ʥ\ +IƦW: +* ܸӭuԲӿnG +* dݳ̪STAR^X +* nͶչϪ +ƦWܤ: +* VWbY: ƦWW +* VUbY: ƦWU +* ?? Ǧu: ƦW +* ?? Ŧ: si] +ƦWWh: +1. nDZƦC +2. nۦPɫ̪^XɶƧ +3. snܱƦWAܬu|v +4. idݡuvBuuvBu~vBu`nv +5.3 ʤp޿ +5.3.1 ʤp +def calculate_department_percentile(user_id, department): + """ + pΤbʤƦW + + Args: + user_id: ΤID + department: W + + Returns: + dict: { + 'rank': ƦW, + 'total': `H, + 'percentile': ʤ, + 'better_than_count': ӹLH + } + """ + # 1. d߳Ҧun + employees = db.session.query(EmployeePoints)\ + .filter_by(department=department)\ + .filter(EmployeePoints.total_points > 0)\ + .order_by(EmployeePoints.total_points.desc())\ + .all() + + total_count = len(employees) + + # 2. ΤƦW + user_rank = None + for idx, emp in enumerate(employees, start=1): + if emp.user_id == user_id: + user_rank = idx + break + + if user_rank is None: + return { + 'rank': 0, + 'total': total_count, + 'percentile': 0.0, + 'better_than_count': 0 + } + + # 3. pʤ + better_than_count = total_count - user_rank + percentile = (better_than_count / total_count * 100) if total_count > 0 else 0 + + return { + 'rank': user_rank, + 'total': total_count, + 'percentile': round(percentile, 2), + 'better_than_count': better_than_count + } + +# ϥνd +result = calculate_department_percentile(user_id=1, department="޳N") +print(f"ƦW: #{result['rank']} / {result['total']}") +print(f"ӹL {result['percentile']}% P") +print(f"ӹL {result['better_than_count']} H") +5.3.2 qʤp +def calculate_total_percentile(user_id): + """ + pΤbqʤƦW + + Returns: + dict: qƦWT + """ + # dߩҦun + all_employees = db.session.query(EmployeePoints)\ + .filter(EmployeePoints.total_points > 0)\ + .order_by(EmployeePoints.total_points.desc())\ + .all() + + total_count = len(all_employees) + + # ΤƦW + user_rank = None + for idx, emp in enumerate(all_employees, start=1): + if emp.user_id == user_id: + user_rank = idx + break + + if user_rank is None: + return { + 'rank': 0, + 'total': total_count, + 'percentile': 0.0, + 'tier': 'unranked' + } + + # pʤPh + better_than_count = total_count - user_rank + percentile = (better_than_count / total_count * 100) if total_count > 0 else 0 + + # P_h + if percentile >= 80: + tier = 'top_20' # y 20% + elif percentile >= 50: + tier = 'top_50' # e 50% + elif percentile >= 20: + tier = 'middle' # q + else: + tier = 'bottom_20' # 20% + + return { + 'rank': user_rank, + 'total': total_count, + 'percentile': round(percentile, 2), + 'tier': tier + } +5.3.3 wsƦW +# wɥ: CpɧsƦWPʤ +from apscheduler.schedulers.background import BackgroundScheduler + +def update_all_rankings(): + """sҦuƦWPʤ""" + try: + # 1. sƦW + departments = db.session.query(EmployeePoints.department)\ + .distinct().all() + + for (dept,) in departments: + employees = db.session.query(EmployeePoints)\ + .filter_by(department=dept)\ + .filter(EmployeePoints.total_points > 0)\ + .order_by(EmployeePoints.total_points.desc())\ + .all() + + total = len(employees) + for rank, emp in enumerate(employees, start=1): + better_than = total - rank + percentile = (better_than / total * 100) if total > 0 else 0 + + emp.department_rank = rank + emp.department_percentile = round(percentile, 2) + + # 2. sqƦW + all_employees = db.session.query(EmployeePoints)\ + .filter(EmployeePoints.total_points > 0)\ + .order_by(EmployeePoints.total_points.desc())\ + .all() + + total = len(all_employees) + for rank, emp in enumerate(all_employees, start=1): + better_than = total - rank + percentile = (better_than / total * 100) if total > 0 else 0 + + emp.total_rank = rank + emp.total_percentile = round(percentile, 2) + + db.session.commit() + print(f"? ƦWs: {total} u") + + except Exception as e: + db.session.rollback() + print(f"? ƦWs: {str(e)}") + +# Ұʩwɥ +scheduler = BackgroundScheduler() +scheduler.add_job(update_all_rankings, 'interval', hours=1) +scheduler.start() +5.4 Yɳqt +5.4.1 qIJoɾ +ƥ qe u s^X "?? zӦXXXs^XAoXXnI" ƦWW "?? ߡIzƦWWɦܲXWI" iJeX% "?? ӴΤFIzwiJe10%I" o "? sNGXXX" QWV "?? zƦWUܲXW" C ױƦW "?? ƦWwAzƦWX" 5.4.2 q@ +# qƪ (i@) +class Notification(db.Model): + id = db.Column(db.Integer, primary_key=True) + user_id = db.Column(db.Integer, db.ForeignKey('users.id')) + type = db.Column(db.String(50)) # 'new_feedback', 'rank_up', 'badge' + title = db.Column(db.String(100)) + message = db.Column(db.Text) + is_read = db.Column(db.Boolean, default=False) + created_at = db.Column(db.DateTime, default=datetime.utcnow) + +def send_notification(user_id, notification_type, title, message): + """oeqΤ""" + notification = Notification( + user_id=user_id, + type=notification_type, + title=title, + message=message + ) + db.session.add(notification) + db.session.commit() + + # iXi: EmailBSlackBq + +6. ?? v޲ztγ]p +6.1 {Ҭy{]p +6.1.1 ΤUy{ +ΤUШD + +ҿJ (email榡BKXjסB) + +ˬdΤW/EmailO_wsb + +KX[K (Bcrypt) + +إߥΤO + +۰ʤtu@ϥΪ̡v + +oewl (i) + +^\T +APII: POST /api/auth/register +ШDBody: +{ + "username": "zhangsan", + "email": "zhangsan@company.com", + "password": "SecurePass123!", + "full_name": "iT", + "department": "޳N", + "position": "u{v", + "employee_id": "EMP001" +} +KXҳWh: +import re + +def validate_password(password): + """ + KXj + + Wh: + - ܤ8r + - ]tjgr + - ]tpgr + - ]tƦr + - ]tSŸ + """ + if len(password) < 8: + return False, "KXܤֻݭn8Ӧr" + + if not re.search(r'[A-Z]', password): + return False, "KXݥ]tjgr" + + if not re.search(r'[a-z]', password): + return False, "KXݥ]tpgr" + + if not re.search(r'\d', password): + return False, "KXݥ]tƦr" + + if not re.search(r'[!@#$%^&*(),.?":{}|<>]', password): + return False, "KXݥ]tSŸ" + + return True, "KXjײŦXnD" +6.1.2 ΤnJy{ +ΤnJШD (username + password) + +dߥΤO_sb + +ұKX (Bcrypt verify) + +ˬdbA (is_active) + +dߥΤᨤPv + +ͦJWT Token + +s̫nJɶ + +OnJx + +^Token + ΤT +APII: POST /api/auth/login +ШDBody: +{ + "username": "zhangsan", + "password": "SecurePass123!" +} +\^: +{ + "success": true, + "message": "nJ\", + "data": { + "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", + "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", + "token_type": "Bearer", + "expires_in": 3600, + "user": { + "id": 1, + "username": "zhangsan", + "email": "zhangsan@company.com", + "full_name": "iT", + "department": "޳N", + "position": "u{v", + "roles": ["user"], + "permissions": ["assessment:read", "feedback:read", "ranking:read"] + } + } +} +6.1.3 JWT Token]p +Tokenc: +# Access Token (Ĵ1p) +{ + "user_id": 1, + "username": "zhangsan", + "roles": ["user"], + "permissions": ["assessment:read", "feedback:read"], + "exp": 1729000000, # Lɶ + "iat": 1728996400 # ñoɶ +} + +# Refresh Token (Ĵ7) +{ + "user_id": 1, + "type": "refresh", + "exp": 1729601200, + "iat": 1728996400 +} +Token@: +from flask_jwt_extended import ( + JWTManager, create_access_token, create_refresh_token, + jwt_required, get_jwt_identity, get_jwt +) + +jwt = JWTManager(app) + +def generate_tokens(user): + """ͦAccess TokenMRefresh Token""" + + # dzToken payload + additional_claims = { + "roles": [role.name for role in user.roles], + "permissions": get_user_permissions(user), + "department": user.department + } + + # ͦtokens + access_token = create_access_token( + identity=user.id, + additional_claims=additional_claims, + expires_delta=timedelta(hours=1) + ) + + refresh_token = create_refresh_token( + identity=user.id, + expires_delta=timedelta(days=7) + ) + + return { + "access_token": access_token, + "refresh_token": refresh_token, + "token_type": "Bearer", + "expires_in": 3600 + } +6.1.4 Tokensy{ +APII: POST /api/auth/refresh +ШDHeader: +Authorization: Bearer +^: +{ + "access_token": "new_access_token...", + "expires_in": 3600 +} +6.2 vˬd +6.2.1 v˹ +from functools import wraps +from flask import jsonify +from flask_jwt_extended import get_jwt + +def permission_required(*required_permissions): + """ + vˬd˹ + + Ϊk: + @permission_required('user:create', 'user:update') + def create_user(): + ... + """ + def decorator(fn): + @wraps(fn) + @jwt_required() + def wrapper(*args, **kwargs): + # qJWTΤv + jwt_data = get_jwt() + user_permissions = jwt_data.get('permissions', []) + + # ˬdO_֦һv + has_permission = all( + perm in user_permissions + for perm in required_permissions + ) + + if not has_permission: + return jsonify({ + 'success': False, + 'message': 'v', + 'required_permissions': list(required_permissions) + }), 403 + + return fn(*args, **kwargs) + + return wrapper + return decorator + +def role_required(*required_roles): + """ + ˬd˹ + + Ϊk: + @role_required('admin', 'super_admin') + def admin_function(): + ... + """ + def decorator(fn): + @wraps(fn) + @jwt_required() + def wrapper(*args, **kwargs): + jwt_data = get_jwt() + user_roles = jwt_data.get('roles', []) + + has_role = any(role in user_roles for role in required_roles) + + if not has_role: + return jsonify({ + 'success': False, + 'message': 'v', + 'required_roles': list(required_roles) + }), 403 + + return fn(*args, **kwargs) + + return wrapper + return decorator +6.2.2 귽Ҧvˬd +def resource_owner_or_permission(permission): + """ + ˬdO_귽֦̩ξ֦Swv + + Ω: ΤuקۤvơAD޲zv + """ + def decorator(fn): + @wraps(fn) + @jwt_required() + def wrapper(resource_user_id, *args, **kwargs): + current_user_id = get_jwt_identity() + jwt_data = get_jwt() + user_permissions = jwt_data.get('permissions', []) + + # O귽֦ OR ޲zv + is_owner = (current_user_id == resource_user_id) + has_permission = permission in user_permissions + + if not (is_owner or has_permission): + return jsonify({ + 'success': False, + 'message': 'Lvs귽' + }), 403 + + return fn(resource_user_id, *args, **kwargs) + + return wrapper + return decorator + +# ϥνd +@app.route('/api/users//profile', methods=['PUT']) +@resource_owner_or_permission('user:update') +def update_user_profile(user_id): + """sΤ - usۤvΦ޲zv""" + # ... s޿ + pass +6.2.3 Ʀs +def department_access_required(fn): + """ + Ʀs + + Wh: + - @Τ: uݦۤv + - ޲z: iݦۤv޲z + - Wź޲z: iݩҦ + """ + @wraps(fn) + @jwt_required() + def wrapper(*args, **kwargs): + jwt_data = get_jwt() + user_roles = jwt_data.get('roles', []) + user_department = jwt_data.get('department') + + # qШDѼns + request_department = request.args.get('department') or request.json.get('department') + + # Wź޲z: qL + if 'super_admin' in user_roles: + return fn(*args, **kwargs) + + # ޲z: ˬdO_޲z + if 'admin' in user_roles: + managed_departments = get_managed_departments(get_jwt_identity()) + if request_department in managed_departments: + return fn(*args, **kwargs) + + # @Τ: usۤv + if request_department == user_department: + return fn(*args, **kwargs) + + return jsonify({ + 'success': False, + 'message': 'LvsL' + }), 403 + + return wrapper +6.3 vtm +6.3.1 wqPvx} +\Ҳ v @ϥΪ ޲z Wź޲z Τ޲z dݥΤM ? ? () ? () إߥΤ ? ? ? sΤ ? (ۤv) ? () ? () RΤ ? ? ? ޲z ? ? ? O إߵ ? ? ? dݵ ? (ۤv) ? () ? () s ? (ۤv) ? () ? () R ? ? () ? STAR^X إߦ^X ? ? ? dݦ^X ? (ۤv) ? () ? () ƦWt dݭӤHƦW ? ? ? dݳƦW ? () ? () ? () dݥqƦW ? ? ? ʭpƦW ? ? ? ץX ץXӤH ? ? ? ץX ? ? ? ץXq ? ? ? tκ޲z dݨtΤx ? ? ? tγ]w ? ? ? Ƴƥ ? ? ? 6.3.2 vlƸ} +def initialize_roles_and_permissions(): + """lƨPv""" + + # 1. إv + permissions_data = [ + # Τ޲z + ('user:create', 'إߥΤ', 'user', 'create'), + ('user:read', 'dݥΤ', 'user', 'read'), + ('user:update', 'sΤ', 'user', 'update'), + ('user:delete', 'RΤ', 'user', 'delete'), + ('user:manage_roles', '޲z', 'user', 'manage_roles'), + + # ޲z + ('assessment:create', 'إߵ', 'assessment', 'create'), + ('assessment:read', 'dݵ', 'assessment', 'read'), + ('assessment:read_all', 'dݩҦ', 'assessment', 'read_all'), + ('assessment:update', 's', 'assessment', 'update'), + ('assessment:delete', 'R', 'assessment', 'delete'), + + # STAR^X + ('feedback:create', 'إߦ^X', 'feedback', 'create'), + ('feedback:read', 'dݦ^X', 'feedback', 'read'), + ('feedback:read_all', 'dݩҦ^X', 'feedback', 'read_all'), + + # ƦW + ('ranking:read', 'dݱƦW', 'ranking', 'read'), + ('ranking:read_department', 'dݳƦW', 'ranking', 'read_department'), + ('ranking:read_all', 'dݩҦƦW', 'ranking', 'read_all'), + ('ranking:calculate', 'pƦW', 'ranking', 'calculate'), + + # + ('report:export', 'ץX', 'report', 'export'), + ('report:export_all', 'ץXҦ', 'report', 'export_all'), + + # t + ('system:config', 'tγ]w', 'system', 'config'), + ('system:logs', 'dݤx', 'system', 'logs'), + ('system:backup', 'Ƴƥ', 'system', 'backup'), + ] + + permissions = {} + for name, display_name, resource, action in permissions_data: + perm = Permission( + name=name, + display_name=display_name, + resource=resource, + action=action + ) + db.session.add(perm) + permissions[name] = perm + + db.session.flush() + + # 2. إߨ + roles_data = [ + ('super_admin', 'Wź޲z', 'tγ̰v', 100), + ('admin', '޲z', '޲zv', 50), + ('user', '@ϥΪ', '򥻨ϥv', 10), + ] + + roles = {} + for name, display_name, description, level in roles_data: + role = Role( + name=name, + display_name=display_name, + description=description, + level=level + ) + db.session.add(role) + roles[name] = role + + db.session.flush() + + # 3. tv + # Wź޲z: Ҧv + for perm in permissions.values(): + roles['super_admin'].permissions.append(perm) + + # ޲z: ޲zv + admin_perms = [ + 'user:read', 'user:update', + 'assessment:create', 'assessment:read', 'assessment:read_all', + 'assessment:update', 'assessment:delete', + 'feedback:create', 'feedback:read', 'feedback:read_all', + 'ranking:read', 'ranking:read_department', 'ranking:read_all', + 'report:export' + ] + for perm_name in admin_perms: + if perm_name in permissions: + roles['admin'].permissions.append(permissions[perm_name]) + + # @ϥΪ: v + user_perms = [ + 'assessment:read', + 'feedback:read', + 'ranking:read' + ] + for perm_name in user_perms: + if perm_name in permissions: + roles['user'].permissions.append(permissions[perm_name]) + + db.session.commit() + print("? PvlƧ") +6.4 v޲zx +6.4.1 Τ޲z +: /admin/users +vnD: super_admin +zwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww{ +x ?? Τ޲z x +uwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwt +x [+ sWΤ] ?? jM: [_______] x +x z: [Ҧ] [Ҧ⡿] [A] x +uwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwt +x ? ΤW mW ¾ A ާ@ x +x wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww x +x zhangsan iT ޳N u{v user ? [???]x +x lisi | ~ȳ gz admin ? [???]x +x wangwu ޳N ` admin ? [???]x +x zhaoliu H곡 M user ? [???]x +x ... x +uwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwt +x 妸ާ@: [ҥ] [] [R] x +x [1] [2] [3] ... U@ x +|wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww} +Τsܮ: +zwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww{ +x sΤ: iT x +uwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwt +x ΤW: zhangsan x +x lc: zhangsan@company.com x +x mW: iT x +x : [޳N] x +x ¾: [u{v] x +x uID: EMP001 x +x x +x : Wź޲z x +x ? ޲z x +x ? @ϥΪ x +x x +x A: ҥ x +x x +x []KX] x +x x +x [] [xs] x +|wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww} +6.4.2 ޲z +: /admin/roles +vnD: super_admin +zwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww{ +x ?? ޲z x +uwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwt +x [+ sW] x +uwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwt +x W ܦW h A ާ@ x +x wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww x +x super_admin Wź޲z 100 ? [???v] x +x admin ޲z 50 ? [???v] x +x user @ϥΪ 10 ? [???v] x +x ... x +|wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww} +vtmܮ: +zwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww{ +x tmv: ޲z x +uwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwt +x ?? Τ޲z x +x user:create إߥΤ x +x ? user:read dݥΤ x +x ? user:update sΤ x +x user:delete RΤ x +x user:manage_roles ޲z x +x x +x ?? ޲z x +x ? assessment:create x +x ? assessment:read x +x ? assessment:read_all x +x ? assessment:update x +x ? assessment:delete x +x x +x ?? STAR^X x +x ? feedback:create x +x ? feedback:read x +x ? feedback:read_all x +x x +x [] [Ͽ] []] x +x x +x [] [xs] x +|wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww} +6.4.3 ާ@x +: /admin/audit-logs +vnD: system:logs +zwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww{ +x ?? ާ@x x +uwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwt +x ɶd: [2025-10-01] [2025-10-15] x +x z: [ҦΤ᡿] [Ҧʧ@] [ҦA] x +x ?? jM: [____________] x +uwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwt +x ɶ Τ ʧ@ 귽 A IP x +x wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww x +x 10/15 14:23 iT login - ? 192... x +x 10/15 14:25 iT create assessment ? 192... x +x 10/15 14:30 | update user ? 192... x +x 10/15 14:31 delete feedback ? 192... x +x ... x +uwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwt +x [ץXx] [M¤x] x +x [1] [2] [3] ... U@ x +|wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww} +xԱ: +zwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww{ +x ާ@Ա x +uwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwt +x ɶ: 2025-10-15 14:25:33 x +x Τ: iT (zhangsan) x +x ʧ@: إߵ x +x 귽: assessment #123 x +x A: ? \ x +x IP}: 192.168.1.100 x +x s: Chrome 118.0 x +x x +x ШD: x +x { x +x "department": "޳N", x +x "position": "u{v", x +x "assessment_data": {...} x +x } x +x x +x ^: x +x { x +x "success": true, x +x "assessment_id": 123 x +x } x +x x +x [] x +|wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww} +6.5 wWjI +6.5.1 nJw +# nJѭp +class LoginAttempt(db.Model): + id = db.Column(db.Integer, primary_key=True) + username = db.Column(db.String(50)) + ip_address = db.Column(db.String(45)) + attempt_time = db.Column(db.DateTime, default=datetime.utcnow) + success = db.Column(db.Boolean, default=False) + +def check_login_attempts(username, ip_address): + """ + ˬdnJѦ + + Wh: + - 5: w15 + - 10: w1p + - 20: ä[wAݺ޲z + """ + # d̪߳15Ѧ + recent_attempts = LoginAttempt.query.filter( + LoginAttempt.username == username, + LoginAttempt.ip_address == ip_address, + LoginAttempt.success == False, + LoginAttempt.attempt_time >= datetime.utcnow() - timedelta(minutes=15) + ).count() + + if recent_attempts >= 5: + return False, "nJѦƹLhA15A" + + return True, None + +def record_login_attempt(username, ip_address, success): + """OnJ""" + attempt = LoginAttempt( + username=username, + ip_address=ip_address, + success=success + ) + db.session.add(attempt) + db.session.commit() +6.5.2 Session޲z +# Sessionƪ +class UserSession(db.Model): + id = db.Column(db.Integer, primary_key=True) + user_id = db.Column(db.Integer, db.ForeignKey('users.id')) + token_jti = db.Column(db.String(36), unique=True) # JWT ID + ip_address = db.Column(db.String(45)) + user_agent = db.Column(db.String(255)) + created_at = db.Column(db.DateTime, default=datetime.utcnow) + expires_at = db.Column(db.DateTime) + is_active = db.Column(db.Boolean, default=True) + +def revoke_all_user_sessions(user_id): + """MPΤҦSession (Ҧp: KXܧ)""" + UserSession.query.filter_by(user_id=user_id).update( + {'is_active': False} + ) + db.session.commit() + +# JWT TokenMPˬd +@jwt.token_in_blocklist_loader +def check_if_token_revoked(jwt_header, jwt_payload): + jti = jwt_payload['jti'] + session = UserSession.query.filter_by(token_jti=jti).first() + + if not session: + return True # TokensbAwMP + + return not session.is_active # ˬdSessionO_ҥ +6.5.3 ӷPާ@G +def require_password_confirmation(fn): + """ + ӷPާ@ݭnGKX + + AΩ: + - RΤ + - קv + - ץXӷP + """ + @wraps(fn) + @jwt_required() + def wrapper(*args, **kwargs): + # ˬdO_ѱKX + password = request.json.get('confirm_password') + + if not password: + return jsonify({ + 'success': False, + 'message': 'ާ@ݭnKXT{' + }), 401 + + # ұKX + user_id = get_jwt_identity() + user = User.query.get(user_id) + + if not user or not bcrypt.check_password_hash(user.password_hash, password): + return jsonify({ + 'success': False, + 'message': 'KXҥ' + }), 401 + + return fn(*args, **kwargs) + + return wrapper + +# ϥνd +@app.route('/api/users/', methods=['DELETE']) +@permission_required('user:delete') +@require_password_confirmation +def delete_user(user_id): + """RΤ - ݭnKXT{""" + # ... R޿ + pass + +7. APII]p]sPsW^ +7.1 {ҬAPI ?? +POST /api/auth/register +UsΤ +ШDBody: +{ + "username": "zhangsan", + "email": "zhangsan@company.com", + "password": "SecurePass123!", + "full_name": "iT", + "department": "޳N", + "position": "u{v", + "employee_id": "EMP001" +} +^ (201): +{ + "success": true, + "message": "U\", + "user_id": 1 +} +POST /api/auth/login +ΤnJ +ШDBody: +{ + "username": "zhangsan", + "password": "SecurePass123!" +} +^ (200): +{ + "success": true, + "access_token": "eyJhbGci...", + "refresh_token": "eyJhbGci...", + "user": { + "id": 1, + "username": "zhangsan", + "full_name": "iT", + "department": "޳N", + "roles": ["user"], + "permissions": ["assessment:read", "feedback:read"] + } +} +POST /api/auth/logout +ΤnX +ШDHeader: +Authorization: Bearer +^ (200): +{ + "success": true, + "message": "nX\" +} +POST /api/auth/refresh +sToken +ШDHeader: +Authorization: Bearer +^ (200): +{ + "access_token": "new_token..." +} +GET /api/auth/me +eΤT +^ (200): +{ + "id": 1, + "username": "zhangsan", + "email": "zhangsan@company.com", + "full_name": "iT", + "department": "޳N", + "position": "u{v", + "roles": ["user"], + "permissions": ["assessment:read", "feedback:read"], + "last_login_at": "2025-10-15T14:23:00Z" +} +7.2 OAPI ?? +GET /api/dashboard +ӤHO +v: wnJΤ +^ (200): +{ + "user": { + "id": 1, + "full_name": "iT", + "department": "޳N", + "position": "u{v" + }, + "points": { + "total_points": 450, + "monthly_points": 80, + "monthly_change_percent": 21.5 + }, + "department_ranking": { + "rank": 3, + "total": 15, + "percentile": 80.0, + "better_than_count": 12 + }, + "total_ranking": { + "rank": 15, + "total": 120, + "percentile": 87.5, + "tier": "top_20" + }, + "badges": [ + { + "icon": "??", + "name": "y{", + "description": "e10%" + } + ], + "recent_feedbacks": [ + { + "id": 123, + "evaluator_name": "D", + "score": 5, + "points_earned": 50, + "feedback_date": "2025-10-14", + "result_preview": "MץIuqAWVw..." + } + ], + "points_trend": [ + {"month": "2025-05", "points": 320}, + {"month": "2025-06", "points": 350}, + {"month": "2025-07", "points": 380}, + {"month": "2025-08", "points": 410}, + {"month": "2025-09", "points": 420}, + {"month": "2025-10", "points": 450} + ] +} +GET /api/leaderboard +Ʀ] +v: wnJΤ +ШDѼ: +* scope: company | department (w]: company) +* period: total | monthly | yearly (w]: total) +* department: W (scope=department) +* year: ~ (period=monthly/yearly) +* month: (period=monthly) +* page: X (w]: 1) +* per_page: C (w]: 50) +^ (200): +{ + "scope": "company", + "period": "total", + "rankings": [ + { + "rank": 1, + "employee_name": "", + "department": "޳N", + "position": "`u{v", + "total_points": 580, + "percentile": 98.0, + "badges": ["??", "??", "??"], + "rank_change": 0, + "is_current_user": false + }, + { + "rank": 2, + "employee_name": "|", + "department": "~ȳ", + "position": "~ȸgz", + "total_points": 520, + "percentile": 96.0, + "badges": ["??", "??", "?"], + "rank_change": 1, + "is_current_user": false + }, + { + "rank": 3, + "employee_name": "iT", + "department": "޳N", + "position": "u{v", + "total_points": 450, + "percentile": 94.0, + "badges": ["??", "??"], + "rank_change": -1, + "is_current_user": true + } + ], + "total": 120, + "page": 1, + "per_page": 50, + "pages": 3 +} +7.3 Τ޲zAPI ?? +GET /api/admin/users +ΤM +v: user:read +ШDѼ: +* page: X +* per_page: C +* department: z +* role: z +* is_active: Az +* search: jMr +^ (200): +{ + "users": [ + { + "id": 1, + "username": "zhangsan", + "full_name": "iT", + "email": "zhangsan@company.com", + "department": "޳N", + "position": "u{v", + "roles": ["user"], + "is_active": true, + "last_login_at": "2025-10-15T14:23:00Z", + "created_at": "2025-01-01T00:00:00Z" + } + ], + "total": 50, + "page": 1, + "per_page": 20 +} +POST /api/admin/users +إ߷sΤ +v: user:create +PUT /api/admin/users/:user_id +sΤT +v: user:update θ귽֦ +DELETE /api/admin/users/:user_id +RΤ +v: user:delete +ݭn: KXT{ +PUT /api/admin/users/:user_id/roles +sΤᨤ +v: user:manage_roles +ШDBody: +{ + "role_ids": [1, 2], + "confirm_password": "password" +} +7.4 v޲zAPI ?? +GET /api/admin/roles +M +v: super_admin +POST /api/admin/roles +إ߷s +v: super_admin +PUT /api/admin/roles/:role_id/permissions +sv +v: super_admin +ШDBody: +{ + "permission_ids": [1, 2, 3, 5, 8], + "confirm_password": "password" +} +7.5 ާ@xAPI ?? +GET /api/admin/audit-logs +ާ@x +v: system:logs +ШDѼ: +* start_date: }l +* end_date: +* user_id: ΤIDz +* action: ʧ@z +* status: Az +^ (200): +{ + "logs": [ + { + "id": 1, + "user_id": 1, + "username": "zhangsan", + "action": "login", + "resource_type": null, + "resource_id": null, + "status": "success", + "ip_address": "192.168.1.100", + "created_at": "2025-10-15T14:23:00Z" + } + ], + "total": 1000, + "page": 1, + "per_page": 50 +} + +8. eݭs +8.1 sWM + W vnD /login nJ } ΤnJ /register U } sΤU]i^ /dashboard ӤHO wnJ nBƦWBͶ /leaderboard vɱƦ] wnJ q/ƦW /profile ӤH wnJ d/sӤH /admin/users Τ޲z user:read ΤMP޲z /admin/roles ޲z super_admin Pvtm /admin/logs ާ@x system:logs tξާ@O 8.2 ɯs + + + +9. pPҰtms +9.1 ܼƧs +.env d: +# Ʈw]w +DB_HOST=localhost +DB_PORT=3306 +DB_NAME=partner_alignment +DB_USER=db_user +DB_PASSWORD=strong_password + +# Flask]w +FLASK_ENV=production +FLASK_DEBUG=False +FLASK_HOST=127.0.0.1 +FLASK_PORT=5000 + +# w]w +SECRET_KEY=your_64_char_random_secret_key_here +JWT_SECRET_KEY=your_64_char_jwt_secret_key_here +JWT_ACCESS_TOKEN_EXPIRES=3600 # 1p +JWT_REFRESH_TOKEN_EXPIRES=604800 # 7 + +# CORS]w +CORS_ORIGINS=https://your-domain.com + +# l]w (Ωq) +MAIL_SERVER=smtp.gmail.com +MAIL_PORT=587 +MAIL_USE_TLS=True +MAIL_USERNAME=your_email@company.com +MAIL_PASSWORD=your_email_password + +# tγ]w +ENABLE_REGISTRATION=False # O_}U +DEFAULT_ROLE=user # sΤw] +SESSION_TIMEOUT=3600 # SessionLɶ() +9.2 lƸ} +init_system.py: +"""tΪlƸ}""" + +from app import create_app, db +from app.models import User, Role, Permission +from flask_bcrypt import Bcrypt + +def init_system(): + """lƨt""" + app = create_app() + bcrypt = Bcrypt(app) + + with app.app_context(): + print("?? }llƨt...") + + # 1. إ߸Ʈw + print("?? إ߸ +Ʈw...") db.create_all() print("? Ʈwإߧ") + # 2. lƨPv + print("?? lƨPv...") + initialize_roles_and_permissions() + print("? PvlƧ") + + # 3. إ߹w]޲zb + print("?? إ߹w]޲z...") + admin_exists = User.query.filter_by(username='admin').first() + + if not admin_exists: + admin_password = 'Admin@123456' # ijnJߧYק + admin_user = User( + username='admin', + email='admin@company.com', + password_hash=bcrypt.generate_password_hash(admin_password).decode('utf-8'), + full_name='tκ޲z', + department='tκ޲z', + position='Wź޲z', + employee_id='ADMIN001', + is_active=True + ) + + # tWź޲z + super_admin_role = Role.query.filter_by(name='super_admin').first() + admin_user.roles.append(super_admin_role) + + db.session.add(admin_user) + db.session.commit() + + print("? w]޲zإߧ") + print(f" ΤW: admin") + print(f" KX: {admin_password}") + print(" ?? ХߧYnJíקKXI") + else: + print("?? ޲zbwsbALإ") + + # 4. lƹw]O + print("?? lƯO...") + init_capabilities() + print("? OتlƧ") + + # 5. إߴոơ]i^ + if app.config.get('TESTING'): + print("?? إߴո...") + create_test_data() + print("? ոƫإߧ") + + print("?? tΪlƧI") + print("\nU@B:") + print("1. ϥ admin/Admin@123456 nJt") + print("2. ߧYק޲zKX") + print("3. إߨL޲z̻PΤb") + print("4. }lϥΨt") +def initialize_roles_and_permissions(): """lƨPv]pewq^""" # ... (Ѧҫe 6.3.2 @) pass +def init_capabilities(): """lƯO""" from app.models import Capability +capabilities_data = [ + { + "name": "{]pP}o", + "l1_description": "༶g򥻵{XA²\}o", + "l2_description": "W߶}oץ\A`sXWdP̨ι", + "l3_description": "]ptά[cAuƵ{įABz޳ND", + "l4_description": "ɹζ޳NVAw}oзǡAi޳Nf", + "l5_description": "W޳NA޻޳NзsAvT´޳NV" + }, + { + "name": "tΤRP]p", + "l1_description": "zѰ򥻻ݨDAѻPݨDQ", + "l2_description": "W߶iݨDRA]p²t", + "l3_description": "BzݨDA]piXitά[c", + "l4_description": "DɤjM׳]pAɹζ[cM", + "l5_description": "w~Ŭ[cзǡAʲ´[cti" + }, + { + "name": "M׺޲z", + "l1_description": "tȡAɦ^i", + "l2_description": "Wߺ޲zpMסAո귽Pɵ{", + "l3_description": "BzMסAѨM󳡪@DAI", + "l4_description": "ɦhӱMסAiM׸gzAuƺ޲zy{", + "l5_description": "wM׺޲zAإPMOtAʲ´" + }, + { + "name": "޳NɻP", + "l1_description": "Dz߷s޳NAɰ򥻸g", + "l2_description": "ɷsHAUζѨMD", + "l3_description": "Dɧ޳NɡAVζAɹζO", + "l4_description": "إߧ޳NζAwVpeAoiH~趤", + "l5_description": "إߧ޳NơAvT´Dzߪ^Ai޳Nɪ" + } +] + +for cap_data in capabilities_data: + existing = Capability.query.filter_by(name=cap_data['name']).first() + if not existing: + capability = Capability(**cap_data) + db.session.add(capability) + +db.session.commit() +def create_test_data(): """إߴոơ]}o/ҥΡ^""" from app.models import User, EmployeePoints, StarFeedback import random from datetime import datetime, timedelta +bcrypt = Bcrypt() + +# إߴեΤ +departments = ['޳N', '~ȳ', 'H곡', ']ȳ'] +positions = ['u{v', '`u{v', 'M', '`M', 'gz'] + +test_users = [] +for i in range(1, 21): # إ20ӴեΤ + username = f'user{i:02d}' + user = User( + username=username, + email=f'{username}@company.com', + password_hash=bcrypt.generate_password_hash('Test@1234').decode('utf-8'), + full_name=f'խu{i:02d}', + department=random.choice(departments), + position=random.choice(positions), + employee_id=f'TEST{i:03d}', + is_active=True + ) + + # t + if i <= 2: + # e2Ӭ޲z + admin_role = Role.query.filter_by(name='admin').first() + user.roles.append(admin_role) + + user_role = Role.query.filter_by(name='user').first() + user.roles.append(user_role) + + db.session.add(user) + test_users.append(user) + +db.session.commit() + +# إߴզ^XPn +for user in test_users: + # إ߭unO + emp_points = EmployeePoints( + user_id=user.id, + employee_name=user.full_name, + department=user.department, + position=user.position, + total_points=0, + monthly_points=0 + ) + db.session.add(emp_points) + + # Hإ3-8^X + num_feedbacks = random.randint(3, 8) + for j in range(num_feedbacks): + evaluator = random.choice(test_users) + score = random.randint(3, 5) + points = score * 10 + + feedback_date = datetime.now() - timedelta(days=random.randint(1, 90)) + + feedback = StarFeedback( + evaluator_user_id=evaluator.id, + evaluator_name=evaluator.full_name, + evaluatee_user_id=user.id, + evaluatee_name=user.full_name, + evaluatee_department=user.department, + evaluatee_position=user.position, + situation=f"ձҴyz{j+1}: MפJ޳NDԻݭnѨM", + task=f"եȻ{j+1}: ݭnbwɶSwؼ", + action=f"զʴyz{j+1}: ĨBJiDRPѨM", + result=f"յG{j+1}: \FؼШo^X", + score=score, + points_earned=points, + feedback_date=feedback_date.date() + ) + db.session.add(feedback) + + # ֥[n + emp_points.total_points += points + emp_points.monthly_points += points + +db.session.commit() + +# sƦW +from app.services import update_all_rankings +update_all_rankings() +if name == 'main': init_system() + +### 9.3 ƮwE} + +**migrations/add_auth_tables.sql**: +```sql +-- Τ +CREATE TABLE IF NOT EXISTS users ( + id INT AUTO_INCREMENT PRIMARY KEY, + username VARCHAR(50) NOT NULL UNIQUE, + email VARCHAR(100) NOT NULL UNIQUE, + password_hash VARCHAR(255) NOT NULL, + full_name VARCHAR(100) NOT NULL, + department VARCHAR(100) NOT NULL, + position VARCHAR(100) NOT NULL, + employee_id VARCHAR(50) UNIQUE, + is_active BOOLEAN DEFAULT TRUE, + last_login_at DATETIME NULL, + created_at DATETIME DEFAULT CURRENT_TIMESTAMP, + updated_at DATETIME DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + INDEX idx_username (username), + INDEX idx_email (email), + INDEX idx_department (department), + INDEX idx_employee_id (employee_id) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; + +-- +CREATE TABLE IF NOT EXISTS roles ( + id INT AUTO_INCREMENT PRIMARY KEY, + name VARCHAR(50) NOT NULL UNIQUE, + display_name VARCHAR(100) NOT NULL, + description TEXT, + level INT NOT NULL, + is_active BOOLEAN DEFAULT TRUE, + created_at DATETIME DEFAULT CURRENT_TIMESTAMP +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; + +-- v +CREATE TABLE IF NOT EXISTS permissions ( + id INT AUTO_INCREMENT PRIMARY KEY, + name VARCHAR(100) NOT NULL UNIQUE, + display_name VARCHAR(100) NOT NULL, + resource VARCHAR(50) NOT NULL, + action VARCHAR(50) NOT NULL, + description TEXT, + created_at DATETIME DEFAULT CURRENT_TIMESTAMP, + INDEX idx_resource (resource), + INDEX idx_action (action) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; + +-- vp +CREATE TABLE IF NOT EXISTS role_permissions ( + id INT AUTO_INCREMENT PRIMARY KEY, + role_id INT NOT NULL, + permission_id INT NOT NULL, + created_at DATETIME DEFAULT CURRENT_TIMESTAMP, + FOREIGN KEY (role_id) REFERENCES roles(id) ON DELETE CASCADE, + FOREIGN KEY (permission_id) REFERENCES permissions(id) ON DELETE CASCADE, + UNIQUE KEY unique_role_permission (role_id, permission_id), + INDEX idx_role_id (role_id), + INDEX idx_permission_id (permission_id) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; + +-- Τᨤp +CREATE TABLE IF NOT EXISTS user_roles ( + id INT AUTO_INCREMENT PRIMARY KEY, + user_id INT NOT NULL, + role_id INT NOT NULL, + assigned_by INT, + assigned_at DATETIME DEFAULT CURRENT_TIMESTAMP, + FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE, + FOREIGN KEY (role_id) REFERENCES roles(id) ON DELETE CASCADE, + FOREIGN KEY (assigned_by) REFERENCES users(id) ON DELETE SET NULL, + UNIQUE KEY unique_user_role (user_id, role_id), + INDEX idx_user_id (user_id), + INDEX idx_role_id (role_id) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; + +-- ާ@x +CREATE TABLE IF NOT EXISTS audit_logs ( + id INT AUTO_INCREMENT PRIMARY KEY, + user_id INT, + action VARCHAR(100) NOT NULL, + resource_type VARCHAR(50) NOT NULL, + resource_id INT, + details JSON, + ip_address VARCHAR(45), + user_agent VARCHAR(255), + status ENUM('success', 'failed') DEFAULT 'success', + error_message TEXT, + created_at DATETIME DEFAULT CURRENT_TIMESTAMP, + FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE SET NULL, + INDEX idx_user_id (user_id), + INDEX idx_action (action), + INDEX idx_created_at (created_at), + INDEX idx_resource (resource_type, resource_id) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; + +-- s employee_points AsWƦW +ALTER TABLE employee_points +ADD COLUMN user_id INT AFTER id, +ADD COLUMN department_rank INT, +ADD COLUMN department_percentile DECIMAL(5,2), +ADD COLUMN total_rank INT, +ADD COLUMN total_percentile DECIMAL(5,2), +ADD FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE SET NULL, +ADD INDEX idx_user_id (user_id), +ADD INDEX idx_department_rank (department, department_rank), +ADD INDEX idx_total_rank (total_rank); + +-- s star_feedbacks AsWΤIDp +ALTER TABLE star_feedbacks +ADD COLUMN evaluator_user_id INT AFTER id, +ADD COLUMN evaluatee_user_id INT AFTER evaluator_name, +ADD FOREIGN KEY (evaluator_user_id) REFERENCES users(id) ON DELETE SET NULL, +ADD FOREIGN KEY (evaluatee_user_id) REFERENCES users(id) ON DELETE SET NULL, +ADD INDEX idx_evaluator_user_id (evaluator_user_id), +ADD INDEX idx_evaluatee_user_id (evaluatee_user_id); + +10. D\ݨD]s^ +10.1 įݨD + ؼЭ Jɶ < 2 ]tOϪV API^ɶ < 500ms 95ʤ õoϥΪ 100+ PɦbuϥΪ̼ Ʈwd < 100ms 榸d߮ɶ ɮ׶ץX < 5 1000ƥH ƦWp < 30 sҦuƦW OJ < 1.5 ]tϪPέp nJ < 200ms JWTҮɶ įuƵ]sW^: +* ƦWƧ֨]Redis^ +* Oƹwp +* ϪƼWqJ +* Tokenҥa֨ +* Session޲z +10.2 wݨD]jơ^ +10.2.1 {Ҧw +? w@: +* BcryptKX[K]]l12^ +* JWT Token{ +* Refresh Token +* Session޲zPMP +* nJw +* IPզW]i^ +10.2.2 vw +? w@: +* 󨤦⪺s]RBAC^ +* Ӳɫvˬd +* 귽Ҧv +* ƹj +* ӷPާ@G +10.2.3 Ʀw +? w@: +* SQL`J@]ѼƤƬdߡ^ +* XSS@]JMz^ +* CSRF@]Tokenҡ^ +* ӷPƥ[K +* ާ@xO +10.2.4 qTw +? w@: +* HTTPSjϥ +* wY]w +* CORS쭭 +* Tokenǿ[K +10.3 iΩʻݨD +ؼ: tΥiΩ ? 99.5% +e]jơ^: +* ƮwDqƻs +* RedisGಾ +* uŵ +* dˬdI +* ۰ʭҾ +ʱ: +* AȥiΩ +* API^ɶ +* Ʈwsu +* Oϥβv +* ~vέp +10.4 i@ʻݨD +{X~]jơ^: +* ҲդƬ[c]p +* ̿`JҦ +* 椸л\v ? 80% +* Xл\֤߬y{ +* {Xfdy{ +󧹾: +* API]Swagger/OpenAPI^ +* [c]p +* pBU +* Gٱưn +* ΤϥΤU +10.5 XiʻݨD +XiO: +* LAAPI]p +* Session~xs]Redis^ +* ƮwŪg +* tŤ䴩 +* LAȤƷdz +ƼWw: + wW OdF Τ 200H/~ ä[Od O 5000/~ ä[Od STAR^X 10000/~ ä[Od ާ@x 100U/~ Od2~ ƦWO 2400/~ Od5~ +11. յ]s^ +11.1 sW +11.1.1 {ұv +class TestAuthentication: + """{ҥ\""" + + def test_login_with_valid_credentials(self): + """: TbKnJ\""" + response = self.client.post('/api/auth/login', json={ + 'username': 'testuser', + 'password': 'Test@1234' + }) + + assert response.status_code == 200 + data = response.get_json() + assert 'access_token' in data + assert 'refresh_token' in data + + def test_login_with_invalid_password(self): + """: ~KXnJ""" + response = self.client.post('/api/auth/login', json={ + 'username': 'testuser', + 'password': 'WrongPassword' + }) + + assert response.status_code == 401 + + def test_access_protected_route_without_token(self): + """: TokensO@""" + response = self.client.get('/api/dashboard') + assert response.status_code == 401 + + def test_access_protected_route_with_valid_token(self): + """: TokensO@""" + token = self.get_auth_token() + response = self.client.get( + '/api/dashboard', + headers={'Authorization': f'Bearer {token}'} + ) + assert response.status_code == 200 + +class TestAuthorization: + """v\""" + + def test_user_cannot_access_admin_route(self): + """: @ΤLks޲z""" + user_token = self.get_user_token() + response = self.client.get( + '/api/admin/users', + headers={'Authorization': f'Bearer {user_token}'} + ) + assert response.status_code == 403 + + def test_admin_can_access_department_data(self): + """: ޲z̥is""" + admin_token = self.get_admin_token() + response = self.client.get( + '/api/assessments?department=޳N', + headers={'Authorization': f'Bearer {admin_token}'} + ) + assert response.status_code == 200 + + def test_user_cannot_access_other_department_data(self): + """: @ΤLksL""" + user_token = self.get_user_token(department='޳N') + response = self.client.get( + '/api/assessments?department=~ȳ', + headers={'Authorization': f'Bearer {user_token}'} + ) + assert response.status_code == 403 +11.1.2 O\ +class TestDashboard: + """O\""" + + def test_get_dashboard_data(self): + """: O""" + token = self.get_auth_token() + response = self.client.get( + '/api/dashboard', + headers={'Authorization': f'Bearer {token}'} + ) + + assert response.status_code == 200 + data = response.get_json() + + # ҸƵc + assert 'user' in data + assert 'points' in data + assert 'department_ranking' in data + assert 'total_ranking' in data + assert 'badges' in data + assert 'recent_feedbacks' in data + + def test_dashboard_ranking_calculation(self): + """: OƦWp⥿T""" + # إߴո + self.create_test_employees_with_points([ + ('uA', 100), + ('uB', 80), + ('եΤ', 60), + ('uC', 40) + ]) + + token = self.get_auth_token() + response = self.client.get( + '/api/dashboard', + headers={'Authorization': f'Bearer {token}'} + ) + + data = response.get_json() + ranking = data['department_ranking'] + + assert ranking['rank'] == 3 + assert ranking['total'] == 4 + assert ranking['percentile'] == 25.0 # ӹL1H / 4H +11.1.3 Ʀ] +class TestLeaderboard: + """Ʀ]\""" + + def test_get_company_leaderboard(self): + """: qƦ]""" + token = self.get_auth_token() + response = self.client.get( + '/api/leaderboard?scope=company', + headers={'Authorization': f'Bearer {token}'} + ) + + assert response.status_code == 200 + data = response.get_json() + + assert 'rankings' in data + assert len(data['rankings']) > 0 + + # ұƧ + rankings = data['rankings'] + for i in range(len(rankings) - 1): + assert rankings[i]['total_points'] >= rankings[i+1]['total_points'] + + def test_leaderboard_with_ties(self): + """: Ʀ]æCƦWBz""" + # إߨæCnu + self.create_test_employees_with_points([ + ('uA', 100), + ('uB', 80), + ('uC', 80), # æC + ('uD', 60) + ]) + + token = self.get_auth_token() + response = self.client.get( + '/api/leaderboard', + headers={'Authorization': f'Bearer {token}'} + ) + + data = response.get_json() + rankings = data['rankings'] + + assert rankings[0]['rank'] == 1 + assert rankings[1]['rank'] == 2 + assert rankings[2]['rank'] == 2 # æC2 + assert rankings[3]['rank'] == 4 # +11.2 w +class TestSecurity: + """w\""" + + def test_sql_injection_prevention(self): + """: SQL`J@""" + malicious_input = "admin' OR '1'='1" + response = self.client.post('/api/auth/login', json={ + 'username': malicious_input, + 'password': 'test' + }) + + assert response.status_code == 401 + # Ӧ\nJ + + def test_xss_prevention(self): + """: XSS@""" + xss_script = "" + token = self.get_admin_token() + + response = self.client.post( + '/api/assessments', + headers={'Authorization': f'Bearer {token}'}, + json={ + 'department': xss_script, + 'position': 'u{v', + 'assessment_data': {} + } + ) + + # ӳQڵβMz + assert response.status_code in [400, 422] + + def test_password_strength_validation(self): + """: KXj""" + weak_passwords = [ + 'short', # ӵu + 'alllowercase', # Sjg + 'ALLUPPERCASE', # Spg + 'NoNumbers!', # SƦr + 'NoSpecial123' # SSŸ + ] + + for weak_pwd in weak_passwords: + response = self.client.post('/api/auth/register', json={ + 'username': 'testuser', + 'email': 'test@test.com', + 'password': weak_pwd, + 'full_name': '', + 'department': '޳N', + 'position': 'u{v' + }) + + assert response.status_code == 400 + + def test_rate_limiting(self): + """: nJѦƭ""" + for i in range(6): # 6 + response = self.client.post('/api/auth/login', json={ + 'username': 'testuser', + 'password': 'wrong_password' + }) + + # 6ӳQw + assert response.status_code == 429 # Too Many Requests + +12. ʱPB +12.1 ʱ +12.1.1 tκʱ +# dˬdI +@app.route('/health') +def health_check(): + """tΰdˬd""" + checks = { + 'status': 'healthy', + 'timestamp': datetime.utcnow().isoformat(), + 'checks': {} + } + + # Ʈwsuˬd + try: + db.session.execute('SELECT 1') + checks['checks']['database'] = 'ok' + except Exception as e: + checks['status'] = 'unhealthy' + checks['checks']['database'] = f'error: {str(e)}' + + # Redissuˬd]pϥΡ^ + try: + redis_client.ping() + checks['checks']['redis'] = 'ok' + except Exception as e: + checks['checks']['redis'] = f'error: {str(e)}' + + # ϺЪŶˬd + import shutil + disk_usage = shutil.disk_usage('/') + disk_percent = (disk_usage.used / disk_usage.total) * 100 + + if disk_percent > 90: + checks['status'] = 'warning' + checks['checks']['disk'] = f'high usage: {disk_percent:.1f}%' + else: + checks['checks']['disk'] = f'ok: {disk_percent:.1f}%' + + status_code = 200 if checks['status'] == 'healthy' else 503 + return jsonify(checks), status_code + +# tΫкI +@app.route('/metrics') +@permission_required('system:logs') +def system_metrics(): + """tΫ""" + import psutil + + return jsonify({ + 'cpu_percent': psutil.cpu_percent(), + 'memory_percent': psutil.virtual_memory().percent, + 'disk_percent': psutil.disk_usage('/').percent, + 'active_users': get_active_user_count(), + 'api_calls_today': get_api_call_count_today(), + 'average_response_time': get_average_response_time() + }) +12.1.2 ~Ⱥʱ +# ~ȫкI +@app.route('/api/admin/statistics') +@permission_required('system:logs') +def business_statistics(): + """~Ȳέp""" + from datetime import datetime, timedelta + + today = datetime.now().date() + week_ago = today - timedelta(days=7) + month_ago = today - timedelta(days=30) + + return jsonify({ + # Τέp + 'users': { + 'total': User.query.filter_by(is_active=True).count(), + 'new_this_week': User.query.filter( + User.created_at >= week_ago + ).count(), + 'active_today': get_active_users_today() + }, + + # έp + 'assessments': { + 'total': Assessment.query.count(), + 'this_month': Assessment.query.filter( + Assessment.created_at >= month_ago + ).count() + }, + + # ^Xέp + 'feedbacks': { + 'total': StarFeedback.query.count(), + 'this_month': StarFeedback.query.filter( + StarFeedback.feedback_date >= month_ago + ).count(), + 'average_score': db.session.query( + func.avg(StarFeedback.score) + ).scalar() + }, + + # ƦWέp + 'rankings': { + 'top_performer': get_top_performer(), + 'most_improved': get_most_improved_employee() + } + }) +12.2 x޲z +# xtm +import logging +from logging.handlers import RotatingFileHandler + +def setup_logging(app): + """]wx""" + + # ε{x + if not app.debug: + file_handler = RotatingFileHandler( + 'logs/app.log', + maxBytes=10485760, # 10MB + backupCount=10 + ) + file_handler.setFormatter(logging.Formatter( + '%(asctime)s %(levelname)s: %(message)s ' + '[in %(pathname)s:%(lineno)d]' + )) + file_handler.setLevel(logging.INFO) + app.logger.addHandler(file_handler) + app.logger.setLevel(logging.INFO) + app.logger.info('tαҰ') + + # wx + security_handler = RotatingFileHandler( + 'logs/security.log', + maxBytes=10485760, + backupCount=10 + ) + security_handler.setLevel(logging.WARNING) + security_logger = logging.getLogger('security') + security_logger.addHandler(security_handler) + + return app +12.3 ƥ +#!/bin/bash +# backup.sh - Ʈwƥ} + +# ]w +DB_HOST="localhost" +DB_NAME="partner_alignment" +DB_USER="backup_user" +DB_PASS="backup_password" +BACKUP_DIR="/backup/mysql" +DATE=$(date +%Y%m%d_%H%M%S) +RETENTION_DAYS=30 + +# إ߳ƥؿ +mkdir -p $BACKUP_DIR + +# ƥƮw +echo "}lƥƮw..." +mysqldump -h $DB_HOST -u $DB_USER -p$DB_PASS $DB_NAME \ + | gzip > $BACKUP_DIR/backup_$DATE.sql.gz + +# ˬdƥG +if [ $? -eq 0 ]; then + echo "? ƥ\: backup_$DATE.sql.gz" + + # R³ƥ + find $BACKUP_DIR -name "backup_*.sql.gz" -mtime +$RETENTION_DAYS -delete + echo "? MzWL${RETENTION_DAYS}Ѫ³ƥ" +else + echo "? ƥ" + exit 1 +fi + +# WǦܶxs]i^ +# aws s3 cp $BACKUP_DIR/backup_$DATE.sql.gz s3://your-bucket/backups/ + +echo "ƥ" +Crontab]w: +# Cѭ2Iƥ +0 2 * * * /path/to/backup.sh >> /var/log/backup.log 2>&1 + +13. Gٱưn +13.1 `D +D1: LknJt +g: nJܡuΤWαKX~v +i]: +1. KX~ +2. bQ +3. nJѦƹLhQw +ѨM: +-- ˬdbA +SELECT id, username, is_active, last_login_at +FROM users +WHERE username = 'username'; + +-- ]KX]޲zާ@^ +UPDATE users +SET password_hash = '$bcrypt_hash' +WHERE username = 'username'; + +-- MnJѰO +DELETE FROM login_attempts +WHERE username = 'username' +AND attempt_time < NOW() - INTERVAL 1 HOUR; + +-- ҥαb +UPDATE users +SET is_active = TRUE +WHERE username = 'username'; +D2: ƦWܤT +g: OƦWPڿn +i]: +1. ƦWήɧs +2. np~ +3. ֨D +ѨM: +# IJoƦWs +from app.services import update_all_rankings +update_all_rankings() + +# MƦW֨ +redis_client.delete('rankings:*') + +# spҦn +from app.services import recalculate_all_points +recalculate_all_points() +D3: tήįwC +g: API^ɶLAJwC +E_BJ: +# 1. ˬdCd +SELECT * FROM mysql.slow_log ORDER BY query_time DESC LIMIT 10; + +# 2. ˬdƮwsu +SHOW PROCESSLIST; + +# 3. ˬdtθ귽 +# CPUBOBϺI/O + +# 4. ˬdε{x +tail -f logs/app.log | grep ERROR +uƱI: +* sWƮw +* ҥάdߧ֨ +* W[A귽 +* uƺCd +13.2 Bzy{ +tάGٵo + +1. T{vTd + - \ಧ` vs tΧLks + - vTΤƶq + +2. Ұ汹I + - ܳƥΨtΡ]p^ + - ܺ@i + - qH + +3. DE_ + - dݿ~x + - ˬdtθ귽 + - T{̪ܧ + +4. D״_ + - ^u̪ܧ + - ״_{X~ + - _Ʈw + +5. Ҵ + - \ + - į + - wˬd + +6. _A + - vB}s + - ʱtΪA + - Oƥi + +7. ƫ˰Q + - Rڥ] + - iwI + - s + +14. spe +14.1 v2.1 W]u^ +wpɵ{: 1-2Ӥ +\M: +* [ ] ʸ˸mMΤu +* [ ] qt +* [ ] NtXR]h^ +* [ ] \]IgBס^ +* [ ] ץXPDF +* [ ] hy䴩]^^ +14.2 v3.0 W]^ +wpɵ{: 3-6Ӥ +\M: +* [ ] AIˡ]Ooiij^ +* [ ] 360צ^Xt +* [ ] ¾Poi|W +* [ ] XHRtΡ]p^ +* [ ] ƾڤRO]޲zh^ +* [ ] ۭqKPI +14.3 v4.0 W]^ +wpɵ{: 6-12Ӥ +\M: +* [ ] LAȬ[cc +* [ ] Dz߹wҫ +* [ ] ϶{ҡ]OҮѡ^ +* [ ] }APIx +* [ ] ĤTX]SlackBTeams^ +* [ ] ݳp + +15. +15.1 Ny]s^ +Ny wq O NuOP´ؼЩ¾nDiǰtL{ STARج[ Situation-Task-Action-ResultAcƦ^Xk L1-L5 OšAqL1()L5(w) Ԧ ϥηƹԾާ@[ϥΪ̤ ORM Object-Relational MappingApMg JWT JSON Web TokenAΩ󨭥ҪTokenз RBAC Role-Based Access ControlA󨤦⪺s ʤƦW ܳӹLh֦ʤPƪvɫ t CƿEyAzLNyѻP G ӷPާ@ݭnAJKXT{ 15.2 vtd +ֳtd߱`v: +# @Τ +USER_PERMISSIONS = [ + 'assessment:read', # dݦۤv + 'feedback:read', # dݦۤv^X + 'ranking:read' # dݱƦW +] + +# ޲z +ADMIN_PERMISSIONS = USER_PERMISSIONS + [ + 'user:read', # dݥΤ + 'user:update', # sΤ]^ + 'assessment:create', # إߵ + 'assessment:read_all', # dݩҦ]^ + 'assessment:update', # s + 'assessment:delete', # R + 'feedback:create', # إߦ^X + 'feedback:read_all', # dݩҦ^X]^ + 'ranking:read_department', # dݳƦW + 'ranking:read_all', # dݥqƦW + 'report:export' # ץX +] + +# Wź޲z +SUPER_ADMIN_PERMISSIONS = ADMIN_PERMISSIONS + [ + 'user:create', # إߥΤ + 'user:delete', # RΤ + 'user:manage_roles', # ޲z + 'ranking:calculate', # pƦW + 'report:export_all', # ץXҦ + 'system:config', # tγ]w + 'system:logs', # dݤx + 'system:backup' # Ƴƥ +] +15.3 APIֳtѦ +{Ҭ: +* POST /api/auth/register - U +* POST /api/auth/login - nJ +* POST /api/auth/logout - nX +* POST /api/auth/refresh - sToken +* GET /api/auth/me - eΤT +O: +* GET /api/dashboard - ӤHO +* GET /api/leaderboard - Ʀ] +Τ޲z: +* GET /api/admin/users - ΤM +* POST /api/admin/users - إߥΤ +* PUT /api/admin/users/:id - sΤ +* DELETE /api/admin/users/:id - RΤ +޲z: +* GET /api/capabilities - OزM +* POST /api/assessments - +* GET /api/assessments - dߵ +^X޲z: +* POST /api/star-feedbacks - ^X +* GET /api/star-feedbacks - dߦ^X +ƦWt: +* GET /api/rankings/total - `nƦW +* GET /api/rankings/monthly - ױƦW +* POST /api/rankings/calculate - pƦW +15.4 tmˬdM]s^ +peˬd: + wͦw SECRET_KEY M JWT_SECRET_KEY + w]wjKXƮwb + wͲ DEBUG Ҧ + wtmT CORS_ORIGINS + wҥ HTTPS]Let's EncryptΨL^ + w]wƮwƥ + wإ߹w]޲zb + wlƨPv + w]wwɥȡ]ƦWs^ + wtmxO + w]wʱiĵ + wթҦ֤ߥ\ + wdzƬG٫_pe + wqΤtΤWu + +16. ֭ñp + mW ñW M׸gz ޳NtdH ~tdH TwtdH ~O +󵲧 +: 2.0 +̫s: 2025~1015 +Ufd: 2025~1115 + +?? ܧKn (v1.0 v2.0) +?? sW\ +1. vɨt +o ӤHOPYɱƦW +o ʤƦW +o Nt +o nͶչϪ +o vɱƦ] +2. v޲z +o Τ{ҨtΡ]JWT^ +o Th[c +o Ӳɫv +o Τ޲zx +o vtm +o ާ@xl +?? [cs +* sW6Ӹƪ]users, roles, permissions^ +* s{]sWΤp^ +* sW20+APII +* eݷsW5ӥDn +* jƦw +?? įPw +* KX[K]Bcrypt^ +* Token{ҡ]JWT^ +* nJw +* GKX +* ާ@xO +* dˬdPʱ + diff --git a/partner alignment SDD.docx b/partner alignment SDD.docx new file mode 100644 index 0000000..cf672b1 Binary files /dev/null and b/partner alignment SDD.docx differ diff --git a/partner alignment SDD.txt b/partner alignment SDD.txt new file mode 100644 index 0000000..13fd4d8 --- /dev/null +++ b/partner alignment SDD.txt @@ -0,0 +1,667 @@ +٦t - n]p (SDD) +1. T +: 1.0 +̫s: 2025~10 +󪬺A: 쪩 +M: ޲zt + +2. Kn +2.1 Mץؼ +إߤ@M㪺٦OP޲zxAzLıƩԤ²ƯOy{AþXSTAR^XPnƦWtΡAɲ´H~oiP޲zIJvC +2.2 ֤߻ȥDi +* IJv: Ԧާ@50%HWɶ +* cƦ^X: STARج[TO^X~Pilܩ +* Ey: nƦWtΫPiu򦨪 +* X: 㪺ƤRPץX\ +2.3 䦨\ +* v30% +* ^X~зǤƹF90% +* tΨϥβvF80%HW + +3. tά[c]p +3.1 ޳N[c +zwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww{ +x eݼh (Presentation) x +x HTML5 + Bootstrap 5 + JavaScript x +|wwwwwwwwwwwwwswwwwwwwwwwwwwwwwwwwwwwwwwww} + x HTTP/REST API +zwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww{ +x μh (Application) x +x Python Flask + SQLAlchemy x +|wwwwwwwwwwwwwswwwwwwwwwwwwwwwwwwwwwwwwwww} + x ORM +zwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww{ +x Ƽh (Data) x +x MySQL 5.7+ x +|wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww} +3.2 tΤh +3.2.1 eݼh +* ¾d: ϥΪ̤B޿BƮi +* ޳N﫬: +o Bootstrap 5: TUIج[ +o JavaScript: ԥ\B +o HTML5 Drag & Drop API: OԤ +* Ҳ: +o app.js: uƻPAPIqT +o assessment.js: O޿ +o admin.js: x޲z޿ +3.2.2 μh +* ¾d: ~޿BƳBzBAPI +* ޳N﫬: +o Flask 2.x: qWebج[ +o SQLAlchemy: ORMƮwHh +o Flask-CORS: ШDBz +o pandas + openpyxl: ƶץX +* w: +o ܼƺ޲zӷPT +o CORS쭭 +o JһPSQL`J@ +o ~Bz +3.2.3 Ƽh +* ¾d: ƫ[ơBdu +* ޳N﫬: MySQL 5.7+ +* S: +o ưȳBzOҸƤ@P +o uƬd߮į +o JSONxsuʸ + +4. Ʈw]p +4.1 ERY +zwwwwwwwwwwwwwwwww{ zwwwwwwwwwwwwwwwwww{ +x assessments x x capabilities x +x (O) x x (Oةwq) x +|wwwwwwwwwwwwwwwww} |wwwwwwwwwwwwwwwwww} + x + x + +zwwwwwwwwwwwwwwwww{ zwwwwwwwwwwwwwwwwww{ +x star_feedbacks xwwwww?x employee_points x +x (STAR^X) x x (un) x +|wwwwwwwwwwwwwwwww} |wwwwwwwwwwwwwwwwww} + x x + x + x zwwwwwwwwwwwwwwwwww{ + |wwwwwwwwwwwwww?x monthly_rankings x + x (ױƦW) x + |wwwwwwwwwwwwwwwwww} +4.2 ƪc +4.2.1 assessments (O) +W ƫO id INT D PK, AUTO_INCREMENT department VARCHAR(100) NOT NULL position VARCHAR(100) ¾ NOT NULL employee_name VARCHAR(100) umW NULL assessment_data JSON NOT NULL created_at DATETIME إ߮ɶ DEFAULT CURRENT_TIMESTAMP updated_at DATETIME sɶ ON UPDATE CURRENT_TIMESTAMP ޵: +* idx_department: (department) +* idx_position: (position) +* idx_created_at: (created_at) +4.2.2 capabilities (Oةwq) +W ƫO id INT D PK, AUTO_INCREMENT name VARCHAR(200) OW NOT NULL, UNIQUE l1_description TEXT L1Ż NULL l2_description TEXT L2Ż NULL l3_description TEXT L3Ż NULL l4_description TEXT L4Ż NULL l5_description TEXT L5Ż NULL is_active BOOLEAN O_ҥ DEFAULT TRUE 4.2.3 star_feedbacks (STAR^X) +W ƫO id INT D PK, AUTO_INCREMENT evaluator_name VARCHAR(100) ̩mW NOT NULL evaluatee_name VARCHAR(100) ̩mW NOT NULL evaluatee_department VARCHAR(100) ̳ NOT NULL evaluatee_position VARCHAR(100) ¾ NOT NULL situation TEXT Ҵyz NOT NULL task TEXT Ȼ NOT NULL action TEXT ʴyz NOT NULL result TEXT G NOT NULL score INT (1-5) CHECK (score BETWEEN 1 AND 5) points_earned INT on NOT NULL feedback_date DATE ^X NOT NULL created_at DATETIME إ߮ɶ DEFAULT CURRENT_TIMESTAMP ޵: +* idx_evaluatee: (evaluatee_name, evaluatee_department) +* idx_feedback_date: (feedback_date) +npWh: points_earned = score 10 +4.2.4 employee_points (un) +W ƫO id INT D PK, AUTO_INCREMENT employee_name VARCHAR(100) umW NOT NULL, UNIQUE department VARCHAR(100) NOT NULL position VARCHAR(100) ¾ NOT NULL total_points INT `n DEFAULT 0 monthly_points INT n DEFAULT 0 last_updated DATETIME ̫sɶ ON UPDATE CURRENT_TIMESTAMP ޵: +* idx_total_points: (total_points DESC) +* idx_monthly_points: (monthly_points DESC) +4.2.5 monthly_rankings (ױƦW) +W ƫO id INT D PK, AUTO_INCREMENT ranking_month DATE ƦW NOT NULL employee_name VARCHAR(100) umW NOT NULL department VARCHAR(100) NOT NULL position VARCHAR(100) ¾ NOT NULL total_points INT Ӥ`n NOT NULL ranking INT ƦW NOT NULL created_at DATETIME إ߮ɶ DEFAULT CURRENT_TIMESTAMP ޵: +* idx_ranking_month: (ranking_month, ranking) +* unique_month_employee: (ranking_month, employee_name) UNIQUE + +5. \Ҳճ]p +5.1 Ҳլ[c +zwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww{ +x tΥD x +x (index.html) x +|wwwwwwswwwwwwwwwswwwwwwwwwswwwwwwwwwswwwwwwwwwww} + x x x x + zwwwwww{ zwwwww{ zwwwwww{ zwwwwww{ + xOx xSTAR x xƦ] x x޲z x + xҲ x x^X x xҲ x xx x + x x xҲ x x x xҲ x + |wwwwwww} |wwwwww} |wwwwwww} |wwwwwww} +5.2 ֤ߥ\Ҳ +5.2.1 OҲ +\ؼ: Ѫ[OA䴩Ԧާ@iOŤt +J: +* () +* ¾ () +* umW () +* OةԾާ@ +Bz޿: +1. JOزM +2. l5ӵŮe (L1-L5) +3. ťԨƥ +4. ҥ +5. ո˵JSON +6. ܫAPI +X: +* GxsܸƮw +* ܦ\/ѰT +޳N: +// ԨƥBz +element.addEventListener('dragstart', handleDragStart); +element.addEventListener('dragover', handleDragOver); +element.addEventListener('drop', handleDrop); + +// Ƶc +{ + "department": "޳N", + "position": "`u{v", + "employee_name": "iT", + "capabilities": { + "L1": ["O1", "O2"], + "L2": ["O3"], + ... + } +} +5.2.2 STAR^XҲ +\ؼ: cƦ^XAPiĪZķqPO +STARج[: +* S - Situation (): yzƥoͪIߵ +* T - Task (): ݭnFؼЩγd +* A - Action (): ԭzĨBJP +* R - Result (G): q/ƪGPvT +JҳWh: + ҳWh ̩mW , 2-50r ̩mW , 2-50r ¾ , 1-5 S/T/A/R U, ̤10r ^X , iӤ np: +points_earned = score * 10 +# d: 4 o40n +~Ȭy{: +1. g򥻸T (̡B) +2. ܵ (1-5) +3. STARcg^X +4. w^Xe +5. ^X +6. ۰ʧs̿n +7. IJoƦW () +5.2.3 nƦWҲ +\ؼ: iܭunƦWAѿEyPZĥi +ƦW: +1. `nƦ]: ֭pҦvn +2. ױƦ]: SwnƦW +3. Ʀ]: z諸ƦW +ƦWp޿: +# C1۰ʰ +def calculate_monthly_ranking(): + # 1. έpWҦun + # 2. nDZƧ + # 3. BzæCƦW + # 4. gJ monthly_rankings + # 5. m employee_points.monthly_points +ƦWWh: +* nۦPɨæCPW +* U@W (: 2WæC3, U@W5) +* snCJƦW +dߥ\: +* ~ܾ +* ܾ +* zᄍ +* vƦW +5.2.4 ƺ޲zҲ +\ؼ: ѧ㪺˵BdߡBץX\ +d߱: +* z +* ¾z +* umWjM +* ϶z +* z +]p: +* C20 +* ` +* Xɯ +ץX\: +1. Excel榡 (.xlsx): +o ϥ openpyxl ͦ +o ]t榡ƪY +o 䴩hu@ +2. CSV榡: +o UTF-8 BOMsX (Excelۮe) +o rj +o ޸]ЯSr +ץX: +ƶץX: +- ID, , ¾, umW, , إ߮ɶ + +STAR^XץX: +- ID, , , , ¾, S/T/A/Re, , n, ^X, إ߮ɶ + +6. APII]p +6.1 RESTful APIWd +¦URL: http://{host}:{port} +Content-Type: application/json +rsX: UTF-8 +6.2 APIIM +6.2.1 O +GET /api/capabilities +* \: oҦҥΪO +* ШDѼ: L +* ^d: +{ + "capabilities": [ + { + "id": 1, + "name": "{]pP}o", + "l1_description": "...", + "l2_description": "...", + "l3_description": "...", + "l4_description": "...", + "l5_description": "..." + } + ] +} +POST /api/assessments +* \: O +* ШDBody: +{ + "department": "޳N", + "position": "`u{v", + "employee_name": "iT", + "assessment_data": { + "L1": ["O1"], + "L2": ["O2", "O3"], + ... + } +} +* ҳWh: +o department: +o position: +o assessment_data: , ܤ֤@ӯO +* \^ (201): +{ + "success": true, + "message": "榨\", + "assessment_id": 123 +} +6.2.2 STAR^X +POST /api/star-feedbacks +* \: STAR^X +* ШDBody: +{ + "evaluator_name": "|", + "evaluatee_name": "iT", + "evaluatee_department": "޳N", + "evaluatee_position": "`u{v", + "situation": "M׺ݨD...", + "task": "ݦb48pɤ...", + "action": "´󳡪|ij...", + "result": "\I\...", + "score": 4, + "feedback_date": "2025-10-15" +} +* ~޿: +1. pn: points_earned = score * 10 +2. s employee_points +3. sW^XO +* \^ (201): +{ + "success": true, + "message": "^X榨\", + "points_earned": 40 +} +6.2.3 ƦW +GET /api/rankings/total +* \: o`nƦ] +* ШDѼ: +o department (): z +o limit (): ܵ, w]50 +* ^d: +{ + "rankings": [ + { + "rank": 1, + "employee_name": "iT", + "department": "޳N", + "position": "`u{v", + "total_points": 450 + } + ] +} +GET /api/rankings/monthly +* \: oױƦ] +* ШDѼ: +o year (): ~ +o month (): (1-12) +o department (): z +* ^d: +{ + "year": 2025, + "month": 10, + "rankings": [...] +} +POST /api/rankings/calculate +* \: IJoױƦWp +* v: ޲z +* ШDBody: +{ + "year": 2025, + "month": 10 +} +6.2.4 ƺ޲z +GET /api/assessments +* \: dߵ +* ШDѼ: +o page (): X, w]1 +o per_page (): C, w]20 +o department (): z +o position (): ¾z +o employee_name (): umWjM +* ^d: +{ + "assessments": [...], + "total": 150, + "page": 1, + "per_page": 20, + "pages": 8 +} +GET /api/export/assessments +* \: ץX +* ШDѼ: +o format: excel | csv +o LzPW +* ^: ɮפU +GET /api/export/star-feedbacks +* \: ץXSTAR^X +* ШDѼ: +o format: excel | csv +o z + +7. D\ݨD +7.1 įݨD + ؼЭ Jɶ < 2 PDn\୶ API^ɶ < 500ms 95ʤ õoϥΪ 100+ PɦbuϥΪ̼ Ʈwd < 100ms 榸d߮ɶ ɮ׶ץX < 5 1000ƥH įuƵ: +* Ʈwu +* eݸ귽YP֨ +* d߭Ct +* DPBBzjqƶץX +7.2 wݨD +7.2.1 e@ +? w@: +* ܼƺ޲zӷPT (.env) +* CORSШD +* SQL`J@ (SQLAlchemyѼƤƬd) +* XSS@ (JһPMz) +* ~T +* HTTPS䴩 (ݰtm) +? @ (Ͳҥ): +* ϥΪ̨ +* Session޲z +* v +* ާ@xO +* APItv +7.2.2 wtmˬdM +pe: + ͦw SECRET_KEY (32rHW) + ]wjKXƮwb + Ͳ DEBUG Ҧ + tmT CORS_ORIGINS + ҥ HTTPS (Let's Encrypt) + wƥƮw + @ϥΪ̻{Ҩt +7.2.3 ijv + v @u gB˵ۤv D UݡB˵ HR ˵ҦơBץX tκ޲z ҦvBtγ]w 7.3 iΩʻݨD +ؼ: tΥiΩ ? 99% +e: +* Ʈwsuվ +* u~Bz +* ͵~ܰT +* ƼȦs (~) +ƥ: +* C۰ʸƮwƥ +* Od30ѳƥv +* aƥ (ij) +7.4 i@ʻݨD +{X~: +* ҲդƳ]p +* M +* `PEP 8Wd +* (Git) +󧹾: +* API +* ƮwSchema +* pU +* ϥΪ̤U +7.5 ۮeʻݨD +s䴩: +* Chrome 90+ +* Firefox 88+ +* Safari 14+ +* Edge 90+ +* 䴩 IE +˸m䴩: +* ୱq (Dn) +* Oq (T) +* (䴩) +ùѪR: +* ̧C: 1280x720 +* ij: 1920x1080 + +8. p[c +8.1 }o +}o +uww Python 3.8+ +uww MySQL 5.7+ a +|ww Flask }oA (port 5000) +ܼ (.env): +FLASK_ENV=development +FLASK_DEBUG=True +FLASK_HOST=127.0.0.1 +FLASK_PORT=5000 +DB_HOST=localhost +DB_PORT=3306 +DB_NAME=partner_alignment_dev +DB_USER=dev_user +DB_PASSWORD=dev_password +SECRET_KEY=dev_secret_key_for_testing_only +CORS_ORIGINS=http://localhost:5000,http://127.0.0.1:5000 +8.2 Ͳ (ij[c) + Internet + + [Cloudflare / CDN] + + [Nginx ϦVNz] + (Port 80/443) + + zwwwwwwwwwwwrwwwwwwwwwww{ + + [Gunicorn Worker 1] [Gunicorn Worker N] + (Flask App) (Flask App) + + |wwwwwwwwwwwswwwwwwwwwww} + + [MySQL Master/Slave] + + [wƥS3] +wݨD: + ̧Ctm ijtm CPU 2֤ 4֤ RAM 4GB 8GB xs 20GB SSD 50GB SSD We 10Mbps 100Mbps n|: +* OS: Ubuntu 22.04 LTS +* Python: 3.10+ +* MySQL: 8.0+ +* Nginx: 1.22+ +* Gunicorn: 20.1+ +8.3 pBJ +BJ1: tηdz +# st +sudo apt update && sudo apt upgrade -y + +# w˥nM +sudo apt install python3-pip python3-venv mysql-server nginx -y +BJ2: ε{p +# إ߱Mץؿ +sudo mkdir -p /var/www/partner-alignment +cd /var/www/partner-alignment + +# ƻs{X +git clone . + +# إߵ +python3 -m venv venv +source venv/bin/activate + +# w˨̿ +pip install -r requirements.txt +pip install gunicorn +BJ3: ҳ]w +# إߥͲҳ]w +cp .env.example .env +nano .env + +# ]wƮw +mysql -u root -p < schema.sql +Ͳ .env: +FLASK_ENV=production +FLASK_DEBUG=False +FLASK_HOST=127.0.0.1 +FLASK_PORT=5000 +DB_HOST=localhost +DB_PORT=3306 +DB_NAME=partner_alignment_prod +DB_USER=prod_user +DB_PASSWORD= +SECRET_KEY=<64rH_> +CORS_ORIGINS=https://your-domain.com +BJ4: Gunicorn]w +# إ systemd A +sudo nano /etc/systemd/system/partner-alignment.service +[Unit] +Description=Partner Alignment System +After=network.target + +[Service] +User=www-data +Group=www-data +WorkingDirectory=/var/www/partner-alignment +Environment="PATH=/var/www/partner-alignment/venv/bin" +ExecStart=/var/www/partner-alignment/venv/bin/gunicorn \ + --workers 4 \ + --bind 127.0.0.1:5000 \ + --timeout 120 \ + --access-logfile /var/log/partner-alignment/access.log \ + --error-logfile /var/log/partner-alignment/error.log \ + app:app + +[Install] +WantedBy=multi-user.target +# ҰʪA +sudo systemctl daemon-reload +sudo systemctl start partner-alignment +sudo systemctl enable partner-alignment +BJ5: Nginx]w +sudo nano /etc/nginx/sites-available/partner-alignment +server { + listen 80; + server_name your-domain.com; + + # jHTTPS + return 301 https://$server_name$request_uri; +} + +server { + listen 443 ssl http2; + server_name your-domain.com; + + # SSL + ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem; + + # wY + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-XSS-Protection "1; mode=block" always; + + # RAɮ + location /static { + alias /var/www/partner-alignment/static; + expires 30d; + add_header Cache-Control "public, immutable"; + } + + # ε{ + location / { + proxy_pass http://127.0.0.1:5000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} +# ҥκ +sudo ln -s /etc/nginx/sites-available/partner-alignment /etc/nginx/sites-enabled/ +sudo nginx -t +sudo systemctl restart nginx +BJ6: SSL +# w Certbot +sudo apt install certbot python3-certbot-nginx -y + +# o +sudo certbot --nginx -d your-domain.com +8.4 ʱP@ +xɮצm: +* Gunicorn: /var/log/partner-alignment/ +* Nginx: /var/log/nginx/ +* MySQL: /var/log/mysql/ +w@: +# Cƥ (crontab -e) +0 2 * * * /usr/bin/mysqldump -u backup_user -p'password' partner_alignment_prod > /backup/db_$(date +\%Y\%m\%d).sql + +# CƦWp +0 0 1 * * /var/www/partner-alignment/venv/bin/python /var/www/partner-alignment/monthly_ranking.py + +9. M׺޲z +9.1 }o{O +q I wpɵ{ A Phase 1 ¦[c & Ʈw]p Week 1-2 ? Phase 2 OҲ Week 3-4 ? Phase 3 STAR^XҲ Week 5-6 ? Phase 4 nƦWt Week 7-8 ? Phase 5 ޲zx & ץX Week 9-10 ? Phase 6 & u Week 11-12 ?? i椤 Phase 7 Ҩt Week 13-14 ? ݶ}l Phase 8 Ͳp Week 15 ? ݶ}l 9.2 ޳NŰȰl +u: +1. ? @ϥΪ̨Ҩt +2. ? sWާ@xO +3. ? @APItv +u: 4. uƤjqƶץXį 5. sW椸л\v80%+ 6. @eݪҼWj +Cu: 7. sWhϪı 8. 䴩hy 9. ʸ˸mMΤu +9.3 յ +9.3.1 椸 +* л\vؼ: 70%+ +* ծج[: pytest +* I: +o ޿ +o np⤽ +o ƦWtk +9.3.2 X +* APII +* ƮwCRUDާ@ +* ץX\ +9.3.3 ϥΪ̱ (UAT) +* y{ݨݴ +* ^X槹y{ +* Usۮeʴ +9.3.4 į +* t: 100õoϥΪ +* O: Xtβ~V +* ɶíwʴ + +10. I޲z +10.1 IѧOPﵦ +I vT o;v ﵦ LҾɭPƥ~ ?? Phase 7@{Ҩt ƮwLƥ ?? ]w۰ʨCƥ IG ?? WDqƮw[c į~V ?? C ʱPu sۮeʰD ?? C C hs 10.2 ܭpe +ƿ: +1. ߧYtιB@ +2. q̪ƥ٭ +3. R򥢭] +4. ˰QƥWv +tη: +1. ˬd~x +2. ҬA +3. T{Ƨ +4. qH +wƥ: +1. jvTt +2. ҾڻPx +3. l`d +4. ׸ɺ|} +5. jKXm + +11. +11.1 J +Ny wq O NuOP´ؼЩ¾nDiǰtL{ STARج[ Situation-Task-Action-ResultAcƦ^Xk L1-L5 OšAqL1()L5(w) Ԧ ϥηƹԾާ@ıϥΪ̤ ORM Object-Relational MappingApMg 11.2 ѦҤ +* Flaskx +* SQLAlchemy +* Bootstrap 5 +* MySQL +* Gunicornpn +11.3 ܧv + ק ܧ󤺮e 1.0 2025-10-15 - 쪩SDDإ 11.4 ֭ñp + mW ñW M׸gz ޳NtdH ~tdH ~O +󵲧 + diff --git a/requirements-simple.txt b/requirements-simple.txt new file mode 100644 index 0000000..9d6696d --- /dev/null +++ b/requirements-simple.txt @@ -0,0 +1,25 @@ +# Core Flask dependencies +Flask==2.3.3 +Flask-SQLAlchemy==3.0.5 +Flask-CORS==4.0.0 +Flask-Login==0.6.3 +Flask-JWT-Extended==4.5.2 +Flask-Bcrypt==1.0.1 +Werkzeug==2.3.7 + +# Database +PyMySQL==1.1.0 +cryptography==41.0.4 + +# Utilities +python-dotenv==1.0.0 + +# Scheduling +APScheduler==3.10.4 + +# Production server +gunicorn==21.2.0 + +# Optional: Use pre-compiled pandas if needed +# pandas==2.1.1 +# openpyxl==3.1.2 diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..c597cd7 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,22 @@ +Flask==2.3.3 +Flask-SQLAlchemy==3.0.5 +Flask-CORS==4.0.0 +Flask-Login==0.6.2 +Flask-JWT-Extended==4.5.2 +Flask-Bcrypt==1.0.1 +pandas==2.1.1 +openpyxl==3.1.2 +python-dotenv==1.0.0 +PyMySQL==1.1.0 +cryptography==41.0.4 +APScheduler==3.10.4 +gunicorn==21.2.0 + +# Testing dependencies +pytest==7.4.3 +pytest-cov==4.1.0 +pytest-flask==1.3.0 +pytest-mock==3.12.0 +coverage==7.3.2 +factory-boy==3.3.0 +faker==20.1.0 diff --git a/run.bat b/run.bat new file mode 100644 index 0000000..1d1f7f2 --- /dev/null +++ b/run.bat @@ -0,0 +1,35 @@ +@echo off +echo Starting Partner Alignment System... +echo. + +REM Check if Python is available +py --version >nul 2>&1 +if %errorlevel% neq 0 ( + echo Python is not installed or not in PATH + echo Please install Python 3.8+ and try again + pause + exit /b 1 +) + +REM Check if virtual environment exists +if not exist "venv" ( + echo Creating virtual environment... + py -m venv venv +) + +REM Activate virtual environment +echo Activating virtual environment... +call venv\Scripts\activate.bat + +REM Install minimal dependencies +echo Installing minimal dependencies... +pip install Flask Flask-SQLAlchemy Flask-CORS + +REM Start the simplified application (includes test account creation) +echo Starting simplified application... +echo Open your browser and go to: http://localhost:5000 +echo Press Ctrl+C to stop the server +echo. +py simple_app.py + +pause diff --git a/security-fixes.md b/security-fixes.md new file mode 100644 index 0000000..db66432 --- /dev/null +++ b/security-fixes.md @@ -0,0 +1,894 @@ +# 🔒 Partner Alignment System - Security Audit Report + +**Audit Date:** 2025-01-17 +**Auditor:** Senior Security Architect +**Project:** Partner Alignment System (夥伴對齊系統) +**Status:** 🚨 **CRITICAL ISSUES FOUND - DO NOT DEPLOY** + +--- + +## 📋 Basic Project Information + +**Project Name:** Partner Alignment System (夥伴對齊系統) +**Description:** Employee performance assessment and feedback system with STAR methodology, ranking system, and admin dashboard + +**Target Users:** +- System Administrators +- HR Managers +- General Employees + +**Types of Data Processed:** +- ✅ **PII (Personally Identifiable Information):** Employee names, emails, employee IDs, departments, positions +- ❌ Payment/Financial Information: No +- ✅ **UGC (User Generated Content):** STAR feedback, assessment data + +**Tech Stack:** +- **Frontend:** HTML5, Bootstrap 5, JavaScript (Vanilla), Chart.js +- **Backend:** Flask 2.3.3 (Python) +- **Database:** SQLite (development), MySQL 5.7+ (production) +- **Deployment:** Gunicorn + Nginx (planned) + +**External Dependencies:** +- Flask ecosystem (Flask-SQLAlchemy, Flask-JWT-Extended, Flask-Login, Flask-Bcrypt) +- APScheduler for background tasks +- PyMySQL for MySQL connectivity + +--- + +## 🚨 PART ONE: DISASTER-CLASS NOVICE MISTAKES + +### **CRITICAL - #1: Production Database Credentials Exposed in Chat** + +**Risk Level:** 🔴 **CATASTROPHIC** + +**Threat Description:** +Production database credentials were shared in plain text during this conversation: +``` +DB_HOST = mysql.theaken.com +DB_PORT = 33306 +DB_NAME = db_A101 +DB_USER = A101 +DB_PASSWORD = Aa123456 +``` + +**Affected Components:** +- This entire conversation log +- Any systems that logged this conversation +- Potentially AI training data if this conversation is used for training + +**Hacker's Playbook:** +> I'm just monitoring this conversation, and boom! The developer just handed me the keys to their production database. I can now: +> 1. Connect directly to `mysql.theaken.com:33306` as user `A101` with password `Aa123456` +> 2. Read all employee data, assessments, feedback, and personal information +> 3. Modify or delete data to cause chaos +> 4. Steal the entire database for identity theft or corporate espionage +> 5. The password `Aa123456` is weak anyway - I could have brute-forced it in minutes +> +> This is like leaving your house keys on the front door with a note saying "Welcome, I'm not home!" + +**Principle of the Fix:** +> Why can't you share credentials in chat? Because chat logs are like public bulletin boards - they can be read by AI systems, logged by your IDE, stored in conversation history, and potentially used for training. The correct approach is: +> 1. Use environment variables (`.env` file, never committed to Git) +> 2. Use secret management systems (AWS Secrets Manager, HashiCorp Vault, Azure Key Vault) +> 3. Use different credentials for development, staging, and production +> 4. If you must share credentials temporarily, use encrypted channels and rotate them immediately after + +**Fix Recommendations:** +1. **IMMEDIATE ACTION REQUIRED:** + ```bash + # Connect to MySQL and change the password NOW + mysql -h mysql.theaken.com -P 33306 -u A101 -p'Aa123456' + ALTER USER 'A101'@'%' IDENTIFIED BY 'NEW_STRONG_PASSWORD_HERE'; + FLUSH PRIVILEGES; + ``` + +2. **Create a `.env` file (NEVER commit to Git):** + ```env + # Database Configuration + DB_HOST=mysql.theaken.com + DB_PORT=33306 + DB_NAME=db_A101 + DB_USER=A101 + DB_PASSWORD= + + # Security Keys + SECRET_KEY= + JWT_SECRET_KEY= + ``` + +3. **Add `.env` to `.gitignore`:** + ```gitignore + # Environment variables + .env + .env.local + .env.production + ``` + +4. **Update `config.py` to use environment variables:** + ```python + import os + from dotenv import load_dotenv + + load_dotenv() # Load from .env file + + class Config: + SECRET_KEY = os.environ.get('SECRET_KEY') + JWT_SECRET_KEY = os.environ.get('JWT_SECRET_KEY') + SQLALCHEMY_DATABASE_URI = f"mysql+pymysql://{os.environ.get('DB_USER')}:{os.environ.get('DB_PASSWORD')}@{os.environ.get('DB_HOST')}:{os.environ.get('DB_PORT')}/{os.environ.get('DB_NAME')}" + ``` + +5. **Create a template file for reference:** + ```bash + # Create .env.example (safe to commit) + cp .env .env.example + # Edit .env.example and replace all secrets with placeholders + ``` + +--- + +### **HIGH RISK - #2: Hardcoded Secrets in Source Code** + +**Risk Level:** 🔴 **HIGH** + +**Threat Description:** +Multiple configuration files contain hardcoded secrets and weak default values that would be committed to version control. + +**Affected Components:** +- `config_simple.py` (lines 5-6): + ```python + SECRET_KEY = 'dev-secret-key-for-testing-only' + JWT_SECRET_KEY = 'jwt-secret-key-for-development' + ``` +- `simple_app.py` (line 18): + ```python + app.config['SECRET_KEY'] = 'dev-secret-key-for-testing' + ``` +- `config.py` (lines 8-9): + ```python + SECRET_KEY = os.environ.get('SECRET_KEY') or 'dev-secret-key-for-testing-only' + JWT_SECRET_KEY = os.environ.get('JWT_SECRET_KEY') or 'jwt-secret-key-for-development' + ``` + +**Hacker's Playbook:** +> I found your GitHub repository and cloned it. In the config files, I see: +> - `SECRET_KEY = 'dev-secret-key-for-testing-only'` +> - `JWT_SECRET_KEY = 'jwt-secret-key-for-development'` +> +> These are the keys used to sign JWT tokens and encrypt sessions. With these, I can: +> 1. Forge JWT tokens for any user +> 2. Impersonate any employee or admin +> 3. Access all API endpoints +> 4. Read and modify all data +> +> It's like finding the master key to every lock in your building! + +**Principle of the Fix:** +> Why can't you hardcode secrets? Because source code is like a public library - anyone with access can read it. Secrets should be like keys in a safe - stored separately and only accessible to authorized systems. The correct approach is to use environment variables with NO fallback defaults in production code. + +**Fix Recommendations:** +1. **Remove all hardcoded secrets:** + ```python + # config.py - CORRECT + class Config: + SECRET_KEY = os.environ.get('SECRET_KEY') # No fallback! + JWT_SECRET_KEY = os.environ.get('JWT_SECRET_KEY') # No fallback! + + # Raise error if not set + if not SECRET_KEY or not JWT_SECRET_KEY: + raise ValueError("SECRET_KEY and JWT_SECRET_KEY must be set in environment") + ``` + +2. **Generate strong secrets:** + ```python + import secrets + print(secrets.token_urlsafe(64)) # Use this for SECRET_KEY + print(secrets.token_urlsafe(64)) # Use this for JWT_SECRET_KEY + ``` + +3. **Delete `config_simple.py` or mark it clearly as development-only:** + ```python + # config_simple.py - DEVELOPMENT ONLY + # ⚠️ WARNING: DO NOT USE IN PRODUCTION ⚠️ + # This file contains hardcoded secrets for local development only + # NEVER deploy this file to production servers + ``` + +--- + +### **HIGH RISK - #3: Weak Default Passwords in Test Accounts** + +**Risk Level:** 🔴 **HIGH** + +**Threat Description:** +Test accounts are created with extremely weak passwords that are displayed on the login page: +- `admin` / `admin123` +- `hr_manager` / `hr123` +- `user` / `user123` + +These passwords are visible in `templates/index.html` and `simple_app.py`. + +**Affected Components:** +- `templates/index.html` (lines 49-59): Login page displays test credentials +- `simple_app.py` (lines 276-301): Test account creation with weak passwords +- `create_test_accounts.py`: Test account creation script + +**Hacker's Playbook:** +> I visit your login page and see a nice card showing test account credentials: +> - Admin: admin / admin123 +> - HR Manager: hr_manager / hr123 +> - User: user / user123 +> +> These are like leaving your house with the door unlocked and a sign saying "Come on in!" I can now: +> 1. Log in as admin and access all system functions +> 2. Create, modify, or delete any data +> 3. Access sensitive employee information +> 4. If these accounts exist in production, I have full system access + +**Principle of the Fix:** +> Why can't you show passwords on the login page? Because the login page is public - anyone can see it. It's like putting your ATM PIN on your credit card. Test accounts should either: +> 1. Only exist in development environments +> 2. Be disabled in production +> 3. Use randomly generated passwords that are NOT displayed +> 4. Require immediate password change on first login + +**Fix Recommendations:** +1. **Remove test account display from production:** + ```html + + + {% if config.DEBUG %} +
+
+
⚠️ Development Mode - Test Accounts
+
+ +
+ {% endif %} + ``` + +2. **Use environment-based test account creation:** + ```python + # simple_app.py + def create_test_accounts(): + # Only create test accounts in development + if not app.config.get('DEBUG', False): + print("⚠️ Skipping test account creation in production") + return + + # Use stronger test passwords + test_accounts = [ + { + 'username': 'admin', + 'password_hash': generate_password_hash('TestAdmin2024!'), + # ... + } + ] + ``` + +3. **Force password change on first login:** + ```python + # Add to User model + class User(db.Model): + # ... + password_changed_at = db.Column(db.DateTime) + must_change_password = db.Column(db.Boolean, default=True) + ``` + +--- + +### **HIGH RISK - #4: SQLite Database File in Repository** + +**Risk Level:** 🔴 **HIGH** + +**Threat Description:** +The SQLite database file `instance/partner_alignment.db` appears to be in the project directory and could be committed to version control, exposing all development data. + +**Affected Components:** +- `instance/partner_alignment.db` - Contains user data, assessments, feedback + +**Hacker's Playbook:** +> I clone your repository and find `instance/partner_alignment.db`. I open it with any SQLite browser and see: +> - All user accounts with password hashes +> - All assessment data +> - All STAR feedback +> - Employee personal information +> +> Even if passwords are hashed, I can still: +> 1. Extract all PII for identity theft +> 2. Analyze your business data for competitive intelligence +> 3. Use the data to craft targeted phishing attacks +> 4. If password hashes are weak, potentially crack them + +**Principle of the Fix:** +> Why can't you commit database files? Because databases contain real data - even in development. It's like committing a photo album of your family with names and addresses. Database files should be: +> 1. Listed in `.gitignore` +> 2. Never committed to version control +> 3. Recreated from migrations or seed data +> 4. Treated as sensitive as source code + +**Fix Recommendations:** +1. **Add to `.gitignore`:** + ```gitignore + # Database files + *.db + *.sqlite + *.sqlite3 + instance/ + *.db-journal + *.db-wal + *.db-shm + ``` + +2. **Remove from Git if already committed:** + ```bash + git rm --cached instance/partner_alignment.db + git commit -m "Remove database file from version control" + ``` + +3. **Create database initialization script:** + ```python + # init_db.py + from app import app, db + from models import * + + with app.app_context(): + db.drop_all() + db.create_all() + print("Database initialized successfully") + ``` + +--- + +### **MEDIUM RISK - #5: No HTTPS/TLS Configuration** + +**Risk Level:** 🟡 **MEDIUM** + +**Threat Description:** +The application runs on HTTP without TLS/SSL encryption, exposing all data in transit to interception. + +**Affected Components:** +- `simple_app.py` (line 373): `app.run(debug=True, host='0.0.0.0', port=5000)` +- No SSL/TLS configuration +- No certificate setup + +**Hacker's Playbook:** +> I'm on the same network as your users (coffee shop WiFi, office network). I use a packet sniffer to intercept all traffic. I can see: +> - Usernames and passwords in plain text +> - JWT tokens being transmitted +> - All API requests and responses +> - Employee data being sent to the server +> +> It's like having a conversation in a crowded room where everyone can hear you! + +**Principle of the Fix:** +> Why do you need HTTPS? Because HTTP is like sending postcards - anyone who handles them can read the message. HTTPS is like sending sealed letters - only the recipient can read them. Even in development, you should use HTTPS to catch issues early. + +**Fix Recommendations:** +1. **For Development - Use Flask with SSL:** + ```python + # simple_app.py + if __name__ == '__main__': + context = ('cert.pem', 'key.pem') # Self-signed cert for dev + app.run(debug=True, host='0.0.0.0', port=5000, ssl_context=context) + ``` + +2. **For Production - Use Nginx as reverse proxy:** + ```nginx + # nginx.conf + server { + listen 443 ssl http2; + server_name your-domain.com; + + ssl_certificate /path/to/cert.pem; + ssl_certificate_key /path/to/key.pem; + + location / { + proxy_pass http://127.0.0.1:5000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + } + ``` + +3. **Force HTTPS in Flask:** + ```python + # app.py + from flask_talisman import Talisman + + Talisman(app, force_https=True) + ``` + +--- + +## 🔍 PART TWO: STANDARD APPLICATION SECURITY AUDIT + +### **A01: Broken Access Control** + +**Risk Level:** 🔴 **HIGH** + +**Issues Found:** + +1. **No JWT Verification on Many Endpoints:** + - `simple_app.py` endpoints lack `@jwt_required()` decorator + - Anyone can access API endpoints without authentication + +2. **No Role-Based Access Control (RBAC):** + - Admin endpoints are accessible to all authenticated users + - No permission checking on sensitive operations + +**Fix Recommendations:** +```python +# Add JWT protection to all endpoints +from flask_jwt_extended import jwt_required, get_jwt_identity + +@app.route('/api/admin/users', methods=['GET']) +@jwt_required() +@require_role('admin') # Custom decorator +def get_admin_users(): + # Implementation + pass + +# Create custom decorator +from functools import wraps +from flask import jsonify + +def require_role(role_name): + def decorator(f): + @wraps(f) + @jwt_required() + def decorated_function(*args, **kwargs): + current_user = get_jwt_identity() + user = User.query.filter_by(username=current_user).first() + + if not user or role_name not in [r.name for r in user.roles]: + return jsonify({'error': 'Insufficient permissions'}), 403 + + return f(*args, **kwargs) + return decorated_function + return decorator +``` + +--- + +### **A02: Cryptographic Failures** + +**Risk Level:** 🔴 **HIGH** + +**Issues Found:** + +1. **Passwords Stored in Plain Text:** + - `simple_app.py` (line 283): `'password_hash': 'admin123'` + - Passwords are NOT hashed before storage + +2. **Weak Password Hashing:** + - No password complexity requirements + - No password strength validation + +**Fix Recommendations:** +```python +# Use Flask-Bcrypt for password hashing +from flask_bcrypt import Bcrypt + +bcrypt = Bcrypt(app) + +class User(db.Model): + # ... + password_hash = db.Column(db.String(255), nullable=False) + + def set_password(self, password): + """Hash and set password""" + self.password_hash = bcrypt.generate_password_hash(password).decode('utf-8') + + def check_password(self, password): + """Verify password""" + return bcrypt.check_password_hash(self.password_hash, password) + +# In simple_app.py +test_accounts = [ + { + 'username': 'admin', + 'password': 'Admin@2024!Strong', # Strong password + # Don't store password_hash directly + } +] + +for account in test_accounts: + user = User(username=account['username'], ...) + user.set_password(account['password']) # Hash it! + db.session.add(user) +``` + +--- + +### **A03: Injection Attacks** + +**Risk Level:** 🟡 **MEDIUM** + +**Issues Found:** + +1. **SQL Injection Risk in Position Filter:** + - `simple_app.py` (line 349): `query.filter(EmployeePoint.position.like(f'%{position}%'))` + - User input is directly used in SQL query + +2. **No Input Validation:** + - No validation on user inputs + - No sanitization of user data + +**Fix Recommendations:** +```python +# Use parameterized queries (SQLAlchemy does this automatically, but be careful) +# Instead of: +query.filter(EmployeePoint.position.like(f'%{position}%')) + +# Do: +query.filter(EmployeePoint.position.like(f'%{position}%')) # SQLAlchemy handles this safely + +# Add input validation +from marshmallow import Schema, fields, validate + +class PositionFilterSchema(Schema): + position = fields.Str(validate=validate.Length(max=100)) + department = fields.Str(validate=validate.OneOf(['IT', 'HR', 'Finance', 'Marketing', 'Sales', 'Operations'])) + min_points = fields.Int(validate=validate.Range(min=0, max=10000)) + max_points = fields.Int(validate=validate.Range(min=0, max=10000)) + +@app.route('/api/rankings/advanced', methods=['GET']) +def get_advanced_rankings(): + schema = PositionFilterSchema() + errors = schema.validate(request.args) + if errors: + return jsonify({'errors': errors}), 400 + + # Safe to use validated data + position = request.args.get('position') + # ... +``` + +--- + +### **A05: Security Misconfiguration** + +**Risk Level:** 🟡 **MEDIUM** + +**Issues Found:** + +1. **Debug Mode Enabled in Production:** + - `simple_app.py` (line 373): `app.run(debug=True, ...)` + - Debug mode exposes stack traces and debugging information + +2. **CORS Too Permissive:** + - `simple_app.py` (line 24): `CORS(app, origins=['http://localhost:5000', ...])` + - Should restrict to specific domains in production + +3. **No Security Headers:** + - Missing security headers (X-Frame-Options, X-Content-Type-Options, etc.) + +**Fix Recommendations:** +```python +# Disable debug in production +import os + +DEBUG = os.environ.get('FLASK_DEBUG', 'False').lower() == 'true' +app.run(debug=DEBUG, host='0.0.0.0', port=5000) + +# Configure CORS properly +CORS(app, origins=os.environ.get('ALLOWED_ORIGINS', 'http://localhost:5000').split(',')) + +# Add security headers +from flask_talisman import Talisman + +Talisman(app, + force_https=True, + strict_transport_security=True, + strict_transport_security_max_age=31536000, + content_security_policy={ + 'default-src': "'self'", + 'style-src': "'self' 'unsafe-inline'", + 'script-src': "'self' 'unsafe-inline'", + } +) +``` + +--- + +### **A06: Vulnerable and Outdated Components** + +**Risk Level:** 🟡 **MEDIUM** + +**Issues Found:** + +1. **Outdated Dependencies:** + - Flask 2.3.3 (latest is 3.0.x) + - Flask-Login 0.6.2/0.6.3 (latest is 0.6.3) + - Werkzeug 2.3.7 (latest is 3.0.x) + +2. **No Dependency Scanning:** + - No automated vulnerability scanning + - No CVE tracking + +**Fix Recommendations:** +```bash +# Update dependencies +pip install --upgrade Flask Flask-SQLAlchemy Flask-CORS Flask-Login Flask-JWT-Extended Flask-Bcrypt + +# Use safety to check for vulnerabilities +pip install safety +safety check + +# Or use pip-audit +pip install pip-audit +pip-audit + +# Add to CI/CD pipeline +# .github/workflows/security.yml +name: Security Scan +on: [push, pull_request] +jobs: + security: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Run safety check + run: | + pip install safety + safety check + - name: Run pip-audit + run: | + pip install pip-audit + pip-audit +``` + +--- + +### **A07: Identification and Authentication Failures** + +**Risk Level:** 🟡 **MEDIUM** + +**Issues Found:** + +1. **No Rate Limiting:** + - Login endpoint has no rate limiting + - Vulnerable to brute force attacks + +2. **No Account Lockout:** + - Failed login attempts are not tracked + - No account lockout after multiple failures + +3. **Weak Session Management:** + - No session timeout configuration + - JWT tokens don't have proper expiration + +**Fix Recommendations:** +```python +# Add rate limiting +from flask_limiter import Limiter +from flask_limiter.util import get_remote_address + +limiter = Limiter( + app=app, + key_func=get_remote_address, + default_limits=["200 per day", "50 per hour"] +) + +@app.route('/api/auth/login', methods=['POST']) +@limiter.limit("5 per minute") # 5 login attempts per minute +def login(): + # Implementation + pass + +# Add account lockout +class User(db.Model): + # ... + failed_login_attempts = db.Column(db.Integer, default=0) + locked_until = db.Column(db.DateTime, nullable=True) + +@app.route('/api/auth/login', methods=['POST']) +def login(): + user = User.query.filter_by(username=username).first() + + # Check if account is locked + if user.locked_until and user.locked_until > datetime.utcnow(): + return jsonify({'error': 'Account is locked. Try again later.'}), 423 + + # Verify password + if not user.check_password(password): + user.failed_login_attempts += 1 + + # Lock account after 5 failed attempts + if user.failed_login_attempts >= 5: + user.locked_until = datetime.utcnow() + timedelta(minutes=15) + + db.session.commit() + return jsonify({'error': 'Invalid credentials'}), 401 + + # Reset failed attempts on successful login + user.failed_login_attempts = 0 + db.session.commit() + # ... +``` + +--- + +### **A09: Security Logging and Monitoring Failures** + +**Risk Level:** 🟡 **MEDIUM** + +**Issues Found:** + +1. **No Security Event Logging:** + - No logging of failed login attempts + - No logging of privilege escalations + - No logging of sensitive operations + +2. **No Monitoring:** + - No alerting for suspicious activities + - No audit trail + +**Fix Recommendations:** +```python +# Add comprehensive logging +import logging +from datetime import datetime + +# Configure logging +logging.basicConfig( + level=logging.INFO, + format='%(asctime)s - %(name)s - %(levelname)s - %(message)s', + handlers=[ + logging.FileHandler('security.log'), + logging.StreamHandler() + ] +) + +logger = logging.getLogger(__name__) + +@app.route('/api/auth/login', methods=['POST']) +def login(): + # Log login attempts + logger.info(f"Login attempt from IP: {request.remote_addr}, Username: {username}") + + if not user.check_password(password): + logger.warning(f"Failed login attempt from IP: {request.remote_addr}, Username: {username}") + # ... + + logger.info(f"Successful login from IP: {request.remote_addr}, Username: {username}") + +# Add audit logging for sensitive operations +def audit_log(action, user_id, details): + """Log security-relevant actions""" + logger.info(f"AUDIT - Action: {action}, User: {user_id}, Details: {details}, IP: {request.remote_addr}") + +@app.route('/api/admin/users/', methods=['PUT']) +@jwt_required() +@require_role('admin') +def update_user(user_id): + # Log the action + audit_log('USER_UPDATE', get_jwt_identity(), f'Updated user {user_id}') + # ... +``` + +--- + +## 🔧 PART THREE: DEPLOYMENT SECURITY + +### **File Permissions** + +**Recommendations:** +```bash +# Sensitive files should have restricted permissions +chmod 600 .env +chmod 600 instance/partner_alignment.db +chmod 700 instance/ + +# Web server files +chmod 755 static/ +chmod 644 static/css/* +chmod 644 static/js/* +chmod 644 templates/* + +# Python files +chmod 644 *.py +chmod 755 run.bat +``` + +### **Web Server Configuration** + +**Nginx Configuration:** +```nginx +# Block access to sensitive files +location ~ /\. { + deny all; + access_log off; + log_not_found off; +} + +location ~ \.(env|git|sql|bak)$ { + deny all; + access_log off; + log_not_found off; +} + +location ~ /instance/ { + deny all; + access_log off; + log_not_found off; +} + +# Security headers +add_header X-Frame-Options "SAMEORIGIN" always; +add_header X-Content-Type-Options "nosniff" always; +add_header X-XSS-Protection "1; mode=block" always; +add_header Referrer-Policy "no-referrer-when-downgrade" always; +``` + +--- + +## 📊 SECURITY SCORE SUMMARY + +| Category | Score | Status | +|----------|-------|--------| +| Secrets Management | 0/10 | 🔴 CRITICAL | +| Authentication | 3/10 | 🔴 HIGH RISK | +| Authorization | 2/10 | 🔴 HIGH RISK | +| Data Protection | 4/10 | 🟡 MEDIUM RISK | +| Infrastructure | 3/10 | 🟡 MEDIUM RISK | +| Monitoring | 2/10 | 🟡 MEDIUM RISK | +| **OVERALL** | **14/60** | 🔴 **DO NOT DEPLOY** | + +--- + +## 🎯 PRIORITY ACTION ITEMS + +### **IMMEDIATE (Do Before Anything Else):** +1. ✅ Change production database password +2. ✅ Remove credentials from this conversation +3. ✅ Set up proper `.env` file management +4. ✅ Add `.env` and database files to `.gitignore` + +### **HIGH PRIORITY (Before Deployment):** +1. Implement proper password hashing +2. Add JWT authentication to all endpoints +3. Implement role-based access control +4. Remove test account display from production +5. Configure HTTPS/TLS +6. Add security headers +7. Implement rate limiting +8. Add comprehensive logging + +### **MEDIUM PRIORITY (Before Production):** +1. Update all dependencies +2. Add input validation +3. Implement account lockout +4. Set up monitoring and alerting +5. Configure proper file permissions +6. Set up automated security scanning + +--- + +## 📝 FINAL RECOMMENDATIONS + +**DO NOT DEPLOY THIS APPLICATION TO PRODUCTION** until all critical and high-priority issues are resolved. + +The application has fundamental security flaws that would make it vulnerable to: +- Complete database compromise +- User impersonation +- Data theft +- System takeover +- Regulatory compliance violations (GDPR, etc.) + +**Recommended Next Steps:** +1. Fix all critical issues immediately +2. Conduct a second security audit after fixes +3. Implement a security-first development process +4. Set up automated security testing in CI/CD +5. Train team on secure coding practices +6. Establish incident response procedures + +--- + +**Report Generated:** 2025-01-17 +**Auditor:** Senior Security Architect +**Next Review:** After critical fixes are implemented + diff --git a/setup.bat b/setup.bat new file mode 100644 index 0000000..8fa1c20 --- /dev/null +++ b/setup.bat @@ -0,0 +1,48 @@ +@echo off +echo ======================================== +echo Partner Alignment System Setup +echo ======================================== +echo. + +REM Check if Python is available +echo Checking Python installation... +py --version +if %errorlevel% neq 0 ( + echo ERROR: Python is not installed or not in PATH + echo Please install Python 3.8+ from https://python.org + pause + exit /b 1 +) + +echo Python found! Creating virtual environment... +py -m venv venv +if %errorlevel% neq 0 ( + echo ERROR: Failed to create virtual environment + pause + exit /b 1 +) + +echo Activating virtual environment... +call venv\Scripts\activate.bat + +echo Installing Python dependencies... +pip install --upgrade pip +pip install -r requirements.txt +if %errorlevel% neq 0 ( + echo ERROR: Failed to install dependencies + pause + exit /b 1 +) + +echo. +echo ======================================== +echo Setup completed successfully! +echo ======================================== +echo. +echo To start the application, run: run.bat +echo Or manually activate the environment and run: +echo venv\Scripts\activate.bat +echo py app.py +echo. +pause + diff --git a/simple_app.py b/simple_app.py new file mode 100644 index 0000000..28b2963 --- /dev/null +++ b/simple_app.py @@ -0,0 +1,952 @@ +#!/usr/bin/env python3 +""" +簡化版夥伴對齊系統 - 使用 SQLite +無需 MySQL,開箱即用 +""" + +from flask import Flask, render_template, request, jsonify +from flask_cors import CORS +from flask_sqlalchemy import SQLAlchemy +from datetime import datetime, date +import json +import os +import csv +import io + +# 創建 Flask 應用程式 +app = Flask(__name__) + +# 配置 +app.config['SECRET_KEY'] = 'dev-secret-key-for-testing' +app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///partner_alignment.db' +app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False + +# 初始化擴展 +db = SQLAlchemy(app) +CORS(app, origins=['http://localhost:5000', 'http://127.0.0.1:5000']) + +# 數據模型 +class User(db.Model): + id = db.Column(db.Integer, primary_key=True) + username = db.Column(db.String(80), unique=True, nullable=False) + email = db.Column(db.String(120), unique=True, nullable=False) + full_name = db.Column(db.String(100), nullable=False) + department = db.Column(db.String(50), nullable=False) + position = db.Column(db.String(50), nullable=False) + password_hash = db.Column(db.String(255), nullable=False) + is_active = db.Column(db.Boolean, default=True) + created_at = db.Column(db.DateTime, default=datetime.utcnow) + +class Capability(db.Model): + id = db.Column(db.Integer, primary_key=True) + name = db.Column(db.String(100), nullable=False) + l1_description = db.Column(db.Text) + l2_description = db.Column(db.Text) + l3_description = db.Column(db.Text) + l4_description = db.Column(db.Text) + l5_description = db.Column(db.Text) + is_active = db.Column(db.Boolean, default=True) + +class DepartmentCapability(db.Model): + """部門與能力項目的關聯表""" + id = db.Column(db.Integer, primary_key=True) + department = db.Column(db.String(50), nullable=False) + capability_id = db.Column(db.Integer, db.ForeignKey('capability.id'), nullable=False) + created_at = db.Column(db.DateTime, default=datetime.utcnow) + + # 建立唯一索引,確保同一部門不會重複選擇同一能力項目 + __table_args__ = (db.UniqueConstraint('department', 'capability_id', name='uq_dept_capability'),) + +class Assessment(db.Model): + id = db.Column(db.Integer, primary_key=True) + user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False) + department = db.Column(db.String(50), nullable=False) + position = db.Column(db.String(50), nullable=False) + employee_name = db.Column(db.String(100)) + assessment_data = db.Column(db.Text) + created_at = db.Column(db.DateTime, default=datetime.utcnow) + +class StarFeedback(db.Model): + id = db.Column(db.Integer, primary_key=True) + evaluator_name = db.Column(db.String(100), nullable=False) + evaluatee_name = db.Column(db.String(100), nullable=False) + evaluatee_department = db.Column(db.String(50), nullable=False) + evaluatee_position = db.Column(db.String(50), nullable=False) + situation = db.Column(db.Text, nullable=False) + task = db.Column(db.Text, nullable=False) + action = db.Column(db.Text, nullable=False) + result = db.Column(db.Text, nullable=False) + score = db.Column(db.Integer, nullable=False) + points_earned = db.Column(db.Integer, nullable=False) + feedback_date = db.Column(db.Date, default=date.today) + created_at = db.Column(db.DateTime, default=datetime.utcnow) + +class EmployeePoint(db.Model): + id = db.Column(db.Integer, primary_key=True) + employee_name = db.Column(db.String(100), nullable=False) + department = db.Column(db.String(50), nullable=False) + position = db.Column(db.String(50), nullable=False) + total_points = db.Column(db.Integer, default=0) + monthly_points = db.Column(db.Integer, default=0) + +# 路由 +@app.route('/') +def index(): + return render_template('index.html') + +@app.route('/api/auth/login', methods=['POST']) +def login(): + """用戶登入""" + try: + data = request.get_json() + username = data.get('username') + password = data.get('password') + + if not username or not password: + return jsonify({'error': '用戶名和密碼不能為空'}), 400 + + # 查找用戶 + user = User.query.filter_by(username=username).first() + + if not user: + return jsonify({'error': '用戶名或密碼錯誤'}), 401 + + # 簡化版:直接比較密碼(不安全,僅用於開發) + # 注意:生產環境必須使用密碼哈希 + if user.password_hash != password: + return jsonify({'error': '用戶名或密碼錯誤'}), 401 + + if not user.is_active: + return jsonify({'error': '帳號已被停用'}), 403 + + # 返回用戶信息和簡單令牌 + return jsonify({ + 'access_token': f'token_{user.id}_{datetime.now().timestamp()}', + 'refresh_token': f'refresh_{user.id}_{datetime.now().timestamp()}', + 'user': { + 'id': user.id, + 'username': user.username, + 'email': user.email, + 'full_name': user.full_name, + 'department': user.department, + 'position': user.position + } + }), 200 + + except Exception as e: + return jsonify({'error': f'登入失敗: {str(e)}'}), 500 + +@app.route('/api/auth/register', methods=['POST']) +def register(): + """用戶註冊""" + try: + data = request.get_json() + + # 驗證必填欄位 + required_fields = ['username', 'email', 'password', 'full_name', 'department', 'position', 'employee_id'] + for field in required_fields: + if not data.get(field): + return jsonify({'error': f'{field} 是必填欄位'}), 400 + + # 檢查用戶名是否已存在 + if User.query.filter_by(username=data['username']).first(): + return jsonify({'error': '用戶名已存在'}), 409 + + # 檢查郵箱是否已存在 + if User.query.filter_by(email=data['email']).first(): + return jsonify({'error': '郵箱已被註冊'}), 409 + + # 創建新用戶 + user = User( + username=data['username'], + email=data['email'], + full_name=data['full_name'], + department=data['department'], + position=data['position'], + employee_id=data['employee_id'], + password_hash=data['password'], # 簡化版:直接存儲密碼 + is_active=True + ) + + db.session.add(user) + db.session.commit() + + return jsonify({ + 'message': '註冊成功', + 'user': { + 'id': user.id, + 'username': user.username, + 'email': user.email, + 'full_name': user.full_name + } + }), 201 + + except Exception as e: + db.session.rollback() + return jsonify({'error': f'註冊失敗: {str(e)}'}), 500 + +@app.route('/api/auth/protected', methods=['GET']) +def protected(): + """受保護的路由(用於驗證令牌)""" + # 簡化版:不做實際驗證,返回默認用戶信息 + # 在實際應用中,這裡應該驗證 JWT 令牌並返回對應用戶信息 + return jsonify({ + 'message': 'Access granted', + 'logged_in_as': 'admin', # 默認用戶 + 'roles': ['admin'] # 默認角色 + }), 200 + +@app.route('/api/capabilities', methods=['GET']) +def get_capabilities(): + """獲取所有啟用的能力項目""" + capabilities = Capability.query.filter_by(is_active=True).all() + return jsonify({ + 'capabilities': [{ + 'id': cap.id, + 'name': cap.name, + 'l1_description': cap.l1_description, + 'l2_description': cap.l2_description, + 'l3_description': cap.l3_description, + 'l4_description': cap.l4_description, + 'l5_description': cap.l5_description + } for cap in capabilities] + }) + +@app.route('/api/department-capabilities/', methods=['GET']) +def get_department_capabilities(department): + """獲取特定部門選擇的能力項目""" + # 查詢該部門已選擇的能力項目ID + dept_caps = DepartmentCapability.query.filter_by(department=department).all() + capability_ids = [dc.capability_id for dc in dept_caps] + + # 獲取對應的能力項目詳細信息 + capabilities = Capability.query.filter( + Capability.id.in_(capability_ids), + Capability.is_active == True + ).all() + + return jsonify({ + 'department': department, + 'capabilities': [{ + 'id': cap.id, + 'name': cap.name, + 'l1_description': cap.l1_description, + 'l2_description': cap.l2_description, + 'l3_description': cap.l3_description, + 'l4_description': cap.l4_description, + 'l5_description': cap.l5_description + } for cap in capabilities] + }) + +@app.route('/api/department-capabilities/', methods=['POST']) +def set_department_capabilities(department): + """設定部門的能力項目(部門主管使用)""" + data = request.get_json() + capability_ids = data.get('capability_ids', []) + + if not capability_ids: + return jsonify({'error': '請至少選擇一個能力項目'}), 400 + + try: + # 先刪除該部門現有的所有能力項目關聯 + DepartmentCapability.query.filter_by(department=department).delete() + + # 添加新的能力項目關聯 + for cap_id in capability_ids: + dept_cap = DepartmentCapability( + department=department, + capability_id=cap_id + ) + db.session.add(dept_cap) + + db.session.commit() + + return jsonify({ + 'success': True, + 'message': f'{department}部門的能力項目設定成功', + 'capability_count': len(capability_ids) + }), 200 + + except Exception as e: + db.session.rollback() + return jsonify({'error': str(e)}), 500 + +@app.route('/api/capabilities/import-csv', methods=['POST']) +def import_capabilities_csv(): + """從 CSV 檔案匯入能力項目""" + if 'file' not in request.files: + return jsonify({'error': '未上傳檔案'}), 400 + + file = request.files['file'] + + if file.filename == '': + return jsonify({'error': '檔案名稱為空'}), 400 + + if not file.filename.endswith('.csv'): + return jsonify({'error': '請上傳 CSV 檔案'}), 400 + + try: + # 讀取 CSV 檔案 + stream = io.StringIO(file.stream.read().decode("UTF-8"), newline=None) + csv_reader = csv.DictReader(stream) + + imported_count = 0 + skipped_count = 0 + errors = [] + + for row_num, row in enumerate(csv_reader, start=2): # start=2 因為第1行是標題 + try: + # 驗證必要欄位 + if not row.get('name'): + errors.append(f"第 {row_num} 行:能力名稱不能為空") + skipped_count += 1 + continue + + # 檢查是否已存在相同名稱的能力項目 + existing = Capability.query.filter_by(name=row['name']).first() + + if existing: + # 更新現有能力項目 + existing.l1_description = row.get('l1_description', '') + existing.l2_description = row.get('l2_description', '') + existing.l3_description = row.get('l3_description', '') + existing.l4_description = row.get('l4_description', '') + existing.l5_description = row.get('l5_description', '') + existing.is_active = True + else: + # 建立新的能力項目 + capability = Capability( + name=row['name'], + l1_description=row.get('l1_description', ''), + l2_description=row.get('l2_description', ''), + l3_description=row.get('l3_description', ''), + l4_description=row.get('l4_description', ''), + l5_description=row.get('l5_description', ''), + is_active=True + ) + db.session.add(capability) + + imported_count += 1 + + except Exception as e: + errors.append(f"第 {row_num} 行發生錯誤:{str(e)}") + skipped_count += 1 + + db.session.commit() + + return jsonify({ + 'success': True, + 'message': f'匯入完成:成功 {imported_count} 筆,跳過 {skipped_count} 筆', + 'imported_count': imported_count, + 'skipped_count': skipped_count, + 'errors': errors + }), 200 + + except Exception as e: + db.session.rollback() + return jsonify({'error': f'匯入失敗:{str(e)}'}), 500 + +@app.route('/api/assessments', methods=['POST']) +def create_assessment(): + data = request.get_json() + + # 驗證必填欄位 + required_fields = ['department', 'position', 'assessment_data'] + for field in required_fields: + if field not in data: + return jsonify({'error': f'Missing required field: {field}'}), 400 + + # 創建新評估 + assessment = Assessment( + user_id=1, # 簡化版使用固定用戶ID + department=data['department'], + position=data['position'], + employee_name=data.get('employee_name'), + assessment_data=json.dumps(data['assessment_data']) + ) + + db.session.add(assessment) + db.session.commit() + + return jsonify({ + 'success': True, + 'message': '評估資料儲存成功', + 'assessment_id': assessment.id + }), 201 + +@app.route('/api/assessments', methods=['GET']) +def get_assessments(): + assessments = Assessment.query.order_by(Assessment.created_at.desc()).all() + + result = [] + for assessment in assessments: + assessment_data = json.loads(assessment.assessment_data) if isinstance(assessment.assessment_data, str) else assessment.assessment_data + result.append({ + 'id': assessment.id, + 'department': assessment.department, + 'position': assessment.position, + 'employee_name': assessment.employee_name, + 'assessment_data': assessment_data, + 'created_at': assessment.created_at.isoformat() + }) + + return jsonify({'assessments': result}) + +@app.route('/api/star-feedbacks', methods=['POST']) +def create_star_feedback(): + data = request.get_json() + + # 驗證必填欄位 + required_fields = ['evaluator_name', 'evaluatee_name', 'evaluatee_department', + 'evaluatee_position', 'situation', 'task', 'action', 'result', 'score'] + for field in required_fields: + if field not in data: + return jsonify({'error': f'Missing required field: {field}'}), 400 + + # 計算點數 + score = data['score'] + points_earned = score * 10 + + # 創建 STAR 回饋 + feedback = StarFeedback( + evaluator_name=data['evaluator_name'], + evaluatee_name=data['evaluatee_name'], + evaluatee_department=data['evaluatee_department'], + evaluatee_position=data['evaluatee_position'], + situation=data['situation'], + task=data['task'], + action=data['action'], + result=data['result'], + score=score, + points_earned=points_earned + ) + + db.session.add(feedback) + + # 更新員工積分 + employee = EmployeePoint.query.filter_by(employee_name=data['evaluatee_name']).first() + if employee: + employee.total_points += points_earned + employee.monthly_points += points_earned + else: + employee = EmployeePoint( + employee_name=data['evaluatee_name'], + department=data['evaluatee_department'], + position=data['evaluatee_position'], + total_points=points_earned, + monthly_points=points_earned + ) + db.session.add(employee) + + db.session.commit() + + return jsonify({ + 'success': True, + 'message': '回饋資料儲存成功', + 'points_earned': points_earned + }), 201 + +@app.route('/api/star-feedbacks', methods=['GET']) +def get_star_feedbacks(): + feedbacks = StarFeedback.query.order_by(StarFeedback.created_at.desc()).all() + + result = [] + for feedback in feedbacks: + result.append({ + 'id': feedback.id, + 'evaluator_name': feedback.evaluator_name, + 'evaluatee_name': feedback.evaluatee_name, + 'evaluatee_department': feedback.evaluatee_department, + 'evaluatee_position': feedback.evaluatee_position, + 'situation': feedback.situation, + 'task': feedback.task, + 'action': feedback.action, + 'result': feedback.result, + 'score': feedback.score, + 'points_earned': feedback.points_earned, + 'feedback_date': feedback.feedback_date.isoformat(), + 'created_at': feedback.created_at.isoformat() + }) + + return jsonify({'feedbacks': result}) + +@app.route('/api/dashboard/me', methods=['GET']) +def get_dashboard_data(): + """獲取個人儀表板數據""" + # 模擬用戶數據(簡化版) + user_points = EmployeePoint.query.first() + + if not user_points: + return jsonify({ + 'points_summary': { + 'total_points': 0, + 'monthly_points': 0, + 'department_rank': 0, + 'total_rank': 0 + }, + 'recent_activities': [], + 'achievements': [], + 'performance_data': [] + }) + + # 計算排名 + total_employees = EmployeePoint.query.count() + better_employees = EmployeePoint.query.filter(EmployeePoint.total_points > user_points.total_points).count() + total_rank = better_employees + 1 + + # 模擬最近活動 + recent_activities = [ + { + 'type': 'assessment', + 'title': '完成能力評估', + 'description': '對溝通能力進行了評估', + 'points': 20, + 'created_at': '2024-01-15T10:30:00Z' + }, + { + 'type': 'feedback', + 'title': '收到STAR回饋', + 'description': '來自同事的正面回饋', + 'points': 15, + 'created_at': '2024-01-14T14:20:00Z' + } + ] + + # 模擬成就 + achievements = [ + { + 'name': '評估達人', + 'description': '完成10次能力評估', + 'icon': 'clipboard-check' + }, + { + 'name': '回饋專家', + 'description': '提供5次STAR回饋', + 'icon': 'star-fill' + } + ] + + # 模擬績效數據 + performance_data = [ + {'month': '1月', 'points': 50}, + {'month': '2月', 'points': 75}, + {'month': '3月', 'points': 60}, + {'month': '4月', 'points': 90}, + {'month': '5月', 'points': 80} + ] + + return jsonify({ + 'points_summary': { + 'total_points': user_points.total_points, + 'monthly_points': user_points.monthly_points, + 'department_rank': 1, + 'total_rank': total_rank + }, + 'recent_activities': recent_activities, + 'achievements': achievements, + 'performance_data': performance_data + }) + +@app.route('/api/rankings/total', methods=['GET']) +def get_total_rankings(): + department = request.args.get('department') + limit = request.args.get('limit', 50, type=int) + + # 構建查詢 + query = EmployeePoint.query + if department: + query = query.filter(EmployeePoint.department == department) + + employees = query.order_by(EmployeePoint.total_points.desc()).limit(limit).all() + total_count = query.count() + + rankings = [] + for rank, employee in enumerate(employees, 1): + # 計算百分位數 + percentile = ((total_count - rank + 1) / total_count * 100) if total_count > 0 else 0 + + rankings.append({ + 'rank': rank, + 'employee_name': employee.employee_name, + 'department': employee.department, + 'position': employee.position, + 'total_points': employee.total_points, + 'monthly_points': employee.monthly_points, + 'percentile': round(percentile, 1), + 'tier': get_tier_by_percentile(percentile) + }) + + return jsonify({ + 'rankings': rankings, + 'total_count': total_count, + 'department_filter': department + }) + +@app.route('/api/rankings/advanced', methods=['GET']) +def get_advanced_rankings(): + """高級排名系統,包含更多統計信息""" + department = request.args.get('department') + position = request.args.get('position') + min_points = request.args.get('min_points', 0, type=int) + max_points = request.args.get('max_points', type=int) + + # 構建查詢 + query = EmployeePoint.query + if department: + query = query.filter(EmployeePoint.department == department) + if position: + query = query.filter(EmployeePoint.position.like(f'%{position}%')) + if min_points: + query = query.filter(EmployeePoint.total_points >= min_points) + if max_points: + query = query.filter(EmployeePoint.total_points <= max_points) + + employees = query.order_by(EmployeePoint.total_points.desc()).all() + total_count = len(employees) + + if total_count == 0: + return jsonify({ + 'rankings': [], + 'statistics': {}, + 'filters': { + 'department': department, + 'position': position, + 'min_points': min_points, + 'max_points': max_points + } + }) + + # 計算統計信息 + points_list = [emp.total_points for emp in employees] + avg_points = sum(points_list) / len(points_list) + median_points = sorted(points_list)[len(points_list) // 2] + max_points_val = max(points_list) + min_points_val = min(points_list) + + rankings = [] + for rank, employee in enumerate(employees, 1): + percentile = ((total_count - rank + 1) / total_count * 100) if total_count > 0 else 0 + + rankings.append({ + 'rank': rank, + 'employee_name': employee.employee_name, + 'department': employee.department, + 'position': employee.position, + 'total_points': employee.total_points, + 'monthly_points': employee.monthly_points, + 'percentile': round(percentile, 1), + 'tier': get_tier_by_percentile(percentile), + 'vs_average': round(employee.total_points - avg_points, 1), + 'vs_median': round(employee.total_points - median_points, 1) + }) + + return jsonify({ + 'rankings': rankings, + 'statistics': { + 'total_count': total_count, + 'average_points': round(avg_points, 1), + 'median_points': median_points, + 'max_points': max_points_val, + 'min_points': min_points_val, + 'standard_deviation': round(calculate_standard_deviation(points_list), 1) + }, + 'filters': { + 'department': department, + 'position': position, + 'min_points': min_points, + 'max_points': max_points + } + }) + +def get_tier_by_percentile(percentile): + """根據百分位數返回等級""" + if percentile >= 95: + return {'name': '大師', 'color': 'danger', 'icon': 'crown'} + elif percentile >= 85: + return {'name': '專家', 'color': 'warning', 'icon': 'star-fill'} + elif percentile >= 70: + return {'name': '熟練', 'color': 'info', 'icon': 'award'} + elif percentile >= 50: + return {'name': '良好', 'color': 'success', 'icon': 'check-circle'} + else: + return {'name': '基礎', 'color': 'secondary', 'icon': 'circle'} + +def calculate_standard_deviation(data): + """計算標準差""" + if len(data) <= 1: + return 0 + + mean = sum(data) / len(data) + variance = sum((x - mean) ** 2 for x in data) / (len(data) - 1) + return variance ** 0.5 + +@app.route('/api/notifications', methods=['GET']) +def get_notifications(): + """獲取用戶通知""" + # 模擬通知數據 + notifications = [ + { + 'id': 1, + 'type': 'achievement', + 'title': '🎉 恭喜獲得新成就!', + 'message': '您已完成10次能力評估,獲得「評估達人」徽章', + 'is_read': False, + 'created_at': '2024-01-15T10:30:00Z', + 'icon': 'trophy-fill', + 'color': 'warning' + }, + { + 'id': 2, + 'type': 'ranking', + 'title': '📈 排名更新', + 'message': '您的總排名上升了3位,目前排名第5名', + 'is_read': False, + 'created_at': '2024-01-14T15:20:00Z', + 'icon': 'arrow-up-circle', + 'color': 'success' + }, + { + 'id': 3, + 'type': 'feedback', + 'title': '⭐ 收到新回饋', + 'message': '同事張三為您提供了STAR回饋,請查看詳情', + 'is_read': True, + 'created_at': '2024-01-13T09:15:00Z', + 'icon': 'star-fill', + 'color': 'info' + }, + { + 'id': 4, + 'type': 'system', + 'title': '🔔 系統通知', + 'message': '新的評估項目已上線,歡迎體驗新功能', + 'is_read': True, + 'created_at': '2024-01-12T14:00:00Z', + 'icon': 'bell-fill', + 'color': 'primary' + } + ] + + return jsonify({ + 'notifications': notifications, + 'unread_count': len([n for n in notifications if not n['is_read']]) + }) + +@app.route('/api/notifications//read', methods=['POST']) +def mark_notification_read(notification_id): + """標記通知為已讀""" + # 在實際應用中,這裡會更新數據庫 + return jsonify({'success': True, 'message': '通知已標記為已讀'}) + +@app.route('/api/notifications/read-all', methods=['POST']) +def mark_all_notifications_read(): + """標記所有通知為已讀""" + # 在實際應用中,這裡會更新數據庫 + return jsonify({'success': True, 'message': '所有通知已標記為已讀'}) + +@app.route('/api/admin/users', methods=['GET']) +def get_admin_users(): + """獲取所有用戶(管理員功能)""" + users = User.query.all() + + users_data = [] + for user in users: + users_data.append({ + 'id': user.id, + 'username': user.username, + 'email': user.email, + 'full_name': user.full_name, + 'department': user.department, + 'position': user.position, + 'employee_id': user.employee_id, + 'is_active': user.is_active, + 'created_at': user.created_at.isoformat() if user.created_at else None + }) + + return jsonify({'users': users_data}) + +@app.route('/api/admin/users/', methods=['PUT']) +def update_user(user_id): + """更新用戶信息(管理員功能)""" + user = User.query.get_or_404(user_id) + data = request.get_json() + + if 'is_active' in data: + user.is_active = data['is_active'] + if 'department' in data: + user.department = data['department'] + if 'position' in data: + user.position = data['position'] + + db.session.commit() + + return jsonify({'success': True, 'message': '用戶信息已更新'}) + +@app.route('/api/admin/statistics', methods=['GET']) +def get_admin_statistics(): + """獲取管理員統計信息""" + total_users = User.query.count() + active_users = User.query.filter_by(is_active=True).count() + total_assessments = Assessment.query.count() + total_feedbacks = StarFeedback.query.count() + + # 部門統計 + department_stats = db.session.query( + User.department, + db.func.count(User.id).label('count') + ).group_by(User.department).all() + + # 積分統計 + points_stats = db.session.query( + db.func.avg(EmployeePoint.total_points).label('avg_points'), + db.func.max(EmployeePoint.total_points).label('max_points'), + db.func.min(EmployeePoint.total_points).label('min_points') + ).first() + + return jsonify({ + 'total_users': total_users, + 'active_users': active_users, + 'total_assessments': total_assessments, + 'total_feedbacks': total_feedbacks, + 'department_stats': [{'department': d[0], 'count': d[1]} for d in department_stats], + 'points_stats': { + 'average': round(points_stats.avg_points or 0, 1), + 'maximum': points_stats.max_points or 0, + 'minimum': points_stats.min_points or 0 + } + }) + +def create_sample_data(): + """創建樣本數據""" + # 創建能力項目 + capabilities = [ + Capability( + name='溝通能力', + l1_description='基本溝通', + l2_description='有效溝通', + l3_description='專業溝通', + l4_description='領導溝通', + l5_description='戰略溝通' + ), + Capability( + name='技術能力', + l1_description='基礎技術', + l2_description='熟練技術', + l3_description='專業技術', + l4_description='專家技術', + l5_description='大師技術' + ), + Capability( + name='領導能力', + l1_description='自我管理', + l2_description='團隊協作', + l3_description='團隊領導', + l4_description='部門領導', + l5_description='戰略領導' + ) + ] + + for cap in capabilities: + existing = Capability.query.filter_by(name=cap.name).first() + if not existing: + db.session.add(cap) + + # 創建測試帳號 + test_accounts = [ + { + 'username': 'admin', + 'email': 'admin@company.com', + 'full_name': '系統管理員', + 'department': 'IT', + 'position': '系統管理員', + 'password_hash': 'admin123' # 簡化版直接存儲密碼 + }, + { + 'username': 'hr_manager', + 'email': 'hr@company.com', + 'full_name': 'HR主管', + 'department': 'HR', + 'position': '人力資源主管', + 'password_hash': 'hr123' + }, + { + 'username': 'user', + 'email': 'user@company.com', + 'full_name': '一般用戶', + 'department': 'IT', + 'position': '軟體工程師', + 'password_hash': 'user123' + } + ] + + for account in test_accounts: + existing_user = User.query.filter_by(username=account['username']).first() + if not existing_user: + user = User(**account) + db.session.add(user) + print(f"創建測試帳號: {account['username']}") + + # 創建樣本積分數據 + sample_points_data = [ + { + 'employee_name': '系統管理員', + 'department': 'IT', + 'position': '系統管理員', + 'total_points': 150, + 'monthly_points': 50 + }, + { + 'employee_name': 'HR主管', + 'department': 'HR', + 'position': '人力資源主管', + 'total_points': 120, + 'monthly_points': 40 + }, + { + 'employee_name': '一般用戶', + 'department': 'IT', + 'position': '軟體工程師', + 'total_points': 80, + 'monthly_points': 30 + } + ] + + for points_data in sample_points_data: + existing = EmployeePoint.query.filter_by(employee_name=points_data['employee_name']).first() + if not existing: + points = EmployeePoint(**points_data) + db.session.add(points) + + db.session.commit() + print("測試帳號和樣本數據創建完成") + +if __name__ == '__main__': + with app.app_context(): + # 創建所有數據庫表 + db.create_all() + print("數據庫表創建成功!") + + # 創建樣本數據 + create_sample_data() + + print("=" * 60) + print("夥伴對齊系統已啟動!") + print("=" * 60) + print("[WEB] 訪問地址: http://localhost:5000") + print() + print("[ACCOUNT] 測試帳號資訊:") + print(" 管理員: admin / admin123") + print(" HR主管: hr_manager / hr123") + print(" 一般用戶: user / user123") + print() + print("[FEATURES] 功能包括:") + print("- 能力評估系統") + print("- STAR 回饋系統") + print("- 排名系統") + print("- 數據導出") + print() + print("[TIP] 提示: 登入頁面會顯示測試帳號資訊和快速登入按鈕") + print("=" * 60) + + # 啟動應用程式 + app.run(debug=True, host='0.0.0.0', port=5000) diff --git a/static/css/style.css b/static/css/style.css new file mode 100644 index 0000000..a93e57f --- /dev/null +++ b/static/css/style.css @@ -0,0 +1,507 @@ +/* 夥伴對齊系統 - 樣式表 */ + +:root { + --primary-color: #0d6efd; + --secondary-color: #6c757d; + --success-color: #198754; + --danger-color: #dc3545; + --warning-color: #ffc107; + --info-color: #0dcaf0; + --light-color: #f8f9fa; + --dark-color: #212529; + --border-radius: 0.375rem; + --box-shadow: 0 0.125rem 0.25rem rgba(0, 0, 0, 0.075); + --transition: all 0.15s ease-in-out; +} + +/* 全局樣式 */ +body { + font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif; + background-color: #f8f9fa; + line-height: 1.6; +} + +/* 導航欄樣式 */ +.navbar-brand { + font-weight: 600; + font-size: 1.25rem; +} + +.navbar-nav .nav-link { + font-weight: 500; + transition: var(--transition); + border-radius: var(--border-radius); + margin: 0 0.25rem; +} + +.navbar-nav .nav-link:hover { + background-color: rgba(255, 255, 255, 0.1); + transform: translateY(-1px); +} + +.navbar-nav .nav-link.active { + background-color: rgba(255, 255, 255, 0.2); + font-weight: 600; +} + +/* 卡片樣式 */ +.card { + border: none; + border-radius: var(--border-radius); + box-shadow: var(--box-shadow); + transition: var(--transition); + margin-bottom: 1.5rem; +} + +.card:hover { + box-shadow: 0 0.5rem 1rem rgba(0, 0, 0, 0.15); + transform: translateY(-2px); +} + +.card-header { + background-color: #fff; + border-bottom: 1px solid #dee2e6; + font-weight: 600; + padding: 1rem 1.25rem; +} + +.card-body { + padding: 1.25rem; +} + +/* 儀表板卡片樣式 */ +.card.bg-primary, +.card.bg-success, +.card.bg-warning, +.card.bg-info { + border: none; + background: linear-gradient(135deg, var(--primary-color), #0056b3); +} + +.card.bg-success { + background: linear-gradient(135deg, var(--success-color), #146c43); +} + +.card.bg-warning { + background: linear-gradient(135deg, var(--warning-color), #e0a800); +} + +.card.bg-info { + background: linear-gradient(135deg, var(--info-color), #0aa2c0); +} + +/* 按鈕樣式 */ +.btn { + border-radius: var(--border-radius); + font-weight: 500; + transition: var(--transition); + border: none; + padding: 0.5rem 1rem; +} + +.btn:hover { + transform: translateY(-1px); + box-shadow: 0 0.25rem 0.5rem rgba(0, 0, 0, 0.15); +} + +.btn-primary { + background: linear-gradient(135deg, var(--primary-color), #0056b3); +} + +.btn-success { + background: linear-gradient(135deg, var(--success-color), #146c43); +} + +.btn-danger { + background: linear-gradient(135deg, var(--danger-color), #b02a37); +} + +.btn-warning { + background: linear-gradient(135deg, var(--warning-color), #e0a800); + color: #000; +} + +.btn-info { + background: linear-gradient(135deg, var(--info-color), #0aa2c0); +} + +/* 表單樣式 */ +.form-control, +.form-select { + border-radius: var(--border-radius); + border: 1px solid #ced4da; + transition: var(--transition); + padding: 0.5rem 0.75rem; +} + +.form-control:focus, +.form-select:focus { + border-color: var(--primary-color); + box-shadow: 0 0 0 0.2rem rgba(13, 110, 253, 0.25); +} + +.form-label { + font-weight: 500; + color: var(--dark-color); + margin-bottom: 0.5rem; +} + +/* 能力評估樣式 */ +.capability-card { + border-left: 4px solid var(--primary-color); + transition: var(--transition); +} + +.capability-card:hover { + border-left-color: var(--success-color); + background-color: #f8f9fa; +} + +.form-check-input:checked { + background-color: var(--primary-color); + border-color: var(--primary-color); +} + +.form-check-label { + font-size: 0.9rem; + line-height: 1.4; +} + +/* 排名表格樣式 */ +.table { + border-radius: var(--border-radius); + overflow: hidden; + box-shadow: var(--box-shadow); +} + +.table thead th { + background-color: var(--primary-color); + color: white; + border: none; + font-weight: 600; + padding: 1rem 0.75rem; +} + +.table tbody tr { + transition: var(--transition); +} + +.table tbody tr:hover { + background-color: #f8f9fa; + transform: scale(1.01); +} + +/* 徽章樣式 */ +.badge { + font-size: 0.75rem; + font-weight: 500; + padding: 0.375rem 0.75rem; + border-radius: var(--border-radius); +} + +/* 通知樣式 */ +.alert { + border: none; + border-radius: var(--border-radius); + border-left: 4px solid; + margin-bottom: 1rem; +} + +.alert-primary { + border-left-color: var(--primary-color); + background-color: rgba(13, 110, 253, 0.1); +} + +.alert-success { + border-left-color: var(--success-color); + background-color: rgba(25, 135, 84, 0.1); +} + +.alert-warning { + border-left-color: var(--warning-color); + background-color: rgba(255, 193, 7, 0.1); +} + +.alert-danger { + border-left-color: var(--danger-color); + background-color: rgba(220, 53, 69, 0.1); +} + +/* 模態框樣式 */ +.modal-content { + border: none; + border-radius: var(--border-radius); + box-shadow: 0 1rem 3rem rgba(0, 0, 0, 0.175); +} + +.modal-header { + border-bottom: 1px solid #dee2e6; + background-color: #f8f9fa; + border-radius: var(--border-radius) var(--border-radius) 0 0; +} + +.modal-footer { + border-top: 1px solid #dee2e6; + background-color: #f8f9fa; + border-radius: 0 0 var(--border-radius) var(--border-radius); +} + +/* 載入動畫 */ +.spinner-border { + width: 3rem; + height: 3rem; +} + +/* Toast 樣式 */ +.toast { + border: none; + border-radius: var(--border-radius); + box-shadow: 0 0.5rem 1rem rgba(0, 0, 0, 0.15); +} + +.toast-header { + background-color: #f8f9fa; + border-bottom: 1px solid #dee2e6; +} + +/* 標籤頁樣式 */ +.nav-tabs .nav-link { + border: none; + border-radius: var(--border-radius) var(--border-radius) 0 0; + color: var(--secondary-color); + font-weight: 500; + transition: var(--transition); +} + +.nav-tabs .nav-link:hover { + border-color: transparent; + background-color: #f8f9fa; +} + +.nav-tabs .nav-link.active { + background-color: var(--primary-color); + color: white; + border-color: var(--primary-color); +} + +/* 下拉選單樣式 */ +.dropdown-menu { + border: none; + border-radius: var(--border-radius); + box-shadow: 0 0.5rem 1rem rgba(0, 0, 0, 0.15); + padding: 0.5rem 0; +} + +.dropdown-item { + padding: 0.5rem 1rem; + transition: var(--transition); +} + +.dropdown-item:hover { + background-color: #f8f9fa; + color: var(--primary-color); +} + +/* 響應式設計 */ +@media (max-width: 768px) { + .container-fluid { + padding: 0.5rem; + } + + .card { + margin-bottom: 1rem; + } + + .card-body { + padding: 1rem; + } + + .table-responsive { + font-size: 0.875rem; + } + + .btn { + padding: 0.375rem 0.75rem; + font-size: 0.875rem; + } +} + +@media (max-width: 576px) { + .navbar-brand { + font-size: 1rem; + } + + .card-header h5 { + font-size: 1rem; + } + + .modal-dialog { + margin: 0.5rem; + } +} + +/* 動畫效果 */ +@keyframes fadeIn { + from { + opacity: 0; + transform: translateY(20px); + } + to { + opacity: 1; + transform: translateY(0); + } +} + +.section { + animation: fadeIn 0.5s ease-in-out; +} + +/* 自定義滾動條 */ +::-webkit-scrollbar { + width: 8px; +} + +::-webkit-scrollbar-track { + background: #f1f1f1; + border-radius: 4px; +} + +::-webkit-scrollbar-thumb { + background: var(--primary-color); + border-radius: 4px; +} + +::-webkit-scrollbar-thumb:hover { + background: #0056b3; +} + +/* 工具提示樣式 */ +.tooltip { + font-size: 0.875rem; +} + +.tooltip-inner { + background-color: var(--dark-color); + border-radius: var(--border-radius); +} + +/* 進度條樣式 */ +.progress { + height: 0.5rem; + border-radius: var(--border-radius); + background-color: #e9ecef; +} + +.progress-bar { + border-radius: var(--border-radius); + transition: width 0.6s ease; +} + +/* 統計卡片特殊樣式 */ +.stats-card { + position: relative; + overflow: hidden; +} + +.stats-card::before { + content: ''; + position: absolute; + top: 0; + right: 0; + width: 100px; + height: 100px; + background: rgba(255, 255, 255, 0.1); + border-radius: 50%; + transform: translate(30px, -30px); +} + +.stats-card .card-body { + position: relative; + z-index: 1; +} + +/* 排名特殊樣式 */ +.ranking-item { + transition: var(--transition); + border-radius: var(--border-radius); + padding: 0.75rem; + margin-bottom: 0.5rem; + background: white; + border-left: 4px solid var(--primary-color); +} + +.ranking-item:hover { + transform: translateX(5px); + box-shadow: var(--box-shadow); +} + +.ranking-item.top-3 { + border-left-color: var(--warning-color); + background: linear-gradient(135deg, #fff9e6, #ffffff); +} + +.ranking-item.top-1 { + border-left-color: #ffd700; + background: linear-gradient(135deg, #fffacd, #ffffff); +} + +/* 能力等級標籤 */ +.level-badge { + font-size: 0.75rem; + font-weight: 600; + padding: 0.25rem 0.5rem; + border-radius: 0.25rem; + text-transform: uppercase; + letter-spacing: 0.5px; +} + +.level-l1 { background-color: var(--danger-color); color: white; } +.level-l2 { background-color: var(--warning-color); color: #000; } +.level-l3 { background-color: var(--info-color); color: white; } +.level-l4 { background-color: var(--success-color); color: white; } +.level-l5 { background-color: var(--primary-color); color: white; } + +/* 空狀態樣式 */ +.empty-state { + text-align: center; + padding: 3rem 1rem; + color: var(--secondary-color); +} + +.empty-state i { + font-size: 3rem; + margin-bottom: 1rem; + opacity: 0.5; +} + +/* 載入狀態 */ +.loading-overlay { + position: absolute; + top: 0; + left: 0; + right: 0; + bottom: 0; + background: rgba(255, 255, 255, 0.8); + display: flex; + align-items: center; + justify-content: center; + z-index: 1000; + border-radius: var(--border-radius); +} + +/* 成功/錯誤狀態 */ +.status-success { + color: var(--success-color); +} + +.status-error { + color: var(--danger-color); +} + +.status-warning { + color: var(--warning-color); +} + +.status-info { + color: var(--info-color); +} \ No newline at end of file diff --git a/static/js/admin.js b/static/js/admin.js new file mode 100644 index 0000000..88e2661 --- /dev/null +++ b/static/js/admin.js @@ -0,0 +1,324 @@ +// Admin functionality JavaScript + +class AdminManager { + constructor() { + this.initializeEventListeners(); + } + + initializeEventListeners() { + // Export buttons + document.addEventListener('click', (e) => { + if (e.target.matches('[onclick*="exportData"]')) { + e.preventDefault(); + const onclick = e.target.getAttribute('onclick'); + const matches = onclick.match(/exportData\('([^']+)',\s*'([^']+)'\)/); + if (matches) { + this.exportData(matches[1], matches[2]); + } + } + }); + + // Calculate rankings button + document.addEventListener('click', (e) => { + if (e.target.matches('[onclick*="calculateMonthlyRankings"]')) { + e.preventDefault(); + this.calculateMonthlyRankings(); + } + }); + } + + async exportData(type, format) { + try { + this.showLoading(true, `正在匯出${type === 'assessments' ? '評估資料' : 'STAR回饋'}...`); + + const url = `/api/export/${type}?format=${format}`; + + // Create a temporary link to download the file + const link = document.createElement('a'); + link.href = url; + link.download = `${type}_${new Date().toISOString().split('T')[0]}.${format === 'excel' ? 'xlsx' : 'csv'}`; + document.body.appendChild(link); + link.click(); + document.body.removeChild(link); + + this.showSuccess(`${type === 'assessments' ? '評估資料' : 'STAR回饋'}匯出成功`); + + } catch (error) { + console.error('Export failed:', error); + this.showError('匯出失敗: ' + error.message); + } finally { + this.showLoading(false); + } + } + + async calculateMonthlyRankings() { + try { + const year = document.getElementById('calc-year').value; + const month = document.getElementById('calc-month').value; + + if (!year || !month) { + this.showError('請選擇年份和月份'); + return; + } + + this.showLoading(true, '正在計算月度排名...'); + + const response = await fetch('/api/rankings/calculate', { + method: 'POST', + headers: { + 'Content-Type': 'application/json' + }, + body: JSON.stringify({ + year: parseInt(year), + month: parseInt(month) + }) + }); + + if (!response.ok) { + throw new Error(`HTTP error! status: ${response.status}`); + } + + const result = await response.json(); + this.showSuccess(result.message); + + } catch (error) { + console.error('Calculate rankings failed:', error); + this.showError('排名計算失敗: ' + error.message); + } finally { + this.showLoading(false); + } + } + + showLoading(show, message = '處理中...') { + // You can implement a more sophisticated loading indicator here + if (show) { + console.log('Loading:', message); + } else { + console.log('Loading finished'); + } + } + + showSuccess(message) { + console.log('Success:', message); + if (window.showSuccess) { + window.showSuccess(message); + } + } + + showError(message) { + console.error('Error:', message); + if (window.showError) { + window.showError(message); + } + } +} + +// Data management utilities +class DataManager { + constructor() { + this.initializeDataManagement(); + } + + initializeDataManagement() { + // Add any data management functionality here + this.setupDataValidation(); + } + + setupDataValidation() { + // Validate data integrity + this.validateDataIntegrity(); + } + + async validateDataIntegrity() { + try { + // Check for orphaned records, missing references, etc. + console.log('Validating data integrity...'); + + // You can add specific validation logic here + + } catch (error) { + console.error('Data validation failed:', error); + } + } + + async getSystemStats() { + try { + const [assessments, feedbacks, employees] = await Promise.all([ + fetch('/api/assessments?per_page=1').then(r => r.json()), + fetch('/api/star-feedbacks?per_page=1').then(r => r.json()), + fetch('/api/rankings/total?limit=1').then(r => r.json()) + ]); + + return { + totalAssessments: assessments.total || 0, + totalFeedbacks: feedbacks.total || 0, + totalEmployees: employees.rankings.length || 0 + }; + } catch (error) { + console.error('Failed to get system stats:', error); + return null; + } + } +} + +// Export functionality +class ExportManager { + constructor() { + this.supportedFormats = ['excel', 'csv']; + } + + async exportAssessments(format = 'excel') { + return this.exportData('assessments', format); + } + + async exportStarFeedbacks(format = 'excel') { + return this.exportData('star-feedbacks', format); + } + + async exportData(type, format) { + if (!this.supportedFormats.includes(format)) { + throw new Error(`Unsupported format: ${format}`); + } + + const url = `/api/export/${type}?format=${format}`; + + try { + const response = await fetch(url); + + if (!response.ok) { + throw new Error(`Export failed: ${response.status}`); + } + + // Get filename from response headers or create default + const contentDisposition = response.headers.get('Content-Disposition'); + let filename = `${type}_${new Date().toISOString().split('T')[0]}.${format === 'excel' ? 'xlsx' : 'csv'}`; + + if (contentDisposition) { + const filenameMatch = contentDisposition.match(/filename="(.+)"/); + if (filenameMatch) { + filename = filenameMatch[1]; + } + } + + // Create blob and download + const blob = await response.blob(); + this.downloadBlob(blob, filename); + + return filename; + + } catch (error) { + console.error('Export failed:', error); + throw error; + } + } + + downloadBlob(blob, filename) { + const url = window.URL.createObjectURL(blob); + const link = document.createElement('a'); + link.href = url; + link.download = filename; + document.body.appendChild(link); + link.click(); + document.body.removeChild(link); + window.URL.revokeObjectURL(url); + } +} + +// Ranking calculation utilities +class RankingCalculator { + constructor() { + this.initializeRankingCalculation(); + } + + initializeRankingCalculation() { + // Add any ranking calculation setup here + } + + async calculateMonthlyRankings(year, month) { + try { + const response = await fetch('/api/rankings/calculate', { + method: 'POST', + headers: { + 'Content-Type': 'application/json' + }, + body: JSON.stringify({ year, month }) + }); + + if (!response.ok) { + throw new Error(`Calculation failed: ${response.status}`); + } + + const result = await response.json(); + return result; + + } catch (error) { + console.error('Ranking calculation failed:', error); + throw error; + } + } + + async getRankingHistory(year, month) { + try { + const response = await fetch(`/api/rankings/monthly?year=${year}&month=${month}`); + + if (!response.ok) { + throw new Error(`Failed to get ranking history: ${response.status}`); + } + + const result = await response.json(); + return result; + + } catch (error) { + console.error('Failed to get ranking history:', error); + throw error; + } + } +} + +// Initialize admin functionality when DOM is loaded +document.addEventListener('DOMContentLoaded', function() { + // Initialize admin manager + window.adminManager = new AdminManager(); + + // Initialize data manager + window.dataManager = new DataManager(); + + // Initialize export manager + window.exportManager = new ExportManager(); + + // Initialize ranking calculator + window.rankingCalculator = new RankingCalculator(); +}); + +// Global functions for HTML onclick handlers +function exportData(type, format) { + if (window.exportManager) { + window.exportManager.exportData(type, format); + } +} + +function calculateMonthlyRankings() { + if (window.rankingCalculator) { + const year = document.getElementById('calc-year').value; + const month = document.getElementById('calc-month').value; + + if (!year || !month) { + if (window.showError) { + window.showError('請選擇年份和月份'); + } + return; + } + + window.rankingCalculator.calculateMonthlyRankings(parseInt(year), parseInt(month)) + .then(result => { + if (window.showSuccess) { + window.showSuccess(result.message); + } + }) + .catch(error => { + if (window.showError) { + window.showError('排名計算失敗: ' + error.message); + } + }); + } +} diff --git a/static/js/app.js b/static/js/app.js new file mode 100644 index 0000000..8930cd3 --- /dev/null +++ b/static/js/app.js @@ -0,0 +1,1646 @@ +/** + * 夥伴對齊系統 - 前端應用程式 + * 包含認證、儀表板、評估、回饋、排名等功能 + */ + +class PartnerAlignmentApp { + constructor() { + this.currentUser = null; + this.accessToken = localStorage.getItem('accessToken'); + this.refreshToken = localStorage.getItem('refreshToken'); + this.currentSection = 'dashboard'; + + this.init(); + } + + init() { + this.setupEventListeners(); + this.checkAuthentication(); + this.setupNavigation(); + } + + setupEventListeners() { + // Login/Register modals + document.getElementById('loginBtn').addEventListener('click', () => this.showLoginModal()); + document.getElementById('showLoginBtn').addEventListener('click', () => this.showLoginModal()); + document.getElementById('showRegisterModal').addEventListener('click', () => this.showRegisterModal()); + + // Forms + document.getElementById('loginForm').addEventListener('submit', (e) => this.handleLogin(e)); + document.getElementById('registerForm').addEventListener('submit', (e) => this.handleRegister(e)); + document.getElementById('assessmentForm').addEventListener('submit', (e) => this.handleAssessmentSubmit(e)); + document.getElementById('starFeedbackForm').addEventListener('submit', (e) => this.handleStarFeedbackSubmit(e)); + + // Logout + document.getElementById('logoutBtn').addEventListener('click', () => this.handleLogout()); + + // Navigation + document.querySelectorAll('[data-section]').forEach(link => { + link.addEventListener('click', (e) => this.handleNavigation(e)); + }); + + // Ranking filters + document.getElementById('applyFilters').addEventListener('click', () => this.loadAdvancedRankings()); + + // Notifications + document.getElementById('markAllReadBtn').addEventListener('click', () => this.markAllNotificationsRead()); + + // Admin functions + document.getElementById('refreshUsersBtn').addEventListener('click', () => this.loadAdminUsers()); + + // Department capabilities management + document.getElementById('deptSelect').addEventListener('change', (e) => this.handleDepartmentSelect(e)); + document.getElementById('loadDeptCapabilitiesBtn').addEventListener('click', () => this.loadDepartmentCapabilities()); + document.getElementById('saveDeptCapabilitiesBtn').addEventListener('click', () => this.saveDepartmentCapabilities()); + + // Assessment department change - reload capabilities based on department + document.getElementById('assessmentDepartment').addEventListener('change', (e) => this.handleAssessmentDepartmentChange(e)); + + // Capabilities CSV import + document.getElementById('importCsvBtn').addEventListener('click', () => this.importCapabilitiesCsv()); + document.getElementById('downloadTemplateCsvBtn').addEventListener('click', () => this.downloadCsvTemplate()); + document.getElementById('refreshCapabilitiesBtn').addEventListener('click', () => this.loadCapabilitiesList()); + } + + setupNavigation() { + // Set default section + this.showSection('dashboard'); + } + + checkAuthentication() { + if (this.accessToken) { + // 嘗試從 localStorage 恢復用戶信息 + const storedUser = localStorage.getItem('currentUser'); + if (storedUser) { + try { + this.currentUser = JSON.parse(storedUser); + } catch (e) { + console.error('Failed to parse stored user:', e); + } + } + + if (this.currentUser) { + this.showAuthenticatedUI(); + this.loadDashboard(); + this.loadNotifications(); + } else { + this.validateToken(); + } + } else { + this.showLoginRequired(); + } + } + + async validateToken() { + try { + const response = await this.apiCall('/api/auth/protected', 'GET'); + if (response.ok) { + const data = await response.json(); + this.currentUser = data; + this.showAuthenticatedUI(); + this.loadDashboard(); + this.loadNotifications(); + } else { + this.handleTokenExpired(); + } + } catch (error) { + console.error('Token validation failed:', error); + this.handleTokenExpired(); + } + } + + handleTokenExpired() { + this.clearTokens(); + this.showLoginRequired(); + this.showToast('登入已過期,請重新登入', 'warning'); + } + + clearTokens() { + localStorage.removeItem('accessToken'); + localStorage.removeItem('refreshToken'); + this.accessToken = null; + this.refreshToken = null; + this.currentUser = null; + } + + showLoginRequired() { + document.getElementById('loginRequired').style.display = 'block'; + document.querySelectorAll('.section').forEach(section => { + section.style.display = 'none'; + }); + document.getElementById('authNav').style.display = 'block'; + document.getElementById('userNav').style.display = 'none'; + } + + showAuthenticatedUI() { + // 隱藏登入提示,顯示用戶界面 + const loginRequired = document.getElementById('loginRequired'); + if (loginRequired) loginRequired.style.display = 'none'; + + // 隱藏登入按鈕,顯示用戶菜單 + const authNav = document.getElementById('authNav'); + if (authNav) authNav.style.display = 'none'; + + const userNav = document.getElementById('userNav'); + if (userNav) userNav.style.display = 'block'; + + // 更新用戶顯示名稱 + const userDisplayName = document.getElementById('userDisplayName'); + if (userDisplayName && this.currentUser) { + userDisplayName.textContent = this.currentUser.full_name || this.currentUser.username || '用戶'; + } + + // 根據權限顯示/隱藏管理功能 + const adminNavItem = document.getElementById('adminNavItem'); + if (adminNavItem && this.currentUser) { + // 檢查用戶名或角色以決定是否顯示管理功能 + const username = this.currentUser.username || ''; + const hasAdminAccess = username === 'admin' || username === 'hr_manager'; + adminNavItem.style.display = hasAdminAccess ? 'block' : 'none'; + } + + // 顯示儀表板 + this.showSection('dashboard'); + } + + showLoginModal() { + const modal = new bootstrap.Modal(document.getElementById('loginModal')); + modal.show(); + } + + showRegisterModal() { + const loginModal = bootstrap.Modal.getInstance(document.getElementById('loginModal')); + if (loginModal) loginModal.hide(); + + const registerModal = new bootstrap.Modal(document.getElementById('registerModal')); + registerModal.show(); + } + + async handleLogin(e) { + e.preventDefault(); + + const username = document.getElementById('loginUsername').value; + const password = document.getElementById('loginPassword').value; + + try { + this.showLoading(true); + + const response = await fetch('/api/auth/login', { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + }, + body: JSON.stringify({ username, password }) + }); + + if (response.ok) { + const data = await response.json(); + this.accessToken = data.access_token; + this.refreshToken = data.refresh_token; + this.currentUser = data.user; // 保存用戶信息 + + localStorage.setItem('accessToken', this.accessToken); + localStorage.setItem('refreshToken', this.refreshToken); + localStorage.setItem('currentUser', JSON.stringify(this.currentUser)); + + // Close modal + const modal = bootstrap.Modal.getInstance(document.getElementById('loginModal')); + if (modal) modal.hide(); + + // 更新 UI + this.showAuthenticatedUI(); + this.loadDashboard(); + this.loadNotifications(); + + this.showToast('登入成功!歡迎 ' + data.user.full_name, 'success'); + } else { + const error = await response.json(); + this.showToast(error.error || error.message || '登入失敗', 'error'); + } + } catch (error) { + console.error('Login error:', error); + this.showToast('登入時發生錯誤', 'error'); + } finally { + this.showLoading(false); + } + } + + async handleRegister(e) { + e.preventDefault(); + + const formData = { + username: document.getElementById('regUsername').value, + email: document.getElementById('regEmail').value, + password: document.getElementById('regPassword').value, + full_name: document.getElementById('regFullName').value, + department: document.getElementById('regDepartment').value, + position: document.getElementById('regPosition').value, + employee_id: document.getElementById('regEmployeeId').value + }; + + try { + this.showLoading(true); + + const response = await fetch('/api/auth/register', { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + }, + body: JSON.stringify(formData) + }); + + if (response.ok) { + const modal = bootstrap.Modal.getInstance(document.getElementById('registerModal')); + modal.hide(); + this.showToast('註冊成功!請登入', 'success'); + this.showLoginModal(); + } else { + const error = await response.json(); + this.showToast(error.message || '註冊失敗', 'error'); + } + } catch (error) { + console.error('Register error:', error); + this.showToast('註冊時發生錯誤', 'error'); + } finally { + this.showLoading(false); + } + } + + handleLogout() { + this.clearTokens(); + localStorage.removeItem('currentUser'); // 清除用戶信息 + this.currentUser = null; + this.showLoginRequired(); + this.showToast('已登出', 'info'); + } + + handleNavigation(e) { + e.preventDefault(); + const section = e.currentTarget.getAttribute('data-section'); + this.showSection(section); + } + + showSection(sectionName) { + // Hide all sections + document.querySelectorAll('.section').forEach(section => { + section.style.display = 'none'; + }); + + // Show target section + const targetSection = document.getElementById(`${sectionName}-section`); + if (targetSection) { + targetSection.style.display = 'block'; + this.currentSection = sectionName; + + // Update navigation + document.querySelectorAll('[data-section]').forEach(link => { + link.classList.remove('active'); + }); + document.querySelector(`[data-section="${sectionName}"]`).classList.add('active'); + + // Load section-specific data + this.loadSectionData(sectionName); + } + } + + async loadSectionData(sectionName) { + switch (sectionName) { + case 'dashboard': + await this.loadDashboard(); + break; + case 'assessment': + await this.loadCapabilities(); + break; + case 'star-feedback': + // STAR feedback form is static + break; + case 'rankings': + await this.loadTotalRankings(); + await this.loadMonthlyRankings(); + break; + case 'admin': + await this.loadAdminData(); + break; + } + } + + async loadDashboard() { + try { + const response = await this.apiCall('/api/dashboard/me', 'GET'); + if (response.ok) { + const data = await response.json(); + this.renderDashboard(data); + } + } catch (error) { + console.error('Failed to load dashboard:', error); + } + } + + renderDashboard(data) { + const container = document.getElementById('dashboardContent'); + + container.innerHTML = ` +
+
+
+
+
+

總積分

+

${data.points_summary.total_points || 0}

+
+
+ +
+
+
+
+
+
+
+
+
+
+

本月積分

+

${data.points_summary.monthly_points || 0}

+
+
+ +
+
+
+
+
+
+
+
+
+
+

部門排名

+

${data.points_summary.department_rank || 'N/A'}

+
+
+ +
+
+
+
+
+
+
+
+
+
+

總排名

+

${data.points_summary.total_rank || 'N/A'}

+
+
+ +
+
+
+
+
+
+
+
+
最近通知
+
+
+ ${this.renderNotifications(data.recent_notifications)} +
+
+
+ `; + } + + renderNotifications(notifications) { + if (!notifications || notifications.length === 0) { + return '

暫無通知

'; + } + + return notifications.map(notification => ` + + `).join(''); + } + + async markNotificationAsRead(notificationId) { + try { + await this.apiCall(`/api/dashboard/notifications/${notificationId}/read`, 'POST'); + this.loadDashboard(); // Reload dashboard to update notifications + } catch (error) { + console.error('Failed to mark notification as read:', error); + } + } + + async loadCapabilities(department = null) { + try { + let url = '/api/capabilities'; + + // 如果指定了部門,則只載入該部門選擇的能力項目 + if (department) { + url = `/api/department-capabilities/${department}`; + } + + const response = await this.apiCall(url, 'GET'); + if (response.ok) { + const data = await response.json(); + this.renderCapabilities(data.capabilities); + } + } catch (error) { + console.error('Failed to load capabilities:', error); + } + } + + async handleAssessmentDepartmentChange(e) { + const department = e.target.value; + const container = document.getElementById('capabilitiesContainer'); + + if (!department) { + container.innerHTML = ` +
+ + 請先選擇部門以載入對應的能力評估項目 +
+ `; + return; + } + + // 根據選擇的部門載入能力項目 + await this.loadCapabilities(department); + } + + renderCapabilities(capabilities) { + const container = document.getElementById('capabilitiesContainer'); + + if (!capabilities || capabilities.length === 0) { + container.innerHTML = ` +
+ + 該部門尚未設定能力評估項目。請聯繫管理員進行設定。 +
+ `; + return; + } + + container.innerHTML = capabilities.map(capability => ` +
+
+
${capability.name}
+
+
+
+
+ +
+ + +
+
+
+ +
+ + +
+
+
+ +
+ + +
+
+
+ +
+ + +
+
+
+ +
+ + +
+
+
+
+
+ `).join(''); + } + + async handleAssessmentSubmit(e) { + e.preventDefault(); + + const formData = { + department: document.getElementById('assessmentDepartment').value, + position: document.getElementById('assessmentPosition').value, + employee_name: document.getElementById('assessmentEmployeeName').value, + assessment_data: this.collectAssessmentData() + }; + + try { + this.showLoading(true); + + const response = await this.apiCall('/api/assessments', 'POST', formData); + + if (response.ok) { + this.showToast('評估提交成功!', 'success'); + document.getElementById('assessmentForm').reset(); + } else { + const error = await response.json(); + this.showToast(error.error || '提交失敗', 'error'); + } + } catch (error) { + console.error('Assessment submission error:', error); + this.showToast('提交時發生錯誤', 'error'); + } finally { + this.showLoading(false); + } + } + + collectAssessmentData() { + const data = {}; + document.querySelectorAll('[name^="capability_"]:checked').forEach(radio => { + const capabilityId = radio.name.split('_')[1]; + data[capabilityId] = parseInt(radio.value); + }); + return data; + } + + async handleStarFeedbackSubmit(e) { + e.preventDefault(); + + const formData = { + evaluator_name: document.getElementById('evaluatorName').value, + evaluatee_name: document.getElementById('evaluateeName').value, + evaluatee_department: document.getElementById('evaluateeDepartment').value, + evaluatee_position: document.getElementById('evaluateePosition').value, + situation: document.getElementById('situation').value, + task: document.getElementById('task').value, + action: document.getElementById('action').value, + result: document.getElementById('result').value, + score: parseInt(document.getElementById('score').value) + }; + + try { + this.showLoading(true); + + const response = await this.apiCall('/api/star-feedbacks', 'POST', formData); + + if (response.ok) { + const data = await response.json(); + this.showToast(`回饋提交成功!獲得 ${data.points_earned} 積分`, 'success'); + document.getElementById('starFeedbackForm').reset(); + } else { + const error = await response.json(); + this.showToast(error.error || '提交失敗', 'error'); + } + } catch (error) { + console.error('STAR feedback submission error:', error); + this.showToast('提交時發生錯誤', 'error'); + } finally { + this.showLoading(false); + } + } + + async loadTotalRankings() { + try { + const department = document.getElementById('totalRankingDepartment').value; + const params = department ? `?department=${encodeURIComponent(department)}` : ''; + + const response = await this.apiCall(`/api/rankings/total${params}`, 'GET'); + if (response.ok) { + const data = await response.json(); + this.renderTotalRankings(data.rankings); + } + } catch (error) { + console.error('Failed to load total rankings:', error); + } + } + + renderTotalRankings(rankings) { + const container = document.getElementById('totalRankingsList'); + + if (!rankings || rankings.length === 0) { + container.innerHTML = '

暫無排名數據

'; + return; + } + + container.innerHTML = ` +
+ + + + + + + + + + + + ${rankings.map(ranking => ` + + + + + + + + `).join('')} + +
排名姓名部門職位總積分
${ranking.rank}${ranking.employee_name}${ranking.department}${ranking.position}${ranking.total_points}
+
+ `; + } + + async loadMonthlyRankings() { + try { + const year = document.getElementById('monthlyRankingYear').value; + const month = document.getElementById('monthlyRankingMonth').value; + + const response = await this.apiCall(`/api/rankings/monthly?year=${year}&month=${month}`, 'GET'); + if (response.ok) { + const data = await response.json(); + this.renderMonthlyRankings(data.rankings); + } + } catch (error) { + console.error('Failed to load monthly rankings:', error); + } + } + + renderMonthlyRankings(rankings) { + const container = document.getElementById('monthlyRankingsList'); + + if (!rankings || rankings.length === 0) { + container.innerHTML = '

暫無月度排名數據

'; + return; + } + + container.innerHTML = ` +
+ + + + + + + + + + + + ${rankings.map(ranking => ` + + + + + + + + `).join('')} + +
排名姓名部門職位月度積分
${ranking.ranking}${ranking.employee_name}${ranking.department}${ranking.position}${ranking.monthly_points}
+
+ `; + } + + async loadAdminData() { + // Load admin data based on user permissions + if (this.currentUser && this.currentUser.roles) { + const hasUserManagement = this.currentUser.roles.some(role => + ['super_admin', 'admin', 'hr_manager'].includes(role) + ); + + if (hasUserManagement) { + await this.loadUsersManagement(); + } + } + } + + async loadUsersManagement() { + try { + const response = await this.apiCall('/api/admin/users', 'GET'); + if (response.ok) { + const data = await response.json(); + this.renderUsersManagement(data); + } + } catch (error) { + console.error('Failed to load users management:', error); + } + } + + renderUsersManagement(users) { + const container = document.getElementById('usersManagement'); + + container.innerHTML = ` +
+
用戶管理
+ +
+
+ + + + + + + + + + + + + + + ${users.map(user => ` + + + + + + + + + + + `).join('')} + +
ID用戶名姓名部門職位狀態角色操作
${user.id}${user.username}${user.full_name}${user.department}${user.position} + + ${user.is_active ? '啟用' : '停用'} + + + ${user.roles.map(role => `${role}`).join('')} + + + +
+
+ `; + } + + async apiCall(url, method = 'GET', data = null) { + const options = { + method, + headers: { + 'Content-Type': 'application/json', + } + }; + + if (this.accessToken) { + options.headers['Authorization'] = `Bearer ${this.accessToken}`; + } + + if (data) { + options.body = JSON.stringify(data); + } + + const response = await fetch(url, options); + + // Handle token refresh if needed + if (response.status === 401 && this.refreshToken) { + const refreshed = await this.refreshAccessToken(); + if (refreshed) { + // Retry the original request + options.headers['Authorization'] = `Bearer ${this.accessToken}`; + return await fetch(url, options); + } + } + + return response; + } + + async refreshAccessToken() { + try { + const response = await fetch('/api/auth/refresh', { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + }, + body: JSON.stringify({ refresh_token: this.refreshToken }) + }); + + if (response.ok) { + const data = await response.json(); + this.accessToken = data.access_token; + localStorage.setItem('accessToken', this.accessToken); + return true; + } + } catch (error) { + console.error('Token refresh failed:', error); + } + + this.clearTokens(); + return false; + } + + showLoading(show) { + document.getElementById('loadingSpinner').style.display = show ? 'block' : 'none'; + } + + showToast(message, type = 'info') { + const toast = document.getElementById('toast'); + const toastMessage = document.getElementById('toastMessage'); + + toastMessage.textContent = message; + + // Update toast styling based on type + const toastHeader = toast.querySelector('.toast-header'); + const icon = toastHeader.querySelector('i'); + + icon.className = `bi me-2`; + switch (type) { + case 'success': + icon.classList.add('bi-check-circle-fill', 'text-success'); + break; + case 'error': + icon.classList.add('bi-exclamation-triangle-fill', 'text-danger'); + break; + case 'warning': + icon.classList.add('bi-exclamation-circle-fill', 'text-warning'); + break; + default: + icon.classList.add('bi-info-circle-fill', 'text-primary'); + } + + const bsToast = new bootstrap.Toast(toast); + bsToast.show(); + } +} + +// Enhanced dashboard rendering methods +function renderRecentActivities(activities) { + const container = document.getElementById('recentActivities'); + + if (!activities || activities.length === 0) { + container.innerHTML = ` +
+ +

暫無最近活動

+
+ `; + return; + } + + const activitiesHtml = activities.map(activity => ` +
+
+ +
+
+
${activity.title}
+ ${activity.description} +
${new Date(activity.created_at).toLocaleString()}
+
+
+ +${activity.points || 0} +
+
+ `).join(''); + + container.innerHTML = activitiesHtml; +} + +function renderAchievements(achievements) { + const container = document.getElementById('achievements'); + + if (!achievements || achievements.length === 0) { + container.innerHTML = ` +
+ +

暫無成就

+
+ `; + return; + } + + const achievementsHtml = achievements.map(achievement => ` +
+
+ +
+
+
${achievement.name}
+ ${achievement.description} +
+
+ `).join(''); + + container.innerHTML = achievementsHtml; +} + +function renderPerformanceChart(performanceData) { + const ctx = document.getElementById('pointsChart'); + if (!ctx) return; + + const chartCtx = ctx.getContext('2d'); + + // Destroy existing chart if it exists + if (window.pointsChart) { + window.pointsChart.destroy(); + } + + const labels = performanceData.map(item => item.month); + const data = performanceData.map(item => item.points); + + window.pointsChart = new Chart(chartCtx, { + type: 'line', + data: { + labels: labels, + datasets: [{ + label: '積分', + data: data, + borderColor: 'rgb(75, 192, 192)', + backgroundColor: 'rgba(75, 192, 192, 0.2)', + tension: 0.1 + }] + }, + options: { + responsive: true, + plugins: { + legend: { + display: false + } + }, + scales: { + y: { + beginAtZero: true + } + } + } + }); +} + +function getActivityIcon(type) { + const icons = { + 'assessment': 'clipboard-check', + 'feedback': 'star-fill', + 'achievement': 'trophy-fill', + 'ranking': 'award' + }; + return icons[type] || 'circle'; +} + +function getActivityBadgeColor(type) { + const colors = { + 'assessment': 'primary', + 'feedback': 'success', + 'achievement': 'warning', + 'ranking': 'info' + }; + return colors[type] || 'secondary'; +} + +// Advanced ranking system methods +async function loadAdvancedRankings() { + try { + const department = document.getElementById('rankingDepartment').value; + const position = document.getElementById('rankingPosition').value; + const minPoints = document.getElementById('minPoints').value; + const maxPoints = document.getElementById('maxPoints').value; + + const params = new URLSearchParams(); + if (department) params.append('department', department); + if (position) params.append('position', position); + if (minPoints) params.append('min_points', minPoints); + if (maxPoints) params.append('max_points', maxPoints); + + const response = await fetch(`/api/rankings/advanced?${params.toString()}`); + const data = await response.json(); + + renderAdvancedRankings(data); + } catch (error) { + console.error('Failed to load advanced rankings:', error); + } +} + +function renderAdvancedRankings(data) { + // Update statistics + if (data.statistics) { + document.getElementById('totalCount').textContent = data.statistics.total_count; + document.getElementById('avgPoints').textContent = data.statistics.average_points; + document.getElementById('medianPoints').textContent = data.statistics.median_points; + document.getElementById('maxPoints').textContent = data.statistics.max_points; + document.getElementById('minPoints').textContent = data.statistics.min_points; + document.getElementById('stdDev').textContent = data.statistics.standard_deviation; + + document.getElementById('rankingStats').style.display = 'block'; + } + + // Render rankings + const container = document.getElementById('rankingsList'); + + if (!data.rankings || data.rankings.length === 0) { + container.innerHTML = ` +
+ +

沒有找到符合條件的排名數據

+
+ `; + return; + } + + const rankingsHtml = data.rankings.map(ranking => ` +
+
+
+ #${ranking.rank} + ${ranking.percentile}% +
+
+
+
+
+
${ranking.employee_name}
+ ${ranking.department} - ${ranking.position} +
+
+
+ + ${ranking.tier.name} + + ${ranking.total_points} 分 +
+ + 本月: ${ranking.monthly_points} 分 + ${ranking.vs_average >= 0 ? '+' : ''}${ranking.vs_average} vs 平均 + +
+
+
+
+ `).join(''); + + container.innerHTML = rankingsHtml; +} + +function getRankBadgeColor(rank) { + if (rank === 1) return 'warning'; + if (rank <= 3) return 'success'; + if (rank <= 10) return 'info'; + return 'secondary'; +} + +// Notification system methods +async function loadNotifications() { + try { + const response = await fetch('/api/notifications'); + const data = await response.json(); + renderNotifications(data); + } catch (error) { + console.error('Failed to load notifications:', error); + } +} + +function renderNotifications(data) { + const container = document.getElementById('notificationsList'); + const badge = document.getElementById('notificationBadge'); + + // Update badge + if (data.unread_count > 0) { + badge.textContent = data.unread_count; + badge.style.display = 'block'; + } else { + badge.style.display = 'none'; + } + + // Render notifications + if (!data.notifications || data.notifications.length === 0) { + container.innerHTML = ` +
+ +

暫無通知

+
+ `; + return; + } + + const notificationsHtml = data.notifications.map(notification => ` +
  • +
    +
    + +
    +
    +
    +
    +
    ${notification.title}
    +

    ${notification.message}

    + ${formatNotificationTime(notification.created_at)} +
    + ${!notification.is_read ? '' : ''} +
    +
    +
    +
    • + `).join(''); + + container.innerHTML = notificationsHtml; +} + +async function markAllNotificationsRead() { + try { + const response = await fetch('/api/notifications/read-all', { + method: 'POST', + headers: { + 'Content-Type': 'application/json' + } + }); + + if (response.ok) { + // Reload notifications + loadNotifications(); + showToast('所有通知已標記為已讀', 'success'); + } + } catch (error) { + console.error('Failed to mark all notifications as read:', error); + } +} + +function formatNotificationTime(dateString) { + const date = new Date(dateString); + const now = new Date(); + const diffMs = now - date; + const diffMins = Math.floor(diffMs / 60000); + const diffHours = Math.floor(diffMs / 3600000); + const diffDays = Math.floor(diffMs / 86400000); + + if (diffMins < 1) return '剛剛'; + if (diffMins < 60) return `${diffMins}分鐘前`; + if (diffHours < 24) return `${diffHours}小時前`; + if (diffDays < 7) return `${diffDays}天前`; + + return date.toLocaleDateString('zh-TW'); +} + +function showToast(message, type = 'info') { + const toast = document.getElementById('toast'); + const toastMessage = document.getElementById('toastMessage'); + const toastHeader = toast.querySelector('.toast-header i'); + + toastMessage.textContent = message; + + // Update icon based on type + const icons = { + 'success': 'check-circle-fill text-success', + 'error': 'exclamation-triangle-fill text-danger', + 'warning': 'exclamation-triangle-fill text-warning', + 'info': 'info-circle-fill text-primary' + }; + + toastHeader.className = `bi ${icons[type] || icons.info} me-2`; + + const bsToast = new bootstrap.Toast(toast); + bsToast.show(); +} + +// Admin management methods +async function loadAdminData() { + try { + const response = await fetch('/api/admin/statistics'); + const data = await response.json(); + renderAdminStatistics(data); + } catch (error) { + console.error('Failed to load admin statistics:', error); + } +} + +function renderAdminStatistics(data) { + // Update overview cards + document.getElementById('adminTotalUsers').textContent = data.total_users; + document.getElementById('adminActiveUsers').textContent = data.active_users; + document.getElementById('adminTotalAssessments').textContent = data.total_assessments; + document.getElementById('adminTotalFeedbacks').textContent = data.total_feedbacks; + + // Render department stats + const deptContainer = document.getElementById('departmentStats'); + if (data.department_stats && data.department_stats.length > 0) { + const deptHtml = data.department_stats.map(dept => ` +
    + ${dept.department} + ${dept.count} +
    + `).join(''); + deptContainer.innerHTML = deptHtml; + } else { + deptContainer.innerHTML = '

    暫無部門數據

    '; + } + + // Render points stats + const pointsContainer = document.getElementById('pointsStats'); + if (data.points_stats) { + pointsContainer.innerHTML = ` +
    + 平均積分 +
    ${data.points_stats.average}
    +
    +
    + 最高積分 +
    ${data.points_stats.maximum}
    +
    +
    + 最低積分 +
    ${data.points_stats.minimum}
    +
    + `; + } else { + pointsContainer.innerHTML = '

    暫無積分數據

    '; + } +} + +async function loadAdminUsers() { + try { + const response = await fetch('/api/admin/users'); + const data = await response.json(); + renderAdminUsers(data.users); + } catch (error) { + console.error('Failed to load admin users:', error); + } +} + +function renderAdminUsers(users) { + const container = document.getElementById('usersManagement'); + + if (!users || users.length === 0) { + container.innerHTML = ` +
    + +

    暫無用戶數據

    +
    + `; + return; + } + + const usersHtml = users.map(user => ` +
    +
    +
    + +
    +
    +
    +
    +
    +
    ${user.full_name}
    + ${user.username} | ${user.email} +
    ${user.department} - ${user.position}
    +
    +
    + + ${user.is_active ? '活躍' : '停用'} + +
    + 員工編號: ${user.employee_id} +
    +
    +
    +
    +
    + `).join(''); + + container.innerHTML = usersHtml; +} + +// =================================== +// Department Capabilities Management +// =================================== + +PartnerAlignmentApp.prototype.handleDepartmentSelect = async function(e) { + const department = e.target.value; + const loadBtn = document.getElementById('loadDeptCapabilitiesBtn'); + const saveBtn = document.getElementById('saveDeptCapabilitiesBtn'); + + if (!department) { + loadBtn.disabled = true; + saveBtn.disabled = true; + document.getElementById('capabilitiesCheckboxList').innerHTML = ` +
    + +

    請先選擇部門

    +
    + `; + return; + } + + loadBtn.disabled = false; + saveBtn.disabled = false; + + // 自動載入所有能力項目供選擇 + await this.loadAllCapabilitiesForSelection(); + + // 自動載入該部門已選擇的能力項目 + await this.loadDepartmentCapabilities(); +} + +PartnerAlignmentApp.prototype.loadAllCapabilitiesForSelection = async function() { + const container = document.getElementById('capabilitiesCheckboxList'); + + try { + container.innerHTML = '
    '; + + const response = await fetch('/api/capabilities'); + const data = await response.json(); + + if (data.capabilities && data.capabilities.length > 0) { + container.innerHTML = ` +
    + + 請勾選該部門要進行評分的能力項目 +
    +
    + ${data.capabilities.map(cap => ` +
    +
    +
    +
    + + +
    +
    +
    L1: ${cap.l1_description || 'N/A'}
    +
    L2: ${cap.l2_description || 'N/A'}
    +
    L3: ${cap.l3_description || 'N/A'}
    +
    L4: ${cap.l4_description || 'N/A'}
    +
    L5: ${cap.l5_description || 'N/A'}
    +
    +
    +
    +
    + `).join('')} +
    + `; + } else { + container.innerHTML = ` +
    + + 目前沒有可用的能力項目。請先由系統管理員建立能力項目。 +
    + `; + } + } catch (error) { + console.error('載入能力項目失敗:', error); + this.showError('載入能力項目時發生錯誤'); + container.innerHTML = ` +
    + + 載入失敗,請稍後再試 +
    + `; + } +} + +PartnerAlignmentApp.prototype.loadDepartmentCapabilities = async function() { + const department = document.getElementById('deptSelect').value; + + if (!department) { + this.showError('請先選擇部門'); + return; + } + + try { + const response = await fetch(`/api/department-capabilities/${department}`); + const data = await response.json(); + + // 取消所有勾選 + document.querySelectorAll('.capability-checkbox').forEach(cb => { + cb.checked = false; + }); + + // 勾選該部門已選擇的能力項目 + if (data.capabilities && data.capabilities.length > 0) { + data.capabilities.forEach(cap => { + const checkbox = document.getElementById(`cap_${cap.id}`); + if (checkbox) { + checkbox.checked = true; + } + }); + + this.showSuccess(`已載入 ${department} 部門的能力項目設定 (${data.capabilities.length} 項)`); + } else { + this.showInfo(`${department} 部門尚未設定能力項目`); + } + } catch (error) { + console.error('載入部門能力設定失敗:', error); + this.showError('載入部門能力設定時發生錯誤'); + } +} + +PartnerAlignmentApp.prototype.saveDepartmentCapabilities = async function() { + const department = document.getElementById('deptSelect').value; + + if (!department) { + this.showError('請先選擇部門'); + return; + } + + // 收集已勾選的能力項目ID + const selectedCapabilities = []; + document.querySelectorAll('.capability-checkbox:checked').forEach(cb => { + selectedCapabilities.push(parseInt(cb.value)); + }); + + if (selectedCapabilities.length === 0) { + this.showError('請至少選擇一個能力項目'); + return; + } + + try { + const response = await fetch(`/api/department-capabilities/${department}`, { + method: 'POST', + headers: { + 'Content-Type': 'application/json' + }, + body: JSON.stringify({ + capability_ids: selectedCapabilities + }) + }); + + const data = await response.json(); + + if (response.ok) { + this.showSuccess(data.message || '儲存成功'); + } else { + this.showError(data.error || '儲存失敗'); + } + } catch (error) { + console.error('儲存部門能力設定失敗:', error); + this.showError('儲存時發生錯誤'); + } +} + +// =================================== +// Capabilities CSV Import & Management +// =================================== + +PartnerAlignmentApp.prototype.importCapabilitiesCsv = async function() { + const fileInput = document.getElementById('csvFileInput'); + const file = fileInput.files[0]; + + if (!file) { + this.showError('請選擇 CSV 檔案'); + return; + } + + const formData = new FormData(); + formData.append('file', file); + + try { + const response = await fetch('/api/capabilities/import-csv', { + method: 'POST', + body: formData + }); + + const data = await response.json(); + + if (response.ok) { + this.showSuccess(data.message); + + if (data.errors && data.errors.length > 0) { + console.warn('匯入警告:', data.errors); + alert('匯入完成,但有以下警告:\n' + data.errors.join('\n')); + } + + // 清空檔案選擇 + fileInput.value = ''; + + // 自動刷新能力項目列表 + await this.loadCapabilitiesList(); + } else { + this.showError(data.error || '匯入失敗'); + } + } catch (error) { + console.error('CSV 匯入失敗:', error); + this.showError('匯入時發生錯誤'); + } +} + +PartnerAlignmentApp.prototype.downloadCsvTemplate = function() { + // 建立 CSV 範本內容 + const csvContent = `name,l1_description,l2_description,l3_description,l4_description,l5_description +溝通能力,基本溝通,有效溝通,專業溝通,領導溝通,戰略溝通 +技術能力,基礎技術,熟練技術,專業技術,專家技術,大師技術 +領導能力,自我管理,團隊協作,團隊領導,部門領導,戰略領導`; + + // 建立 Blob 並下載 + const blob = new Blob([csvContent], { type: 'text/csv;charset=utf-8;' }); + const link = document.createElement('a'); + const url = URL.createObjectURL(blob); + + link.setAttribute('href', url); + link.setAttribute('download', 'capabilities_template.csv'); + link.style.visibility = 'hidden'; + document.body.appendChild(link); + link.click(); + document.body.removeChild(link); + + this.showSuccess('CSV 範本已下載'); +} + +PartnerAlignmentApp.prototype.loadCapabilitiesList = async function() { + const container = document.getElementById('capabilitiesList'); + + try { + container.innerHTML = '
    '; + + const response = await fetch('/api/capabilities'); + const data = await response.json(); + + if (data.capabilities && data.capabilities.length > 0) { + container.innerHTML = ` +
    + + + + + + + + + + + + + + ${data.capabilities.map(cap => ` + + + + + + + + + + `).join('')} + +
    能力名稱L1L2L3L4L5狀態
    ${cap.name}${cap.l1_description || '-'}${cap.l2_description || '-'}${cap.l3_description || '-'}${cap.l4_description || '-'}${cap.l5_description || '-'}啟用
    +
    +
    + + 共 ${data.capabilities.length} 個能力項目 +
    + `; + } else { + container.innerHTML = ` +
    + + 目前沒有能力項目。請使用 CSV 匯入功能新增。 +
    + `; + } + } catch (error) { + console.error('載入能力項目列表失敗:', error); + this.showError('載入能力項目列表時發生錯誤'); + container.innerHTML = ` +
    + + 載入失敗,請稍後再試 +
    + `; + } +} + +// Global function to fill login form with test account credentials +function fillLoginForm(username, password) { + document.getElementById('loginUsername').value = username; + document.getElementById('loginPassword').value = password; + + // Show a brief notification + const toast = document.getElementById('toast'); + const toastMessage = document.getElementById('toastMessage'); + toastMessage.textContent = `已填入 ${username} 的登入資訊`; + const bsToast = new bootstrap.Toast(toast); + bsToast.show(); +} + +// Initialize the application +const app = new PartnerAlignmentApp(); \ No newline at end of file diff --git a/static/js/assessment.js b/static/js/assessment.js new file mode 100644 index 0000000..5ae1505 --- /dev/null +++ b/static/js/assessment.js @@ -0,0 +1,386 @@ +// Assessment-specific JavaScript functionality + +// Enhanced drag and drop for assessment +class AssessmentDragDrop { + constructor() { + this.draggedElement = null; + this.initializeDragDrop(); + } + + initializeDragDrop() { + // Set up drag and drop for capability items + document.addEventListener('dragstart', (e) => { + if (e.target.classList.contains('capability-item')) { + this.handleDragStart(e); + } + }); + + document.addEventListener('dragover', (e) => { + if (e.target.closest('.drop-zone')) { + this.handleDragOver(e); + } + }); + + document.addEventListener('dragleave', (e) => { + if (e.target.closest('.drop-zone')) { + this.handleDragLeave(e); + } + }); + + document.addEventListener('drop', (e) => { + if (e.target.closest('.drop-zone')) { + this.handleDrop(e); + } + }); + + document.addEventListener('dragend', (e) => { + if (e.target.classList.contains('capability-item')) { + this.handleDragEnd(e); + } + }); + } + + handleDragStart(e) { + this.draggedElement = e.target; + e.target.classList.add('dragging'); + e.dataTransfer.effectAllowed = 'move'; + e.dataTransfer.setData('text/html', e.target.outerHTML); + e.dataTransfer.setData('text/plain', e.target.dataset.capabilityId); + } + + handleDragOver(e) { + e.preventDefault(); + e.dataTransfer.dropEffect = 'move'; + const dropZone = e.target.closest('.drop-zone'); + if (dropZone) { + dropZone.classList.add('drag-over'); + } + } + + handleDragLeave(e) { + const dropZone = e.target.closest('.drop-zone'); + if (dropZone && !dropZone.contains(e.relatedTarget)) { + dropZone.classList.remove('drag-over'); + } + } + + handleDrop(e) { + e.preventDefault(); + const dropZone = e.target.closest('.drop-zone'); + if (dropZone) { + dropZone.classList.remove('drag-over'); + + if (this.draggedElement) { + this.moveCapability(this.draggedElement, dropZone); + } + } + } + + handleDragEnd(e) { + e.target.classList.remove('dragging'); + this.draggedElement = null; + } + + moveCapability(capabilityElement, targetDropZone) { + // Remove from original position + capabilityElement.remove(); + + // Create new element in target drop zone + const newElement = this.createCapabilityElement(capabilityElement); + + // Clear target drop zone and add new element + targetDropZone.innerHTML = ''; + targetDropZone.appendChild(newElement); + targetDropZone.classList.add('has-items'); + + // Update visual state + this.updateDropZoneState(targetDropZone); + } + + createCapabilityElement(originalElement) { + const newElement = document.createElement('div'); + newElement.className = 'capability-item'; + newElement.draggable = true; + newElement.dataset.capabilityId = originalElement.dataset.capabilityId; + newElement.dataset.capabilityName = originalElement.dataset.capabilityName; + newElement.textContent = originalElement.dataset.capabilityName; + + // Add click to remove functionality + newElement.addEventListener('dblclick', () => { + this.removeCapabilityFromLevel(newElement); + }); + + return newElement; + } + + removeCapabilityFromLevel(capabilityElement) { + const dropZone = capabilityElement.closest('.drop-zone'); + if (dropZone) { + // Return to available capabilities + this.returnToAvailable(capabilityElement); + + // Update drop zone state + this.updateDropZoneState(dropZone); + } + } + + returnToAvailable(capabilityElement) { + const availableContainer = document.getElementById('available-capabilities'); + if (availableContainer) { + const newElement = this.createCapabilityElement(capabilityElement); + availableContainer.appendChild(newElement); + } + } + + updateDropZoneState(dropZone) { + const hasItems = dropZone.querySelector('.capability-item'); + + if (hasItems) { + dropZone.classList.add('has-items'); + dropZone.classList.remove('empty'); + } else { + dropZone.classList.remove('has-items'); + dropZone.classList.add('empty'); + dropZone.innerHTML = '
    拖放能力到此處
    '; + } + } +} + +// Capability management +class CapabilityManager { + constructor() { + this.capabilities = []; + this.loadCapabilities(); + } + + async loadCapabilities() { + try { + const response = await fetch('/api/capabilities'); + const data = await response.json(); + this.capabilities = data.capabilities; + this.displayCapabilities(); + } catch (error) { + console.error('Failed to load capabilities:', error); + this.showError('載入能力清單失敗'); + } + } + + displayCapabilities() { + const container = document.getElementById('available-capabilities'); + if (!container) return; + + container.innerHTML = ''; + + this.capabilities.forEach(capability => { + const capabilityElement = this.createCapabilityElement(capability); + container.appendChild(capabilityElement); + }); + } + + createCapabilityElement(capability) { + const element = document.createElement('div'); + element.className = 'capability-item'; + element.draggable = true; + element.dataset.capabilityId = capability.id; + element.dataset.capabilityName = capability.name; + element.textContent = capability.name; + + // Add tooltip with description + element.title = this.getCapabilityDescription(capability); + + return element; + } + + getCapabilityDescription(capability) { + const descriptions = [ + capability.l1_description, + capability.l2_description, + capability.l3_description, + capability.l4_description, + capability.l5_description + ].filter(desc => desc && desc.trim()); + + return descriptions.join('\n\n'); + } + + showError(message) { + // You can implement a more sophisticated error display here + console.error(message); + } +} + +// Assessment form validation and submission +class AssessmentForm { + constructor() { + this.form = document.getElementById('assessment-form'); + this.initializeForm(); + } + + initializeForm() { + if (this.form) { + this.form.addEventListener('submit', (e) => { + e.preventDefault(); + this.handleSubmit(); + }); + } + } + + async handleSubmit() { + if (!this.validateForm()) { + return; + } + + const assessmentData = this.collectAssessmentData(); + + try { + this.showLoading(true); + + const response = await fetch('/api/assessments', { + method: 'POST', + headers: { + 'Content-Type': 'application/json' + }, + body: JSON.stringify(assessmentData) + }); + + if (!response.ok) { + throw new Error(`HTTP error! status: ${response.status}`); + } + + const result = await response.json(); + this.showSuccess(result.message); + this.clearForm(); + + } catch (error) { + console.error('Assessment submission failed:', error); + this.showError('評估提交失敗: ' + error.message); + } finally { + this.showLoading(false); + } + } + + validateForm() { + const department = document.getElementById('department').value.trim(); + const position = document.getElementById('position').value.trim(); + + if (!department) { + this.showError('請填寫部門'); + return false; + } + + if (!position) { + this.showError('請填寫職位'); + return false; + } + + // Check if at least one capability is assigned + const hasAssignedCapabilities = this.hasAssignedCapabilities(); + if (!hasAssignedCapabilities) { + this.showError('請至少分配一個能力到某個等級'); + return false; + } + + return true; + } + + hasAssignedCapabilities() { + const levels = ['L1', 'L2', 'L3', 'L4', 'L5']; + + for (let level of levels) { + const dropZone = document.getElementById(`level-${level.toLowerCase()}`); + if (dropZone && dropZone.querySelector('.capability-item')) { + return true; + } + } + + return false; + } + + collectAssessmentData() { + const formData = new FormData(this.form); + const assessmentData = { + department: formData.get('department'), + position: formData.get('position'), + employee_name: formData.get('employee_name') || null, + assessment_data: {} + }; + + // Collect capability assignments + const levels = ['L1', 'L2', 'L3', 'L4', 'L5']; + + levels.forEach(level => { + const dropZone = document.getElementById(`level-${level.toLowerCase()}`); + const capabilityItems = dropZone.querySelectorAll('.capability-item'); + assessmentData.assessment_data[level] = Array.from(capabilityItems).map(item => item.dataset.capabilityName); + }); + + return assessmentData; + } + + clearForm() { + this.form.reset(); + + // Clear all drop zones + const levels = ['L1', 'L2', 'L3', 'L4', 'L5']; + levels.forEach(level => { + const dropZone = document.getElementById(`level-${level.toLowerCase()}`); + if (dropZone) { + dropZone.innerHTML = '
    拖放能力到此處
    '; + dropZone.classList.remove('has-items'); + } + }); + + // Reload capabilities + if (window.capabilityManager) { + window.capabilityManager.loadCapabilities(); + } + } + + showLoading(show) { + const submitButton = this.form.querySelector('button[type="submit"]'); + if (submitButton) { + if (show) { + submitButton.disabled = true; + submitButton.innerHTML = ' 儲存中...'; + } else { + submitButton.disabled = false; + submitButton.innerHTML = '儲存評估'; + } + } + } + + showSuccess(message) { + // You can implement a more sophisticated success display here + console.log('Success:', message); + if (window.showSuccess) { + window.showSuccess(message); + } + } + + showError(message) { + // You can implement a more sophisticated error display here + console.error('Error:', message); + if (window.showError) { + window.showError(message); + } + } +} + +// Initialize assessment functionality when DOM is loaded +document.addEventListener('DOMContentLoaded', function() { + // Initialize drag and drop + window.assessmentDragDrop = new AssessmentDragDrop(); + + // Initialize capability manager + window.capabilityManager = new CapabilityManager(); + + // Initialize assessment form + window.assessmentForm = new AssessmentForm(); +}); + +// Global function for clearing assessment (called from HTML) +function clearAssessment() { + if (window.assessmentForm) { + window.assessmentForm.clearForm(); + } +} diff --git a/templates/index.html b/templates/index.html new file mode 100644 index 0000000..7ac484e --- /dev/null +++ b/templates/index.html @@ -0,0 +1,925 @@ + + + + + + 夥伴對齊系統 - Partner Alignment System + + + + + + + + + + + + + + + +
    + +
    +
    +
    + +

    請先登入

    +

    您需要登入才能使用系統功能

    + +
    +
    +
    + + + + + + + + + + + + + + + +
    + + + + + +
    + +
    + + + + + + \ No newline at end of file