-
Replace every hardcoded English string across all 35 SPA page files with useT() calls backed by message keys in messages.ts. Both en-US and zh-CN translations are provided for every key (~200 new keys). Pages updated: DashboardPage, LoginPage, FormDesignerPage, ListViewDesignerPage, MetadataAdminPage, SalesOrderDetailPage, PurchaseOrderDetailPage, WorkOrderDetailPage, ShopFloorPage, UserTasksPage, TaskDetailPage, UserDetailPage, all Create* pages, all Edit* pages, and all list pages (Items, Partners, Locations, Balances, Movements, SalesOrders, PurchaseOrders, WorkOrders, Users, Roles, Accounts, JournalEntries, UoMs, AdjustStock).
-
Closes the R2 gap: an admin can now manage users and roles entirely from the SPA without touching curl or Swagger UI. Backend (pbc-identity): - New RoleService with createRole, assignRole, revokeRole, findUserRoleCodes, listRoles. Each method validates existence + idempotency (duplicate assignment rejected, missing role rejected). - New RoleController at /api/v1/identity/roles (CRUD) + /api/v1/identity/users/{userId}/roles/{roleCode} (POST assign, DELETE revoke). All permission-gated: identity.role.read, identity.role.create, identity.role.assign. - identity.yml updated: added identity.role.create permission. SPA (web/): - UsersPage — list with username link to detail, "+ New User" - CreateUserPage — username, display name, email form - UserDetailPage — shows user info + role toggle list. Each role has an Assign/Revoke button that takes effect on the user's next login (JWT carries roles from login time). - RolesPage — list with inline create form (code + name) - Sidebar gains "System" section with Users + Roles links - API client + types: identity.listUsers, getUser, createUser, listRoles, createRole, getUserRoles, assignRole, revokeRole Infrastructure: - SpaController: added /users/** and /roles/** forwarding - SecurityConfiguration: added /users/** and /roles/** to the SPA permitAll block
