feat: add useradmin role -运营管理员权限，支持管理用户/订单/风控等

backend/internal/domain/constants.go

@@ -13,7 +13,8 @@ const (
 // Role constants
 const (
 	RoleAdmin = "admin"
-	RoleUser  = "user"
+	RoleUser     = "user"
+	RoleUserAdmin = "useradmin"
 )
 
 // Platform constants

backend/internal/server/middleware/admin_only.go

@@ -16,7 +16,7 @@ func AdminOnly() gin.HandlerFunc {
 			return
 		}
 
-		// 检查是否为管理员
+		// 检查是否为超级管理员（admin）
 		if role != service.RoleAdmin {
 			AbortWithError(c, 403, "FORBIDDEN", "Admin access required")
 			return

backend/internal/service/domain_constants.go

@@ -14,8 +14,9 @@ const (
 
 // Role constants
 const (
-	RoleAdmin = domain.RoleAdmin
-	RoleUser  = domain.RoleUser
+	RoleAdmin     = domain.RoleAdmin
+	RoleUser      = domain.RoleUser
+	RoleUserAdmin = domain.RoleUserAdmin
 )
 
 // Affiliate rebate settings

backend/internal/service/user.go

@@ -63,7 +63,7 @@ type User struct {
 }
 
 func (u *User) IsAdmin() bool {
-	return u.Role == RoleAdmin
+	return u.Role == RoleAdmin || u.Role == RoleUserAdmin
 }
 
 func (u *User) IsActive() bool {

frontend/src/router/index.ts

@@ -765,8 +765,8 @@ router.beforeEach((to, _from, next) => {
     return
   }
 
-  // Check admin requirement
-  if (requiresAdmin && !authStore.isAdmin) {
+  // Check admin requirement (requires admin role, not useradmin)
+  if (requiresAdmin && !authStore.isSuperAdmin) {
     // User is authenticated but not admin, redirect to user dashboard
     next('/dashboard')
     return

frontend/src/stores/auth.ts

@@ -87,6 +87,10 @@ export const useAuthStore = defineStore('auth', () => {
   })
 
   const isAdmin = computed(() => {
+    return user.value?.role === 'admin' || user.value?.role === 'useradmin'
+  })
+
+  const isSuperAdmin = computed(() => {
     return user.value?.role === 'admin'
   })
 
@@ -476,6 +480,7 @@ export const useAuthStore = defineStore('auth', () => {
     // Computed
     isAuthenticated,
     isAdmin,
+  isSuperAdmin,
     isSimpleMode,
     hasPendingAuthSession,