## ADDED Requirements ### Requirement: Device Enterprise Authorization Filters The device management page SHALL support filtering devices by effective enterprise authorization. #### Scenario: Filter devices by authorized enterprise ID - **GIVEN** 用户在设备管理搜索栏选择或输入企业 ID - **WHEN** 用户执行搜索 - **THEN** 系统 MUST send `authorized_enterprise_id` to the device list API - **AND** the list MUST only show devices currently authorized to that enterprise according to the backend response #### Scenario: Filter devices by enterprise authorization status - **GIVEN** 用户在设备管理搜索栏选择企业授权状态 - **WHEN** 用户选择“已授权”并搜索 - **THEN** 系统 MUST send `is_authorized_to_enterprise=true` - **WHEN** 用户选择“未授权”并搜索 - **THEN** 系统 MUST send `is_authorized_to_enterprise=false` - **AND** clearing the filter MUST omit `is_authorized_to_enterprise` from the request ### Requirement: Device Enterprise Authorization Actions The device management page SHALL provide enterprise device authorization actions directly in the table header before the export button. #### Scenario: Show permission-controlled device authorization buttons - **GIVEN** 用户访问设备管理页面 - **WHEN** the table header renders - **THEN** the “授权设备给企业” button MUST appear to the left of the “导出” button only when the user has permission `devices:authorize_enterprise` - **AND** the “撤销设备授权” button MUST appear to the left of the “导出” button only when the user has permission `devices:recall_enterprise_authorization` #### Scenario: Authorize selected devices to an enterprise - **GIVEN** 用户在设备管理列表选中了设备 - **WHEN** 用户点击“授权设备给企业”并选择目标企业 - **AND** 用户选择 `list` 选取方式 - **THEN** 系统 MUST call `POST /api/admin/enterprises/{id}/allocate-devices` - **AND** the request body MUST include `selection_type: 'list'` - **AND** the request body MUST include selected row device identifiers as `device_nos` - **AND** identifiers MUST come from list response fields such as `virtual_no` when available - **AND** the UI MUST display success count, fail count, authorized devices, and failed item reasons from the response - **AND** the device list MUST refresh after any successful authorization #### Scenario: Authorize devices by filters - **GIVEN** 用户打开“授权设备给企业” dialog - **WHEN** 用户选择 `filter` 选取方式并确认 - **THEN** 系统 MUST call `POST /api/admin/enterprises/{id}/allocate-devices` - **AND** the request body MUST include `selection_type: 'filter'` - **AND** filter fields MUST be populated from the dialog filter form or current list filters when applicable, including available values such as `batch_no`, `shop_id`, and `virtual_no` - **AND** empty filter fields MUST be omitted #### Scenario: Authorize devices filter selects shop from cascade tree - **GIVEN** 用户在“授权设备给企业” dialog 中选择 `filter` 选取方式 - **WHEN** the shop filter field renders - **THEN** the field MUST use the same lazy cascade tree pattern as the “上级店铺” field in the add-shop dialog - **AND** it MUST load children through `ShopService.getShopsCascade({ parent_id })` - **AND** it MUST allow selecting any level with `checkStrictly: true` - **AND** when submitted, the request MUST use the last selected cascade node ID as `shop_id` - **AND** clearing the cascade field MUST omit `shop_id` #### Scenario: Recall selected device authorization - **GIVEN** 用户在设备管理列表选中了 currently enterprise-authorized devices - **WHEN** 用户点击“撤销设备授权” - **THEN** the UI MUST require a source enterprise ID unless it can safely infer one from `authorized_enterprise_id` or selected row data returned by the list API - **WHEN** 用户 confirms `list` recall - **THEN** 系统 MUST call `POST /api/admin/enterprises/{id}/recall-devices` - **AND** the request body MUST include `selection_type: 'list'` and selected row device identifiers as `device_nos` - **AND** the UI MUST display success count, fail count, and failed item reasons - **AND** the device list MUST refresh after any successful recall #### Scenario: Recall device authorization by filters - **GIVEN** 用户打开“撤销设备授权” dialog - **WHEN** 用户选择 `filter` selection mode and confirms - **THEN** 系统 MUST call `POST /api/admin/enterprises/{id}/recall-devices` - **AND** the request body MUST include `selection_type: 'filter'` - **AND** filter fields MUST follow the contract in `docs/授权、回收.md`, including available values such as `batch_no` and `virtual_no` - **AND** empty filter fields MUST be omitted