refactor: RBAC权限系统重构 + UI组件拆分 + 测试修复 + 架构文档

- RBAC: 新增30个权限点、DataScope行级权限、requirePermission守卫，所有57+ Server Action接入权限校验
- UI拆分: exam-form(1623行→11文件)、textbook-reader(744行→7文件)，均降至300行以内
- 测试: 新增5个单元测试文件(19用例)，修复4个集成测试文件(38用例全部通过)
- 架构文档: 新增架构影响地图(004/005)、标准功能清单(006)、差距审计报告(007)
- 项目规则: 架构图优先规则，改码必同步图
- 安全: rehype-sanitize净化、AES加密API Key、权限路由守卫
- 无障碍: skip-link、aria-label、prefers-reduced-motion
- 性能: next/font优化、next/image、代码分割

src/modules/dashboard/data-access.ts

@@ -1,7 +1,7 @@
 import "server-only"
 
 import { cache } from "react"
-import { count, desc, eq, gt, inArray } from "drizzle-orm"
+import { count, desc, eq, gt, inArray, and } from "drizzle-orm"
 
 import { db } from "@/shared/db"
 import {
@@ -18,10 +18,61 @@ import {
   usersToRoles,
 } from "@/shared/db/schema"
 import type { AdminDashboardData } from "./types"
+import type { DataScope } from "@/shared/types/permissions"
 
-export const getAdminDashboardData = cache(async (): Promise<AdminDashboardData> => {
+export const getAdminDashboardData = cache(async (scope?: DataScope): Promise<AdminDashboardData> => {
   const now = new Date()
 
+  // Build scope-based conditions for exams
+  const examConditions = []
+  const homeworkConditions = []
+  const submissionConditions = []
+
+  if (scope && scope.type !== "all") {
+    if (scope.type === "owned") {
+      examConditions.push(eq(exams.creatorId, scope.userId))
+      homeworkConditions.push(eq(homeworkAssignments.creatorId, scope.userId))
+      const ownedAssignmentIds = db
+        .select({ id: homeworkAssignments.id })
+        .from(homeworkAssignments)
+        .where(eq(homeworkAssignments.creatorId, scope.userId))
+      submissionConditions.push(inArray(homeworkSubmissions.assignmentId, ownedAssignmentIds))
+    }
+    if (scope.type === "grade_managed" && scope.gradeIds.length > 0) {
+      examConditions.push(inArray(exams.gradeId, scope.gradeIds))
+      const gradeExamIds = db
+        .select({ id: exams.id })
+        .from(exams)
+        .where(inArray(exams.gradeId, scope.gradeIds))
+      homeworkConditions.push(inArray(homeworkAssignments.sourceExamId, gradeExamIds))
+      const gradeAssignmentIds = db
+        .select({ id: homeworkAssignments.id })
+        .from(homeworkAssignments)
+        .where(inArray(homeworkAssignments.sourceExamId, gradeExamIds))
+      submissionConditions.push(inArray(homeworkSubmissions.assignmentId, gradeAssignmentIds))
+    }
+    if (scope.type === "class_taught" && scope.classIds.length > 0) {
+      const teacherGradeIds = await db
+        .selectDistinct({ gradeId: classes.gradeId })
+        .from(classes)
+        .where(inArray(classes.id, scope.classIds))
+      const gradeIds = teacherGradeIds.map(g => g.gradeId).filter(Boolean) as string[]
+      if (gradeIds.length > 0) {
+        examConditions.push(inArray(exams.gradeId, gradeIds))
+        const gradeExamIds = db
+          .select({ id: exams.id })
+          .from(exams)
+          .where(inArray(exams.gradeId, gradeIds))
+        homeworkConditions.push(inArray(homeworkAssignments.sourceExamId, gradeExamIds))
+        const gradeAssignmentIds = db
+          .select({ id: homeworkAssignments.id })
+          .from(homeworkAssignments)
+          .where(inArray(homeworkAssignments.sourceExamId, gradeExamIds))
+        submissionConditions.push(inArray(homeworkSubmissions.assignmentId, gradeAssignmentIds))
+      }
+    }
+  }
+
   const [
     activeSessionsRow,
     userCountRow,
@@ -48,11 +99,19 @@ export const getAdminDashboardData = cache(async (): Promise<AdminDashboardData>
     db.select({ value: count() }).from(textbooks),
     db.select({ value: count() }).from(chapters),
     db.select({ value: count() }).from(questions),
-    db.select({ value: count() }).from(exams),
-    db.select({ value: count() }).from(homeworkAssignments),
-    db.select({ value: count() }).from(homeworkAssignments).where(eq(homeworkAssignments.status, "published")),
-    db.select({ value: count() }).from(homeworkSubmissions),
-    db.select({ value: count() }).from(homeworkSubmissions).where(eq(homeworkSubmissions.status, "submitted")),
+    db.select({ value: count() }).from(exams).where(examConditions.length ? and(...examConditions) : undefined),
+    db.select({ value: count() }).from(homeworkAssignments).where(homeworkConditions.length ? and(...homeworkConditions) : undefined),
+    db.select({ value: count() }).from(homeworkAssignments).where(
+      homeworkConditions.length
+        ? and(eq(homeworkAssignments.status, "published"), ...homeworkConditions)
+        : eq(homeworkAssignments.status, "published")
+    ),
+    db.select({ value: count() }).from(homeworkSubmissions).where(submissionConditions.length ? and(...submissionConditions) : undefined),
+    db.select({ value: count() }).from(homeworkSubmissions).where(
+      submissionConditions.length
+        ? and(eq(homeworkSubmissions.status, "submitted"), ...submissionConditions)
+        : eq(homeworkSubmissions.status, "submitted")
+    ),
     db
       .select({
         id: users.id,