fix: 操作日志详细记录权限变更

- 修改用户权限时记录旧角色→新角色（中文）和用户名
- 日志显示"查看者 → 高级编辑"格式
- 商业认证日志显示商户名

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

backend/main.py

@@ -1094,6 +1094,9 @@ def delete_user(user_id: int, user=Depends(require_role("admin"))):
 @app.put("/api/users/{user_id}")
 def update_user(user_id: int, body: UserUpdate, user=Depends(require_role("admin"))):
     conn = get_db()
+    target = conn.execute("SELECT role, display_name, username FROM users WHERE id = ?", (user_id,)).fetchone()
+    old_role = target["role"] if target else "unknown"
+    target_name = (target["display_name"] or target["username"]) if target else "unknown"
     if body.role is not None:
         if body.role == "admin":
             conn.close()
@@ -1101,8 +1104,15 @@ def update_user(user_id: int, body: UserUpdate, user=Depends(require_role("admin
         conn.execute("UPDATE users SET role = ?, role_changed_at = datetime('now') WHERE id = ?", (body.role, user_id))
     if body.display_name is not None:
         conn.execute("UPDATE users SET display_name = ? WHERE id = ?", (body.display_name, user_id))
-    log_audit(conn, user["id"], "update_user", "user", user_id, None,
-              json.dumps({"role": body.role, "display_name": body.display_name}))
+    role_labels = {"admin": "管理员", "senior_editor": "高级编辑", "editor": "编辑", "viewer": "查看者"}
+    detail = {}
+    if body.role is not None and body.role != old_role:
+        detail["from_role"] = role_labels.get(old_role, old_role)
+        detail["to_role"] = role_labels.get(body.role, body.role)
+    if body.display_name is not None:
+        detail["display_name"] = body.display_name
+    log_audit(conn, user["id"], "update_user", "user", user_id, target_name,
+              json.dumps(detail, ensure_ascii=False))
     conn.commit()
     conn.close()
     return {"ok": True}