feat(config): add system configuration module (Phase 3)

Implement the complete erp-config crate with: - Data dictionaries (CRUD + items management) - Dynamic menus (tree structure with role filtering) - System settings (hierarchical: platform > tenant > org > user) - Numbering rules (concurrency-safe via PostgreSQL advisory_lock) - Theme and language configuration (via settings store) - 6 database migrations (dictionaries, menus, settings, numbering_rules) - Frontend Settings page with 5 tabs (dictionary, menu, numbering, settings, theme) Refactor: move RBAC functions (require_permission) from erp-auth to erp-core to avoid cross-module dependencies. Add 20 new seed permissions for config module operations.
2026-04-11 08:09:19 +08:00
parent 8a012f6c6a
commit 0baaf5f7ee
55 changed files with 5295 additions and 12 deletions
--- a/crates/erp-config/src/handler/dictionary_handler.rs
+++ b/crates/erp-config/src/handler/dictionary_handler.rs
@@ -0,0 +1,163 @@
+use axum::Extension;
+use axum::extract::{FromRef, Path, Query, State};
+use axum::response::Json;
+use validator::Validate;
+
+use erp_core::error::AppError;
+use erp_core::rbac::require_permission;
+use erp_core::types::{ApiResponse, PaginatedResponse, Pagination, TenantContext};
+use uuid::Uuid;
+
+use crate::config_state::ConfigState;
+use crate::dto::{
+    CreateDictionaryReq, DictionaryItemResp, DictionaryResp, UpdateDictionaryReq,
+};
+use crate::service::dictionary_service::DictionaryService;
+
+/// GET /api/v1/dictionaries
+///
+/// 分页查询当前租户下的字典列表。
+/// 每个字典包含其关联的字典项。
+/// 需要 `dictionary.list` 权限。
+pub async fn list_dictionaries<S>(
+    State(state): State<ConfigState>,
+    Extension(ctx): Extension<TenantContext>,
+    Query(pagination): Query<Pagination>,
+) -> Result<Json<ApiResponse<PaginatedResponse<DictionaryResp>>>, AppError>
+where
+    ConfigState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "dictionary.list")?;
+
+    let (dictionaries, total) =
+        DictionaryService::list(ctx.tenant_id, &pagination, &state.db).await?;
+
+    let page = pagination.page.unwrap_or(1);
+    let page_size = pagination.limit();
+    let total_pages = (total + page_size - 1) / page_size;
+
+    Ok(Json(ApiResponse::ok(PaginatedResponse {
+        data: dictionaries,
+        total,
+        page,
+        page_size,
+        total_pages,
+    })))
+}
+
+/// POST /api/v1/dictionaries
+///
+/// 在当前租户下创建新字典。
+/// 字典编码在租户内必须唯一。
+/// 需要 `dictionary.create` 权限。
+pub async fn create_dictionary<S>(
+    State(state): State<ConfigState>,
+    Extension(ctx): Extension<TenantContext>,
+    Json(req): Json<CreateDictionaryReq>,
+) -> Result<Json<ApiResponse<DictionaryResp>>, AppError>
+where
+    ConfigState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "dictionary.create")?;
+
+    req.validate()
+        .map_err(|e| AppError::Validation(e.to_string()))?;
+
+    let dictionary = DictionaryService::create(
+        ctx.tenant_id,
+        ctx.user_id,
+        &req.name,
+        &req.code,
+        &req.description,
+        &state.db,
+        &state.event_bus,
+    )
+    .await?;
+
+    Ok(Json(ApiResponse::ok(dictionary)))
+}
+
+/// PUT /api/v1/dictionaries/:id
+///
+/// 更新字典的可编辑字段（名称、描述）。
+/// 编码创建后不可更改。
+/// 需要 `dictionary.update` 权限。
+pub async fn update_dictionary<S>(
+    State(state): State<ConfigState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<Uuid>,
+    Json(req): Json<UpdateDictionaryReq>,
+) -> Result<Json<ApiResponse<DictionaryResp>>, AppError>
+where
+    ConfigState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "dictionary.update")?;
+
+    let dictionary = DictionaryService::update(
+        id,
+        ctx.tenant_id,
+        ctx.user_id,
+        &req.name,
+        &req.description,
+        &state.db,
+    )
+    .await?;
+
+    Ok(Json(ApiResponse::ok(dictionary)))
+}
+
+/// DELETE /api/v1/dictionaries/:id
+///
+/// 软删除字典，设置 deleted_at 时间戳。
+/// 需要 `dictionary.delete` 权限。
+pub async fn delete_dictionary<S>(
+    State(state): State<ConfigState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<Uuid>,
+) -> Result<Json<ApiResponse<()>>, AppError>
+where
+    ConfigState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "dictionary.delete")?;
+
+    DictionaryService::delete(id, ctx.tenant_id, ctx.user_id, &state.db, &state.event_bus)
+        .await?;
+
+    Ok(Json(ApiResponse {
+        success: true,
+        data: None,
+        message: Some("字典已删除".to_string()),
+    }))
+}
+
+/// GET /api/v1/dictionaries/items-by-code?code=xxx
+///
+/// 根据字典编码查询所有字典项。
+/// 用于前端下拉框和枚举值查找。
+/// 需要 `dictionary.list` 权限。
+pub async fn list_items_by_code<S>(
+    State(state): State<ConfigState>,
+    Extension(ctx): Extension<TenantContext>,
+    Query(query): Query<ItemsByCodeQuery>,
+) -> Result<Json<ApiResponse<Vec<DictionaryItemResp>>>, AppError>
+where
+    ConfigState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "dictionary.list")?;
+
+    let items =
+        DictionaryService::list_items_by_code(&query.code, ctx.tenant_id, &state.db).await?;
+
+    Ok(Json(ApiResponse::ok(items)))
+}
+
+/// 按编码查询字典项的查询参数。
+#[derive(Debug, serde::Deserialize)]
+pub struct ItemsByCodeQuery {
+    pub code: String,
+}
--- a/crates/erp-config/src/handler/language_handler.rs
+++ b/crates/erp-config/src/handler/language_handler.rs
@@ -0,0 +1,101 @@
+use axum::Extension;
+use axum::extract::{FromRef, Json, Path, State};
+use axum::response::Json as JsonResponse;
+
+use erp_core::error::AppError;
+use erp_core::rbac::require_permission;
+use erp_core::types::{ApiResponse, Pagination, TenantContext};
+
+use crate::config_state::ConfigState;
+use crate::dto::{LanguageResp, UpdateLanguageReq};
+use crate::service::setting_service::SettingService;
+
+/// GET /api/v1/languages
+///
+/// 获取当前租户的语言配置列表。
+/// 查询 scope 为 "platform" 的设置，过滤 key 以 "language." 开头的记录。
+/// 需要 `language.list` 权限。
+pub async fn list_languages<S>(
+    State(state): State<ConfigState>,
+    Extension(ctx): Extension<TenantContext>,
+) -> Result<JsonResponse<ApiResponse<Vec<LanguageResp>>>, AppError>
+where
+    ConfigState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "language.list")?;
+
+    let pagination = Pagination {
+        page: Some(1),
+        page_size: Some(100),
+    };
+
+    let (settings, _total) = SettingService::list_by_scope(
+        "platform",
+        &None,
+        ctx.tenant_id,
+        &pagination,
+        &state.db,
+    )
+    .await?;
+
+    let languages: Vec<LanguageResp> = settings
+        .into_iter()
+        .filter(|s| s.setting_key.starts_with("language."))
+        .filter_map(|s| {
+            let code = s.setting_key.strip_prefix("language.")?.to_string();
+            let name = code.clone(); // 默认使用 code 作为名称
+            let is_active = s
+                .setting_value
+                .get("is_active")
+                .and_then(|v| v.as_bool())
+                .unwrap_or(true);
+            Some(LanguageResp {
+                code,
+                name,
+                is_active,
+            })
+        })
+        .collect();
+
+    Ok(JsonResponse(ApiResponse::ok(languages)))
+}
+
+/// PUT /api/v1/languages/:code
+///
+/// 更新指定语言配置的激活状态。
+/// 语言配置存储在 settings 表中，key 为 "language.{code}"，scope 为 "platform"。
+/// 需要 `language.update` 权限。
+pub async fn update_language<S>(
+    State(state): State<ConfigState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(code): Path<String>,
+    Json(req): Json<UpdateLanguageReq>,
+) -> Result<JsonResponse<ApiResponse<LanguageResp>>, AppError>
+where
+    ConfigState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "language.update")?;
+
+    let key = format!("language.{}", code);
+    let value = serde_json::json!({"is_active": req.is_active});
+
+    SettingService::set(
+        &key,
+        "platform",
+        &None,
+        value,
+        ctx.tenant_id,
+        ctx.user_id,
+        &state.db,
+        &state.event_bus,
+    )
+    .await?;
+
+    Ok(JsonResponse(ApiResponse::ok(LanguageResp {
+        code,
+        name: String::new(),
+        is_active: req.is_active,
+    })))
+}
--- a/crates/erp-config/src/handler/menu_handler.rs
+++ b/crates/erp-config/src/handler/menu_handler.rs
@@ -0,0 +1,104 @@
+use axum::Extension;
+use axum::extract::{FromRef, Json, State};
+use axum::response::Json as JsonResponse;
+use validator::Validate;
+
+use erp_core::error::AppError;
+use erp_core::rbac::require_permission;
+use erp_core::types::{ApiResponse, TenantContext};
+use uuid::Uuid;
+
+use crate::config_state::ConfigState;
+use crate::dto::{BatchSaveMenusReq, CreateMenuReq, MenuResp};
+use crate::service::menu_service::MenuService;
+
+/// GET /api/v1/menus
+///
+/// 获取当前租户下当前用户角色可见的菜单树。
+/// 根据用户关联的角色过滤菜单可见性。
+/// 需要 `menu.list` 权限。
+pub async fn get_menus<S>(
+    State(state): State<ConfigState>,
+    Extension(ctx): Extension<TenantContext>,
+) -> Result<JsonResponse<ApiResponse<Vec<MenuResp>>>, AppError>
+where
+    ConfigState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "menu.list")?;
+
+    let role_ids: Vec<Uuid> = ctx
+        .roles
+        .iter()
+        .filter_map(|r| Uuid::parse_str(r).ok())
+        .collect();
+
+    let menus = MenuService::get_menu_tree(ctx.tenant_id, &role_ids, &state.db).await?;
+
+    Ok(JsonResponse(ApiResponse::ok(menus)))
+}
+
+/// PUT /api/v1/menus/batch
+///
+/// 批量保存菜单列表。
+/// 对每个菜单项：有 id 的执行更新，没有 id 的执行创建。
+/// 需要 `menu.update` 权限。
+pub async fn batch_save_menus<S>(
+    State(state): State<ConfigState>,
+    Extension(ctx): Extension<TenantContext>,
+    Json(req): Json<BatchSaveMenusReq>,
+) -> Result<JsonResponse<ApiResponse<()>>, AppError>
+where
+    ConfigState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "menu.update")?;
+
+    req.validate()
+        .map_err(|e| AppError::Validation(e.to_string()))?;
+
+    for item in &req.menus {
+        match item.id {
+            Some(id) => {
+                let update_req = crate::dto::UpdateMenuReq {
+                    title: Some(item.title.clone()),
+                    path: item.path.clone(),
+                    icon: item.icon.clone(),
+                    sort_order: item.sort_order,
+                    visible: item.visible,
+                    permission: item.permission.clone(),
+                    role_ids: item.role_ids.clone(),
+                };
+                MenuService::update(id, ctx.tenant_id, ctx.user_id, &update_req, &state.db)
+                    .await?;
+            }
+            None => {
+                let create_req = CreateMenuReq {
+                    parent_id: item.parent_id,
+                    title: item.title.clone(),
+                    path: item.path.clone(),
+                    icon: item.icon.clone(),
+                    sort_order: item.sort_order,
+                    visible: item.visible,
+                    menu_type: item.menu_type.clone(),
+                    permission: item.permission.clone(),
+                    role_ids: item.role_ids.clone(),
+                };
+                MenuService::create(
+                    ctx.tenant_id,
+                    ctx.user_id,
+                    &create_req,
+                    &state.db,
+                    &state.event_bus,
+                )
+                .await?;
+            }
+        }
+    }
+
+    Ok(JsonResponse(ApiResponse {
+        success: true,
+        data: None,
+        message: Some("菜单批量保存成功".to_string()),
+    }))
+}
--- a/crates/erp-config/src/handler/mod.rs
+++ b/crates/erp-config/src/handler/mod.rs
@@ -0,0 +1,6 @@
+pub mod dictionary_handler;
+pub mod language_handler;
+pub mod menu_handler;
+pub mod numbering_handler;
+pub mod setting_handler;
+pub mod theme_handler;
--- a/crates/erp-config/src/handler/numbering_handler.rs
+++ b/crates/erp-config/src/handler/numbering_handler.rs
@@ -0,0 +1,119 @@
+use axum::Extension;
+use axum::extract::{FromRef, Path, Query, State};
+use axum::response::Json;
+use validator::Validate;
+
+use erp_core::error::AppError;
+use erp_core::rbac::require_permission;
+use erp_core::types::{ApiResponse, PaginatedResponse, Pagination, TenantContext};
+use uuid::Uuid;
+
+use crate::config_state::ConfigState;
+use crate::dto::{
+    CreateNumberingRuleReq, GenerateNumberResp, NumberingRuleResp, UpdateNumberingRuleReq,
+};
+use crate::service::numbering_service::NumberingService;
+
+/// GET /api/v1/numbering-rules
+///
+/// 分页查询当前租户下的编号规则列表。
+/// 需要 `numbering.list` 权限。
+pub async fn list_numbering_rules<S>(
+    State(state): State<ConfigState>,
+    Extension(ctx): Extension<TenantContext>,
+    Query(pagination): Query<Pagination>,
+) -> Result<Json<ApiResponse<PaginatedResponse<NumberingRuleResp>>>, AppError>
+where
+    ConfigState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "numbering.list")?;
+
+    let (rules, total) = NumberingService::list(ctx.tenant_id, &pagination, &state.db).await?;
+
+    let page = pagination.page.unwrap_or(1);
+    let page_size = pagination.limit();
+    let total_pages = (total + page_size - 1) / page_size;
+
+    Ok(Json(ApiResponse::ok(PaginatedResponse {
+        data: rules,
+        total,
+        page,
+        page_size,
+        total_pages,
+    })))
+}
+
+/// POST /api/v1/numbering-rules
+///
+/// 创建新的编号规则。
+/// 规则编码在租户内必须唯一。
+/// 需要 `numbering.create` 权限。
+pub async fn create_numbering_rule<S>(
+    State(state): State<ConfigState>,
+    Extension(ctx): Extension<TenantContext>,
+    Json(req): Json<CreateNumberingRuleReq>,
+) -> Result<Json<ApiResponse<NumberingRuleResp>>, AppError>
+where
+    ConfigState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "numbering.create")?;
+
+    req.validate()
+        .map_err(|e| AppError::Validation(e.to_string()))?;
+
+    let rule = NumberingService::create(
+        ctx.tenant_id,
+        ctx.user_id,
+        &req,
+        &state.db,
+        &state.event_bus,
+    )
+    .await?;
+
+    Ok(Json(ApiResponse::ok(rule)))
+}
+
+/// PUT /api/v1/numbering-rules/:id
+///
+/// 更新编号规则的可编辑字段。
+/// 需要 `numbering.update` 权限。
+pub async fn update_numbering_rule<S>(
+    State(state): State<ConfigState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<Uuid>,
+    Json(req): Json<UpdateNumberingRuleReq>,
+) -> Result<Json<ApiResponse<NumberingRuleResp>>, AppError>
+where
+    ConfigState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "numbering.update")?;
+
+    let rule =
+        NumberingService::update(id, ctx.tenant_id, ctx.user_id, &req, &state.db).await?;
+
+    Ok(Json(ApiResponse::ok(rule)))
+}
+
+/// POST /api/v1/numbering-rules/:id/generate
+///
+/// 根据编号规则生成新的编号。
+/// 使用 PostgreSQL advisory lock 保证并发安全。
+/// 需要 `numbering.generate` 权限。
+pub async fn generate_number<S>(
+    State(state): State<ConfigState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<Uuid>,
+) -> Result<Json<ApiResponse<GenerateNumberResp>>, AppError>
+where
+    ConfigState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "numbering.generate")?;
+
+    let result = NumberingService::generate_number(id, ctx.tenant_id, &state.db).await?;
+
+    Ok(Json(ApiResponse::ok(result)))
+}
--- a/crates/erp-config/src/handler/setting_handler.rs
+++ b/crates/erp-config/src/handler/setting_handler.rs
@@ -0,0 +1,76 @@
+use axum::Extension;
+use axum::extract::{FromRef, Path, Query, State};
+use axum::response::Json;
+
+use erp_core::error::AppError;
+use erp_core::rbac::require_permission;
+use erp_core::types::{ApiResponse, TenantContext};
+use uuid::Uuid;
+
+use crate::config_state::ConfigState;
+use crate::dto::{SettingResp, UpdateSettingReq};
+use crate::service::setting_service::SettingService;
+
+/// GET /api/v1/settings/:key?scope=tenant&scope_id=xxx
+///
+/// 获取设置值，支持分层回退查找。
+/// 解析顺序：精确匹配 -> 按作用域层级向上回退。
+/// 需要 `setting.read` 权限。
+pub async fn get_setting<S>(
+    State(state): State<ConfigState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(key): Path<String>,
+    Query(query): Query<SettingQuery>,
+) -> Result<Json<ApiResponse<SettingResp>>, AppError>
+where
+    ConfigState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "setting.read")?;
+
+    let scope = query.scope.unwrap_or_else(|| "tenant".to_string());
+
+    let setting =
+        SettingService::get(&key, &scope, &query.scope_id, ctx.tenant_id, &state.db).await?;
+
+    Ok(Json(ApiResponse::ok(setting)))
+}
+
+/// PUT /api/v1/settings/:key
+///
+/// 创建或更新设置值。
+/// 如果相同 (scope, scope_id, key) 的记录存在则更新，否则插入。
+/// 需要 `setting.update` 权限。
+pub async fn update_setting<S>(
+    State(state): State<ConfigState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(key): Path<String>,
+    Json(req): Json<UpdateSettingReq>,
+) -> Result<Json<ApiResponse<SettingResp>>, AppError>
+where
+    ConfigState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "setting.update")?;
+
+    let setting = SettingService::set(
+        &key,
+        "tenant",
+        &None,
+        req.setting_value,
+        ctx.tenant_id,
+        ctx.user_id,
+        &state.db,
+        &state.event_bus,
+    )
+    .await?;
+
+    Ok(Json(ApiResponse::ok(setting)))
+}
+
+/// 设置查询参数。
+#[derive(Debug, serde::Deserialize)]
+pub struct SettingQuery {
+    pub scope: Option<String>,
+    pub scope_id: Option<Uuid>,
+}
--- a/crates/erp-config/src/handler/theme_handler.rs
+++ b/crates/erp-config/src/handler/theme_handler.rs
@@ -0,0 +1,69 @@
+use axum::Extension;
+use axum::extract::{FromRef, Json, State};
+use axum::response::Json as JsonResponse;
+
+use erp_core::error::AppError;
+use erp_core::rbac::require_permission;
+use erp_core::types::{ApiResponse, TenantContext};
+
+use crate::config_state::ConfigState;
+use crate::dto::ThemeResp;
+use crate::service::setting_service::SettingService;
+
+/// GET /api/v1/theme
+///
+/// 获取当前租户的主题配置。
+/// 主题配置存储在 settings 表中，key 为 "theme"，scope 为 "tenant"。
+/// 需要 `theme.read` 权限。
+pub async fn get_theme<S>(
+    State(state): State<ConfigState>,
+    Extension(ctx): Extension<TenantContext>,
+) -> Result<JsonResponse<ApiResponse<ThemeResp>>, AppError>
+where
+    ConfigState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "theme.read")?;
+
+    let setting =
+        SettingService::get("theme", "tenant", &None, ctx.tenant_id, &state.db).await?;
+
+    let theme: ThemeResp = serde_json::from_value(setting.setting_value)
+        .map_err(|e| AppError::Validation(format!("主题配置解析失败: {e}")))?;
+
+    Ok(JsonResponse(ApiResponse::ok(theme)))
+}
+
+/// PUT /api/v1/theme
+///
+/// 更新当前租户的主题配置。
+/// 将主题配置序列化为 JSON 存储到 settings 表。
+/// 需要 `theme.update` 权限。
+pub async fn update_theme<S>(
+    State(state): State<ConfigState>,
+    Extension(ctx): Extension<TenantContext>,
+    Json(req): Json<ThemeResp>,
+) -> Result<JsonResponse<ApiResponse<ThemeResp>>, AppError>
+where
+    ConfigState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "theme.update")?;
+
+    let value = serde_json::to_value(&req)
+        .map_err(|e| AppError::Validation(format!("主题配置序列化失败: {e}")))?;
+
+    SettingService::set(
+        "theme",
+        "tenant",
+        &None,
+        value,
+        ctx.tenant_id,
+        ctx.user_id,
+        &state.db,
+        &state.event_bus,
+    )
+    .await?;
+
+    Ok(JsonResponse(ApiResponse::ok(req)))
+}