fix: 审计修复 — ErrorBoundary 接入 + data_scope 全端点接线 + inventory.wasm

1. H1: App.tsx 接入 ErrorBoundary 包裹 Suspense，防止页面渲染错误导致白屏 2. H2: data_scope 行级权限扩展到 count/aggregate/timeseries 端点，所有数据查询操作现在都受 data_scope 过滤 3. M3: 进销存插件 WASM 编译部署到 apps/web/public/inventory.wasm
2026-04-18 08:12:40 +08:00
parent e8739e80c7
commit 40bac74f5c
4 changed files with 49 additions and 4 deletions
--- a/crates/erp-plugin/src/handler/data_handler.rs
+++ b/crates/erp-plugin/src/handler/data_handler.rs
@@ -390,6 +390,11 @@ where
    let fine_perm = compute_permission_code(&manifest_id, &entity, "list");
    require_permission(&ctx, &fine_perm)?;

+    // 解析数据权限范围
+    let scope = resolve_data_scope(
+        &ctx, &manifest_id, &entity, &fine_perm, &state.db,
+    ).await?;
+
    // 解析 filter JSON
    let filter: Option<serde_json::Value> = params
        .filter
@@ -403,6 +408,7 @@ where
        &state.db,
        filter,
        params.search,
+        scope,
    )
    .await?;

@@ -434,6 +440,11 @@ where
    let fine_perm = compute_permission_code(&manifest_id, &entity, "list");
    require_permission(&ctx, &fine_perm)?;

+    // 解析数据权限范围
+    let scope = resolve_data_scope(
+        &ctx, &manifest_id, &entity, &fine_perm, &state.db,
+    ).await?;
+
    // 解析 filter JSON
    let filter: Option<serde_json::Value> = params
        .filter
@@ -447,6 +458,7 @@ where
        &state.db,
        &params.group_by,
        filter,
+        scope,
    )
    .await?;

@@ -483,6 +495,11 @@ where
    let fine_perm = compute_permission_code(&manifest_id, &entity, "list");
    require_permission(&ctx, &fine_perm)?;

+    // 解析数据权限范围
+    let scope = resolve_data_scope(
+        &ctx, &manifest_id, &entity, &fine_perm, &state.db,
+    ).await?;
+
    let result = PluginDataService::timeseries(
        plugin_id,
        &entity,
@@ -492,6 +509,7 @@ where
        &params.time_grain,
        params.start,
        params.end,
+        scope,
    )
    .await?;