feat(plugin): 外键校验 — ref_entity 字段验证引用记录存在性

新增 validate_ref_entities 异步函数，在 create/update 时检查 ref_entity 字段指向的记录是否存在于对应动态表中。自引用场景下 create 跳过校验，update 跳过自身引用。
2026-04-17 10:35:46 +08:00
parent f4b1a06d53
commit 649334e862
1 changed files with 70 additions and 0 deletions
--- a/crates/erp-plugin/src/data_service.rs
+++ b/crates/erp-plugin/src/data_service.rs
@@ -28,6 +28,7 @@ impl PluginDataService {
        let info = resolve_entity_info(plugin_id, entity_name, tenant_id, db).await?;
        let fields = info.fields()?;
        validate_data(&data, &fields)?;
+        validate_ref_entities(&data, &fields, entity_name, plugin_id, tenant_id, db, true, None).await?;

        let (sql, values) =
            DynamicTableManager::build_insert_sql(&info.table_name, tenant_id, operator_id, &data);
@@ -206,6 +207,7 @@ impl PluginDataService {
        let info = resolve_entity_info(plugin_id, entity_name, tenant_id, db).await?;
        let fields = info.fields()?;
        validate_data(&data, &fields)?;
+        validate_ref_entities(&data, &fields, entity_name, plugin_id, tenant_id, db, false, Some(id)).await?;

        let (sql, values) = DynamicTableManager::build_update_sql(
            &info.table_name,
@@ -482,3 +484,71 @@ fn validate_data(data: &serde_json::Value, fields: &[PluginField]) -> AppResult<
    }
    Ok(())
 }
+
+/// 校验外键引用 — 检查 ref_entity 字段指向的记录是否存在
+async fn validate_ref_entities(
+    data: &serde_json::Value,
+    fields: &[PluginField],
+    current_entity: &str,
+    plugin_id: Uuid,
+    tenant_id: Uuid,
+    db: &sea_orm::DatabaseConnection,
+    is_create: bool,
+    record_id: Option<Uuid>,
+) -> AppResult<()> {
+    let obj = data.as_object().ok_or_else(|| {
+        AppError::Validation("data 必须是 JSON 对象".to_string())
+    })?;
+
+    for field in fields {
+        let Some(ref_entity_name) = &field.ref_entity else { continue };
+        let Some(val) = obj.get(&field.name) else { continue };
+        let str_val = val.as_str().unwrap_or("").trim().to_string();
+
+        if str_val.is_empty() && !field.required { continue; }
+        if str_val.is_empty() { continue; }
+
+        let ref_id = Uuid::parse_str(&str_val).map_err(|_| {
+            AppError::Validation(format!(
+                "字段 '{}' 的值 '{}' 不是有效的 UUID",
+                field.display_name.as_deref().unwrap_or(&field.name),
+                str_val
+            ))
+        })?;
+
+        // 自引用 + create：跳过（记录尚未存在）
+        if ref_entity_name == current_entity && is_create {
+            continue;
+        }
+        // 自引用 + update：检查是否引用自身
+        if ref_entity_name == current_entity && !is_create {
+            if let Some(rid) = record_id {
+                if ref_id == rid { continue; }
+            }
+        }
+
+        // 查询被引用记录是否存在
+        let manifest_id = resolve_manifest_id(plugin_id, tenant_id, db).await?;
+        let ref_table = DynamicTableManager::table_name(&manifest_id, ref_entity_name);
+
+        let check_sql = format!(
+            "SELECT 1 as check_result FROM \"{}\" WHERE id = $1 AND tenant_id = $2 AND deleted_at IS NULL LIMIT 1",
+            ref_table
+        );
+        #[derive(FromQueryResult)]
+        struct ExistsCheck { check_result: Option<i32> }
+        let result = ExistsCheck::find_by_statement(Statement::from_sql_and_values(
+            sea_orm::DatabaseBackend::Postgres,
+            check_sql,
+            [ref_id.into(), tenant_id.into()],
+        )).one(db).await?;
+
+        if result.is_none() {
+            return Err(AppError::Validation(format!(
+                "引用的 {} 记录不存在（ID: {}）",
+                ref_entity_name, ref_id
+            )));
+        }
+    }
+    Ok(())
+}