feat(core): add audit logging to all mutation operations

Create audit_log SeaORM entity and audit_service::record() helper. Integrate audit recording into 35 mutation endpoints across all modules: - erp-auth: user/role/organization/department/position CRUD (15 actions) - erp-config: dictionary/menu/setting/numbering_rule CRUD (15 actions) - erp-workflow: definition/instance/task operations (8 actions) - erp-message: send/system/mark_read/delete (5 actions) Uses fire-and-forget pattern — audit failures logged but non-blocking.
2026-04-11 23:48:45 +08:00
parent 5d6e1dc394
commit db2cd24259
17 changed files with 388 additions and 0 deletions
--- a/crates/erp-message/src/service/message_service.rs
+++ b/crates/erp-message/src/service/message_service.rs
@@ -8,6 +8,8 @@ use uuid::Uuid;
 use crate::dto::{MessageQuery, MessageResp, SendMessageReq, UnreadCountResp};
 use crate::entity::message;
 use crate::error::{MessageError, MessageResult};
+use erp_core::audit::AuditLog;
+use erp_core::audit_service;
 use erp_core::events::EventBus;

 /// 消息服务。
@@ -130,6 +132,13 @@ impl MessageService {
            }),
        ));

+        audit_service::record(
+            AuditLog::new(tenant_id, Some(sender_id), "message.send", "message")
+                .with_resource_id(id),
+            db,
+        )
+        .await;
+
        Ok(Self::model_to_resp(&inserted))
    }

@@ -191,6 +200,13 @@ impl MessageService {
            }),
        ));

+        audit_service::record(
+            AuditLog::new(tenant_id, Some(system_user), "message.send_system", "message")
+                .with_resource_id(id),
+            db,
+        )
+        .await;
+
        Ok(Self::model_to_resp(&inserted))
    }

@@ -230,6 +246,13 @@ impl MessageService {
            .await
            .map_err(|e| MessageError::Validation(e.to_string()))?;

+        audit_service::record(
+            AuditLog::new(tenant_id, Some(user_id), "message.mark_read", "message")
+                .with_resource_id(id),
+            db,
+        )
+        .await;
+
        Ok(())
    }

@@ -254,6 +277,12 @@ impl MessageService {
        .await
        .map_err(|e| MessageError::Validation(e.to_string()))?;

+        audit_service::record(
+            AuditLog::new(tenant_id, Some(user_id), "message.mark_all_read", "message"),
+            db,
+        )
+        .await;
+
        Ok(())
    }

@@ -288,6 +317,13 @@ impl MessageService {
            .await
            .map_err(|e| MessageError::Validation(e.to_string()))?;

+        audit_service::record(
+            AuditLog::new(tenant_id, Some(user_id), "message.delete", "message")
+                .with_resource_id(id),
+            db,
+        )
+        .await;
+
        Ok(())
    }