iven/erp
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat(plugin): P1 跨插件数据引用系统 — 后端 Phase 1-3
Some checks failed
CI / rust-check (push) Has been cancelled
Details
CI / rust-test (push) Has been cancelled
Details
CI / frontend-build (push) Has been cancelled
Details
CI / security-audit (push) Has been cancelled
Details

Browse Source 
实现跨插件实体引用的基础后端能力:

Phase 1 — Manifest 扩展 + Entity Registry 数据层:
- PluginField 新增 ref_plugin/ref_fallback_label 支持跨插件引用声明
- PluginRelation 新增 name/relation_type/display_field(CRM 已在用的字段)
- PluginEntity 新增 is_public 标记可被其他插件引用的实体
- 数据库迁移:plugin_entities 新增 manifest_id + is_public 列 + 索引
- SeaORM Entity 和 install 流程同步更新

Phase 2 — 后端跨插件引用解析 + 校验:
- data_service: 新增 resolve_cross_plugin_entity/is_plugin_active 函数
- validate_ref_entities: 支持 ref_plugin 字段,目标插件未安装时跳过校验(软警告)
- host.rs: HostState 新增 cross_plugin_entities 映射,db_query 支持点分记号
- engine.rs: execute_wasm 自动构建跨插件实体映射

Phase 3 — API 端点:
- POST /plugins/{id}/{entity}/resolve-labels 批量标签解析
- GET /plugin-registry/entities 公开实体注册表查询
This commit is contained in:
iven
2026-04-19 00:49:00 +08:00
parent 1dbda4c1e8
commit ef89ed38a1
12 changed files with 1425 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
crates/erp-plugin/src/data_dto.rs
View File

@@ -55,6 +55,18 @@ pub struct AggregateItem {
pub count: i64,
}
/// 多聚合查询响应项
#[derive(Debug, Serialize, Deserialize, utoipa::ToSchema)]
pub struct AggregateMultiRow {
/// 分组键
pub key: String,
/// 计数
pub count: i64,
/// 聚合指标: {"sum_amount": 5000.0, "avg_price": 25.5}
#[serde(default)]
pub metrics: std::collections::HashMap<String, f64>,
}
/// 聚合查询参数
#[derive(Debug, Serialize, Deserialize, utoipa::IntoParams)]
pub struct AggregateQueryParams {
@@ -64,6 +76,26 @@ pub struct AggregateQueryParams {
pub filter: Option<String>,
}
/// 多聚合查询请求体
#[derive(Debug, Serialize, Deserialize, utoipa::ToSchema)]
pub struct AggregateMultiReq {
/// 分组字段名
pub group_by: String,
/// 聚合定义列表: [{"func": "sum", "field": "amount"}]
pub aggregations: Vec<AggregateDefDto>,
/// JSON 格式过滤
pub filter: Option<serde_json::Value>,
}
/// 单个聚合定义
#[derive(Debug, Serialize, Deserialize, utoipa::ToSchema)]
pub struct AggregateDefDto {
/// 聚合函数: count, sum, avg, min, max
pub func: String,
/// 字段名
pub field: String,
}
/// 统计查询参数
#[derive(Debug, Serialize, Deserialize, utoipa::IntoParams)]
pub struct CountQueryParams {
@@ -105,3 +137,29 @@ pub struct TimeseriesItem {
/// 计数
pub count: i64,
}
// ─── 跨插件引用 DTO ──────────────────────────────────────────────────
/// 批量标签解析请求
#[derive(Debug, Serialize, Deserialize, utoipa::ToSchema)]
pub struct ResolveLabelsReq {
/// 字段名 → UUID 列表
pub fields: std::collections::HashMap<String, Vec<String>>,
}
/// 批量标签解析响应
#[derive(Debug, Serialize, Deserialize, utoipa::ToSchema)]
pub struct ResolveLabelsResp {
/// 字段名 → { uuid: label } 映射
pub labels: serde_json::Value,
/// 字段名 → 目标插件元信息
pub meta: serde_json::Value,
}
/// 公开实体信息(实体注册表查询响应)
#[derive(Debug, Serialize, Deserialize, utoipa::ToSchema)]
pub struct PublicEntityResp {
pub manifest_id: String,
pub entity_name: String,
pub display_name: String,
}

177
crates/erp-plugin/src/data_service.rs
View File

@@ -6,7 +6,7 @@ use erp_core::audit_service;
use erp_core::error::{AppError, AppResult};
use erp_core::events::EventBus;
use crate::data_dto::{BatchActionReq, PluginDataResp};
use crate::data_dto::{AggregateMultiRow, BatchActionReq, PluginDataResp};
use crate::dynamic_table::{sanitize_identifier, DynamicTableManager};
use crate::entity::plugin;
use crate::entity::plugin_entity;
@@ -700,6 +700,70 @@ impl PluginDataService {
Ok(result)
}
/// 多聚合查询 — 支持 COUNT + SUM/AVG/MIN/MAX
pub async fn aggregate_multi(
plugin_id: Uuid,
entity_name: &str,
tenant_id: Uuid,
db: &sea_orm::DatabaseConnection,
group_by_field: &str,
aggregations: &[(String, String)],
filter: Option<serde_json::Value>,
scope: Option<DataScopeParams>,
) -> AppResult<Vec<AggregateMultiRow>> {
let info = resolve_entity_info(plugin_id, entity_name, tenant_id, db).await?;
let (mut sql, mut values) = DynamicTableManager::build_aggregate_multi_sql(
&info.table_name,
tenant_id,
group_by_field,
aggregations,
filter,
)
.map_err(|e| AppError::Validation(e))?;
let scope_condition = build_scope_sql(&scope, &info.generated_fields, values.len() + 1);
if !scope_condition.0.is_empty() {
sql = merge_scope_condition(sql, &scope_condition);
values.extend(scope_condition.1);
}
// 使用 json_agg 包装整行,返回 JSON 数组
let json_sql = format!("SELECT json_agg(row_to_json(t)) as data FROM ({}) t", sql);
#[derive(Debug, FromQueryResult)]
struct JsonResult {
data: Option<serde_json::Value>,
}
let result = JsonResult::find_by_statement(Statement::from_sql_and_values(
sea_orm::DatabaseBackend::Postgres,
json_sql,
values,
))
.one(db)
.await?;
let json_rows: Vec<serde_json::Value> = result
.and_then(|r| r.data)
.and_then(|d| d.as_array().cloned())
.unwrap_or_default();
let rows = json_rows.into_iter().map(|v| AggregateMultiRow {
key: v.get("key").and_then(|k| k.as_str()).unwrap_or_default().to_string(),
count: v.get("count").and_then(|c| c.as_i64()).unwrap_or(0),
metrics: v.as_object()
.map(|m| m.iter()
.filter(|(k, _)| *k != "key" && *k != "count")
.map(|(k, v)| (k.clone(), v.as_f64().unwrap_or(0.0)))
.collect()
)
.unwrap_or_default(),
}).collect();
Ok(rows)
}
/// 聚合查询(预留 Redis 缓存接口)
pub async fn aggregate_cached(
plugin_id: Uuid,
@@ -866,6 +930,77 @@ pub async fn resolve_entity_info_cached(
Ok(info)
}
/// 跨插件实体解析 — 按 manifest_id + entity_name 查找目标插件的实体信息
pub async fn resolve_cross_plugin_entity(
target_manifest_id: &str,
entity_name: &str,
tenant_id: Uuid,
db: &sea_orm::DatabaseConnection,
) -> AppResult<EntityInfo> {
let entity = plugin_entity::Entity::find()
.filter(plugin_entity::Column::ManifestId.eq(target_manifest_id))
.filter(plugin_entity::Column::EntityName.eq(entity_name))
.filter(plugin_entity::Column::TenantId.eq(tenant_id))
.filter(plugin_entity::Column::DeletedAt.is_null())
.one(db)
.await?
.ok_or_else(|| {
AppError::NotFound(format!(
"跨插件实体 {}/{} 不存在或未公开",
target_manifest_id, entity_name
))
})?;
let entity_def: crate::manifest::PluginEntity =
serde_json::from_value(entity.schema_json.clone())
.map_err(|e| AppError::Internal(format!("解析 entity schema 失败: {}", e)))?;
let generated_fields: Vec<String> = entity_def
.fields
.iter()
.filter(|f| f.field_type.supports_generated_column())
.filter(|f| {
f.unique
|| f.sortable == Some(true)
|| f.filterable == Some(true)
|| (f.required && (f.sortable == Some(true) || f.filterable == Some(true)))
})
.map(|f| sanitize_identifier(&f.name))
.collect();
Ok(EntityInfo {
table_name: entity.table_name,
schema_json: entity.schema_json,
generated_fields,
})
}
/// 检查目标插件是否安装且活跃
pub async fn is_plugin_active(
target_manifest_id: &str,
tenant_id: Uuid,
db: &sea_orm::DatabaseConnection,
) -> bool {
// 通过 plugin_entities 的 manifest_id 找到 plugin_id再检查 plugins 表状态
let entity = plugin_entity::Entity::find()
.filter(plugin_entity::Column::ManifestId.eq(target_manifest_id))
.filter(plugin_entity::Column::TenantId.eq(tenant_id))
.filter(plugin_entity::Column::DeletedAt.is_null())
.one(db)
.await;
let Some(entity) = entity.ok().flatten() else {
return false;
};
let plugin = plugin::Entity::find_by_id(entity.plugin_id)
.filter(plugin::Column::TenantId.eq(tenant_id))
.filter(plugin::Column::DeletedAt.is_null())
.one(db)
.await;
matches!(plugin.ok().flatten(), Some(p) if p.status == "running" || p.status == "installed")
}
/// 校验数据:检查 required 字段 + 正则校验
fn validate_data(data: &serde_json::Value, fields: &[PluginField]) -> AppResult<()> {
let obj = data.as_object().ok_or_else(|| {
@@ -904,6 +1039,8 @@ fn validate_data(data: &serde_json::Value, fields: &[PluginField]) -> AppResult<
}
/// 校验外键引用 — 检查 ref_entity 字段指向的记录是否存在
/// 支持同插件引用和跨插件引用ref_plugin 字段)
/// 核心原则:跨插件引用目标插件未安装时跳过校验(软警告)
async fn validate_ref_entities(
data: &serde_json::Value,
fields: &[PluginField],
@@ -935,19 +1072,47 @@ async fn validate_ref_entities(
})?;
// 自引用 + create跳过记录尚未存在
if ref_entity_name == current_entity && is_create {
if ref_entity_name == current_entity && field.ref_plugin.is_none() && is_create {
continue;
}
// 自引用 + update检查是否引用自身
if ref_entity_name == current_entity && !is_create {
if ref_entity_name == current_entity && field.ref_plugin.is_none() && !is_create {
if let Some(rid) = record_id {
if ref_id == rid { continue; }
}
}
// 查询被引用记录是否存在
let manifest_id = resolve_manifest_id(plugin_id, tenant_id, db).await?;
let ref_table = DynamicTableManager::table_name(&manifest_id, ref_entity_name);
// 确定目标表名
let ref_table = if let Some(target_plugin) = &field.ref_plugin {
// 跨插件引用 — 检查目标插件是否活跃
if !is_plugin_active(target_plugin, tenant_id, db).await {
// 目标插件未安装/禁用 → 跳过校验(软警告,不阻塞)
tracing::debug!(
field = %field.name,
target_plugin = %target_plugin,
"跨插件引用目标插件未活跃,跳过校验"
);
continue;
}
// 目标插件活跃 → 解析目标表名
match resolve_cross_plugin_entity(target_plugin, ref_entity_name, tenant_id, db).await {
Ok(info) => info.table_name,
Err(e) => {
tracing::warn!(
field = %field.name,
target_plugin = %target_plugin,
entity = %ref_entity_name,
error = %e,
"跨插件实体解析失败,跳过校验"
);
continue;
}
}
} else {
// 同插件引用 — 使用原有逻辑
let manifest_id = resolve_manifest_id(plugin_id, tenant_id, db).await?;
DynamicTableManager::table_name(&manifest_id, ref_entity_name)
};
let check_sql = format!(
"SELECT 1 as check_result FROM \"{}\" WHERE id = $1 AND tenant_id = $2 AND deleted_at IS NULL LIMIT 1",

183
crates/erp-plugin/src/dynamic_table.rs
View File

@@ -4,7 +4,7 @@ use uuid::Uuid;
use base64::{Engine, engine::general_purpose::STANDARD as BASE64};
use crate::error::{PluginError, PluginResult};
use crate::manifest::{PluginEntity, PluginFieldType};
use crate::manifest::{PluginEntity, PluginField, PluginFieldType};
/// 消毒标识符:只保留 ASCII 字母、数字、下划线,防止 SQL 注入
pub(crate) fn sanitize_identifier(input: &str) -> String {
@@ -14,6 +14,13 @@ pub(crate) fn sanitize_identifier(input: &str) -> String {
.collect()
}
/// Schema 演进字段差异
pub struct FieldDiff {
pub new_filterable: Vec<PluginField>,
pub new_sortable: Vec<PluginField>,
pub new_searchable: Vec<PluginField>,
}
/// 动态表管理器 — 处理插件动态创建/删除的数据库表
pub struct DynamicTableManager;
@@ -158,6 +165,102 @@ impl DynamicTableManager {
Ok(())
}
/// Schema 演进:对比新旧实体字段,返回需要新增 Generated Column 的差异
pub fn diff_entity_fields(old: &PluginEntity, new: &PluginEntity) -> FieldDiff {
let old_names: std::collections::HashSet<String> =
old.fields.iter().map(|f| f.name.clone()).collect();
let mut new_filterable = Vec::new();
let mut new_sortable = Vec::new();
let mut new_searchable = Vec::new();
for field in &new.fields {
if old_names.contains(&field.name) {
continue;
}
// 新增字段 + 需要 Generated Column 的条件
let needs_gen = field.unique
|| field.sortable == Some(true)
|| field.filterable == Some(true);
if needs_gen {
new_filterable.push(field.clone());
if field.sortable == Some(true) {
new_sortable.push(field.clone());
}
}
if field.searchable == Some(true) && matches!(field.field_type, PluginFieldType::String) {
new_searchable.push(field.clone());
}
}
FieldDiff { new_filterable, new_sortable, new_searchable }
}
/// Schema 演进:为已有实体新增 Generated Column 和索引
pub async fn alter_add_generated_columns(
db: &DatabaseConnection,
plugin_id: &str,
entity: &PluginEntity,
diff: &FieldDiff,
) -> PluginResult<()> {
let table_name = Self::table_name(plugin_id, &entity.name);
let mut statements = Vec::new();
for field in &diff.new_filterable {
if !field.field_type.supports_generated_column() {
continue;
}
let col_name = format!("_f_{}", sanitize_identifier(&field.name));
let sql_type = field.field_type.generated_sql_type();
let expr = field.field_type.generated_expr(&sanitize_identifier(&field.name));
let _safe_field = sanitize_identifier(&field.name);
statements.push(format!(
"ALTER TABLE \"{}\" ADD COLUMN IF NOT EXISTS \"{}\" {} GENERATED ALWAYS AS ({}) STORED",
table_name, col_name, sql_type, expr
));
let col_idx = format!("{}_{}", sanitize_identifier(&table_name), col_name);
if field.unique {
statements.push(format!(
"CREATE UNIQUE INDEX IF NOT EXISTS \"idx_{}_uniq\" ON \"{}\" (tenant_id, \"{}\") WHERE deleted_at IS NULL",
col_idx, table_name, col_name
));
} else {
statements.push(format!(
"CREATE INDEX IF NOT EXISTS \"idx_{}\" ON \"{}\" (tenant_id, \"{}\") WHERE deleted_at IS NULL",
col_idx, table_name, col_name
));
}
}
for field in &diff.new_searchable {
let sf = sanitize_identifier(&field.name);
let col_name = format!("_f_{}", sf);
let col_idx = format!("{}_{}trgm", sanitize_identifier(&table_name), col_name);
statements.push(format!(
"CREATE INDEX IF NOT EXISTS \"idx_{}\" ON \"{}\" USING gin (\"{}\" gin_trgm_ops) WHERE deleted_at IS NULL AND \"{}\" IS NOT NULL",
col_idx, table_name, col_name, col_name
));
}
for sql in &statements {
tracing::info!(sql = %sql, "Executing ALTER TABLE");
db.execute_unprepared(sql).await.map_err(|e| {
tracing::error!(sql = %sql, error = %e, "ALTER TABLE failed");
PluginError::DatabaseError(e.to_string())
})?;
}
tracing::info!(
table = %table_name,
added_columns = diff.new_filterable.len(),
added_search_indexes = diff.new_searchable.len(),
"Schema evolution: Generated Columns added"
);
Ok(())
}
/// 检查表是否存在
pub async fn table_exists(db: &DatabaseConnection, table_name: &str) -> PluginResult<bool> {
#[derive(FromQueryResult)]
@@ -461,6 +564,82 @@ impl DynamicTableManager {
Ok((sql, values))
}
/// 构建多聚合函数 SQL支持 COUNT/SUM/AVG/MIN/MAX
pub fn build_aggregate_multi_sql(
table_name: &str,
tenant_id: Uuid,
group_by_field: &str,
aggregations: &[(String, String)], // (func, field) e.g. ("sum", "amount")
filter: Option<serde_json::Value>,
) -> Result<(String, Vec<Value>), String> {
let clean_group = sanitize_identifier(group_by_field);
if clean_group.is_empty() {
return Err(format!("无效的分组字段名: {}", group_by_field));
}
let mut conditions = vec![
format!("\"tenant_id\" = ${}", 1),
"\"deleted_at\" IS NULL".to_string(),
];
let mut param_idx = 2;
let mut values: Vec<Value> = vec![tenant_id.into()];
if let Some(f) = filter {
if let Some(obj) = f.as_object() {
for (key, val) in obj {
let clean_key = sanitize_identifier(key);
if clean_key.is_empty() {
return Err(format!("无效的过滤字段名: {}", key));
}
conditions.push(format!("\"data\"->>'{}' = ${}", clean_key, param_idx));
values.push(Value::String(Some(Box::new(
val.as_str().unwrap_or("").to_string(),
))));
param_idx += 1;
}
}
}
let mut select_parts = vec![
format!("\"_f_{}\" as key", clean_group),
"COUNT(*) as count".to_string(),
];
for (func, field) in aggregations {
let clean_field = sanitize_identifier(field);
let func_lower = func.to_lowercase();
match func_lower.as_str() {
"sum" => select_parts.push(format!(
"COALESCE(SUM(\"_f_{}\"), 0) as sum_{}", clean_field, clean_field
)),
"avg" => select_parts.push(format!(
"COALESCE(AVG(\"_f_{}\"), 0) as avg_{}", clean_field, clean_field
)),
"min" => select_parts.push(format!(
"MIN(\"_f_{}\") as min_{}", clean_field, clean_field
)),
"max" => select_parts.push(format!(
"MAX(\"_f_{}\") as max_{}", clean_field, clean_field
)),
_ => {}
}
}
let sql = format!(
"SELECT {} \
FROM \"{}\" \
WHERE {} \
GROUP BY \"_f_{}\" \
ORDER BY count DESC",
select_parts.join(", "),
table_name,
conditions.join(" AND "),
clean_group,
);
Ok((sql, values))
}
/// 构建带过滤条件的查询 SQL
pub fn build_filtered_query_sql(
table_name: &str,
@@ -1132,6 +1311,7 @@ mod tests {
indexes: vec![],
relations: vec![],
data_scope: None,
is_public: None,
};
let sql = DynamicTableManager::build_create_table_sql("erp_crm", &entity);
@@ -1174,6 +1354,7 @@ mod tests {
indexes: vec![],
relations: vec![],
data_scope: None,
is_public: None,
};
let sql = DynamicTableManager::build_create_table_sql("erp_crm", &entity);

60
crates/erp-plugin/src/engine.rs
View File

@@ -1,8 +1,9 @@
use std::collections::HashMap;
use std::panic::AssertUnwindSafe;
use std::sync::Arc;
use dashmap::DashMap;
use sea_orm::{ConnectionTrait, DatabaseConnection, Statement, TransactionTrait};
use sea_orm::{ColumnTrait, ConnectionTrait, DatabaseConnection, EntityTrait, QueryFilter, Statement, TransactionTrait};
use serde_json::json;
use tokio::sync::RwLock;
use uuid::Uuid;
@@ -315,6 +316,18 @@ impl PluginEngine {
Ok(())
}
/// 将插件从一个 key 重命名为另一个 key用于热更新的原子替换
pub async fn rename_plugin(&self, old_id: &str, new_id: &str) -> PluginResult<()> {
let (_, loaded) = self.plugins.remove(old_id)
.ok_or_else(|| PluginError::NotFound(old_id.to_string()))?;
let mut loaded = Arc::try_unwrap(loaded)
.map_err(|_| PluginError::ExecutionError("插件仍被引用,无法重命名".to_string()))?;
loaded.id = new_id.to_string();
self.plugins.insert(new_id.to_string(), Arc::new(loaded));
tracing::info!(old_id, new_id, "Plugin renamed");
Ok(())
}
/// 健康检查
pub async fn health_check(&self, plugin_id: &str) -> PluginResult<serde_json::Value> {
let loaded = self.get_loaded(plugin_id)?;
@@ -456,13 +469,20 @@ impl PluginEngine {
{
let loaded = self.get_loaded(plugin_id)?;
// 构建跨插件实体映射(从 manifest 的 ref_plugin 字段提取)
let cross_plugin_entities = Self::build_cross_plugin_map(&loaded.manifest, &self.db, exec_ctx.tenant_id).await;
// 创建新的 Store + HostState使用真实的租户/用户上下文
let state = HostState::new(
// 传入 db 和 event_bus 启用混合执行模式(插件可自主查询数据)
let mut state = HostState::new_with_db(
plugin_id.to_string(),
exec_ctx.tenant_id,
exec_ctx.user_id,
exec_ctx.permissions.clone(),
self.db.clone(),
self.event_bus.clone(),
);
state.cross_plugin_entities = cross_plugin_entities;
let mut store = Store::new(&self.engine, state);
store
.set_fuel(self.config.default_fuel)
@@ -521,6 +541,42 @@ impl PluginEngine {
result
}
/// 从 manifest 的 ref_plugin 字段构建跨插件实体映射
/// 返回: { "erp-crm.customer" → "plugin_erp_crm__customer", ... }
async fn build_cross_plugin_map(
manifest: &crate::manifest::PluginManifest,
db: &DatabaseConnection,
tenant_id: Uuid,
) -> HashMap<String, String> {
let mut map = HashMap::new();
let Some(schema) = &manifest.schema else { return map };
for entity in &schema.entities {
for field in &entity.fields {
if let (Some(target_plugin), Some(ref_entity)) = (&field.ref_plugin, &field.ref_entity) {
let key = format!("{}.{}", target_plugin, ref_entity);
// 从 plugin_entities 表查找目标表名
let table_name = crate::entity::plugin_entity::Entity::find()
.filter(crate::entity::plugin_entity::Column::ManifestId.eq(target_plugin.as_str()))
.filter(crate::entity::plugin_entity::Column::EntityName.eq(ref_entity.as_str()))
.filter(crate::entity::plugin_entity::Column::TenantId.eq(tenant_id))
.filter(crate::entity::plugin_entity::Column::DeletedAt.is_null())
.one(db)
.await
.ok()
.flatten()
.map(|e| e.table_name);
if let Some(tn) = table_name {
map.insert(key, tn);
}
}
}
}
map
}
/// 刷新 HostState 中的 pending_ops 到数据库。
///
/// 使用事务包裹所有数据库操作确保原子性。

2
crates/erp-plugin/src/entity/plugin_entity.rs
View File

@@ -11,6 +11,8 @@ pub struct Model {
pub entity_name: String,
pub table_name: String,
pub schema_json: serde_json::Value,
pub manifest_id: String,
pub is_public: bool,
pub created_at: DateTimeUtc,
pub updated_at: DateTimeUtc,
#[serde(skip_serializing_if = "Option::is_none")]

218
crates/erp-plugin/src/handler/data_handler.rs
View File

@@ -8,9 +8,10 @@ use erp_core::rbac::require_permission;
use erp_core::types::{ApiResponse, PaginatedResponse, TenantContext};
use crate::data_dto::{
AggregateItem, AggregateQueryParams, BatchActionReq, CountQueryParams, CreatePluginDataReq,
PatchPluginDataReq, PluginDataListParams, PluginDataResp, TimeseriesItem, TimeseriesParams,
UpdatePluginDataReq,
AggregateItem, AggregateMultiReq, AggregateMultiRow, AggregateQueryParams, BatchActionReq,
CountQueryParams, CreatePluginDataReq, PatchPluginDataReq, PluginDataListParams,
PluginDataResp, PublicEntityResp, ResolveLabelsReq, ResolveLabelsResp,
TimeseriesItem, TimeseriesParams, UpdatePluginDataReq,
};
use crate::data_service::{DataScopeParams, PluginDataService, resolve_manifest_id};
use crate::state::PluginState;
@@ -566,3 +567,214 @@ async fn check_entity_data_scope(
Ok(schema.data_scope.unwrap_or(false))
}
#[utoipa::path(
post,
path = "/api/v1/plugins/{plugin_id}/{entity}/aggregate-multi",
request_body = AggregateMultiReq,
responses(
(status = 200, description = "成功", body = ApiResponse<Vec<AggregateMultiRow>>),
),
security(("bearer_auth" = [])),
tag = "插件数据"
)]
/// POST /api/v1/plugins/{plugin_id}/{entity}/aggregate-multi — 多聚合查询
pub async fn aggregate_multi_plugin_data<S>(
State(state): State<PluginState>,
Extension(ctx): Extension<TenantContext>,
Path((plugin_id, entity)): Path<(Uuid, String)>,
Json(body): Json<AggregateMultiReq>,
) -> Result<Json<ApiResponse<Vec<AggregateMultiRow>>>, AppError>
where
PluginState: FromRef<S>,
S: Clone + Send + Sync + 'static,
{
let manifest_id = resolve_manifest_id(plugin_id, ctx.tenant_id, &state.db).await?;
let fine_perm = compute_permission_code(&manifest_id, &entity, "list");
require_permission(&ctx, &fine_perm)?;
let scope = resolve_data_scope(
&ctx, &manifest_id, &entity, &fine_perm, &state.db,
).await?;
let aggregations: Vec<(String, String)> = body.aggregations
.iter()
.map(|a| (a.func.clone(), a.field.clone()))
.collect();
let rows = PluginDataService::aggregate_multi(
plugin_id,
&entity,
ctx.tenant_id,
&state.db,
&body.group_by,
&aggregations,
body.filter,
scope,
)
.await?;
Ok(Json(ApiResponse::ok(rows)))
}
// ─── 跨插件引用:批量标签解析 ────────────────────────────────────────
/// 批量解析引用字段的显示标签
///
/// POST /api/v1/plugins/{plugin_id}/{entity}/resolve-labels
pub async fn resolve_ref_labels<S>(
Path((plugin_id, entity)): Path<(Uuid, String)>,
State(state): State<PluginState>,
Extension(ctx): Extension<TenantContext>,
Json(body): Json<ResolveLabelsReq>,
) -> Result<Json<ApiResponse<ResolveLabelsResp>>, AppError>
where
PluginState: FromRef<S>,
{
use sea_orm::{FromQueryResult, Statement};
use crate::data_service::{resolve_cross_plugin_entity, is_plugin_active};
use crate::manifest::PluginEntity;
let manifest_id = resolve_manifest_id(plugin_id, ctx.tenant_id, &state.db).await?;
let fine_perm = compute_permission_code(&manifest_id, &entity, "list");
require_permission(&ctx, &fine_perm)?;
// 获取当前实体的 schema
let entity_info = crate::data_service::resolve_entity_info_cached(
plugin_id, &entity, ctx.tenant_id, &state.db, &state.entity_cache,
).await?;
let entity_def: PluginEntity =
serde_json::from_value(entity_info.schema_json).map_err(|e|
AppError::Internal(format!("解析 entity schema 失败: {}", e))
)?;
let mut labels = serde_json::Map::<String, serde_json::Value>::new();
let mut meta = serde_json::Map::<String, serde_json::Value>::new();
for (field_name, uuids) in &body.fields {
// 查找字段定义
let field_def = entity_def.fields.iter().find(|f| &f.name == field_name);
let Some(field_def) = field_def else { continue };
let Some(ref_entity_name) = &field_def.ref_entity else { continue };
let target_plugin = field_def.ref_plugin.as_deref().unwrap_or(&manifest_id);
let label_field = field_def.ref_label_field.as_deref().unwrap_or("name");
let installed = is_plugin_active(target_plugin, ctx.tenant_id, &state.db).await;
// meta 信息
meta.insert(field_name.clone(), serde_json::json!({
"target_plugin": target_plugin,
"target_entity": ref_entity_name,
"label_field": label_field,
"plugin_installed": installed,
}));
if !installed {
// 目标插件未安装 → 所有 UUID 返回 null
let nulls: serde_json::Map<String, serde_json::Value> = uuids.iter()
.map(|u| (u.clone(), serde_json::Value::Null))
.collect();
labels.insert(field_name.clone(), serde_json::Value::Object(nulls));
continue;
}
// 解析目标表名
let target_table = if field_def.ref_plugin.is_some() {
match resolve_cross_plugin_entity(target_plugin, ref_entity_name, ctx.tenant_id, &state.db).await {
Ok(info) => info.table_name,
Err(_) => {
let nulls: serde_json::Map<String, serde_json::Value> = uuids.iter()
.map(|u| (u.clone(), serde_json::Value::Null))
.collect();
labels.insert(field_name.clone(), serde_json::Value::Object(nulls));
continue;
}
}
} else {
crate::dynamic_table::DynamicTableManager::table_name(target_plugin, ref_entity_name)
};
// 批量查询标签
let uuid_strs: Vec<String> = uuids.iter().filter_map(|u| Uuid::parse_str(u).ok()).map(|u| u.to_string()).collect();
if uuid_strs.is_empty() {
labels.insert(field_name.clone(), serde_json::json!({}));
continue;
}
// 构建 IN 子句参数
let placeholders: Vec<String> = (2..uuid_strs.len() + 2).map(|i| format!("${}", i)).collect();
let sql = format!(
"SELECT id::text, data->>'{}' as label FROM \"{}\" WHERE id IN ({}) AND tenant_id = $1 AND deleted_at IS NULL",
label_field, target_table, placeholders.join(", ")
);
let mut values: Vec<sea_orm::Value> = vec![ctx.tenant_id.into()];
for u in uuid_strs {
values.push(u.into());
}
#[derive(FromQueryResult)]
struct LabelRow { id: String, label: Option<String> }
let rows = LabelRow::find_by_statement(Statement::from_sql_and_values(
sea_orm::DatabaseBackend::Postgres,
sql,
values,
)).all(&state.db).await?;
let mut field_labels: serde_json::Map<String, serde_json::Value> = serde_json::Map::new();
// 初始化所有请求的 UUID 为 null
for u in uuids {
field_labels.insert(u.clone(), serde_json::Value::Null);
}
// 用查询结果填充
for row in rows {
field_labels.insert(row.id, serde_json::Value::String(row.label.unwrap_or_default()));
}
labels.insert(field_name.clone(), serde_json::Value::Object(field_labels));
}
Ok(Json(ApiResponse::ok(ResolveLabelsResp {
labels: serde_json::Value::Object(labels),
meta: serde_json::Value::Object(meta),
})))
}
// ─── 跨插件引用:实体注册表查询 ────────────────────────────────────────
/// 查询所有可跨插件引用的公开实体
///
/// GET /api/v1/plugin-registry/entities
pub async fn list_public_entities<S>(
State(state): State<PluginState>,
Extension(ctx): Extension<TenantContext>,
) -> Result<Json<ApiResponse<Vec<PublicEntityResp>>>, AppError>
where
PluginState: FromRef<S>,
{
use crate::entity::plugin_entity;
use sea_orm::{EntityTrait, QueryFilter, ColumnTrait};
let entities = plugin_entity::Entity::find()
.filter(plugin_entity::Column::TenantId.eq(ctx.tenant_id))
.filter(plugin_entity::Column::IsPublic.eq(true))
.filter(plugin_entity::Column::DeletedAt.is_null())
.all(&state.db)
.await?;
let result: Vec<PublicEntityResp> = entities.iter().map(|e| {
let display_name = e.schema_json.get("display_name")
.and_then(|v| v.as_str())
.unwrap_or(&e.entity_name)
.to_string();
PublicEntityResp {
manifest_id: e.manifest_id.clone(),
entity_name: e.entity_name.clone(),
display_name,
}
}).collect();
Ok(Json(ApiResponse::ok(result)))
}

144
crates/erp-plugin/src/host.rs
View File

@@ -1,9 +1,12 @@
use std::collections::HashMap;
use sea_orm::DatabaseConnection;
use uuid::Uuid;
use wasmtime::StoreLimits;
use crate::erp::plugin::host_api;
use crate::dynamic_table::DynamicTableManager;
use crate::engine::PluginEngine;
/// 待刷新的写操作
#[derive(Debug)]
@@ -31,10 +34,9 @@ pub enum PendingOp {
/// Host 端状态 — 绑定到每个 WASM Store 实例
///
/// 采用延迟执行模式:
/// - 读操作 (db_query, config_get, current_user) → 调用前预填充
/// - 写操作 (db_insert, db_update, db_delete, event_publish) → 入队 pending_ops
/// - WASM 调用结束后由 engine 刷新 pending_ops 执行真实 DB 操作
/// 支持两种执行模式
/// - **预填充模式**db = None读操作从预填充缓存取向后兼容
/// - **混合执行模式**db = Some读操作走实时 SQL + 写操作保持延迟批量
pub struct HostState {
pub(crate) limits: StoreLimits,
#[allow(dead_code)]
@@ -43,7 +45,7 @@ pub struct HostState {
pub(crate) user_id: Uuid,
pub(crate) permissions: Vec<String>,
pub(crate) plugin_id: String,
// 预填充的读取缓存
// 预填充的读取缓存(向后兼容)
pub(crate) query_results: HashMap<String, Vec<u8>>,
pub(crate) config_cache: HashMap<String, Vec<u8>>,
pub(crate) current_user_json: Vec<u8>,
@@ -51,6 +53,11 @@ pub struct HostState {
pub(crate) pending_ops: Vec<PendingOp>,
// 日志
pub(crate) logs: Vec<(String, String)>,
// 混合执行模式:数据库连接和事件总线
pub(crate) db: Option<DatabaseConnection>,
pub(crate) event_bus: Option<erp_core::events::EventBus>,
// 跨插件实体映射:"erp-crm.customer" → "plugin_erp_crm__customer"
pub(crate) cross_plugin_entities: HashMap<String, String>,
}
impl HostState {
@@ -75,8 +82,26 @@ impl HostState {
current_user_json: serde_json::to_vec(&current_user).unwrap_or_default(),
pending_ops: Vec::new(),
logs: Vec::new(),
db: None,
event_bus: None,
cross_plugin_entities: HashMap::new(),
}
}
/// 创建带数据库连接的 HostState混合执行模式
pub fn new_with_db(
plugin_id: String,
tenant_id: Uuid,
user_id: Uuid,
permissions: Vec<String>,
db: DatabaseConnection,
event_bus: erp_core::events::EventBus,
) -> Self {
let mut state = Self::new(plugin_id, tenant_id, user_id, permissions);
state.db = Some(db);
state.event_bus = Some(event_bus);
state
}
}
// 实现 bindgen 生成的 Host trait — 插件调用 Host API 的入口
@@ -99,13 +124,110 @@ impl host_api::Host for HostState {
fn db_query(
&mut self,
entity: String,
_filter: Vec<u8>,
_pagination: Vec<u8>,
filter: Vec<u8>,
pagination: Vec<u8>,
) -> Result<Vec<u8>, String> {
self.query_results
.get(&entity)
.cloned()
.ok_or_else(|| format!("实体 '{}' 的查询结果未预填充", entity))
// 预填充模式(向后兼容)
if self.db.is_none() {
return self.query_results
.get(&entity)
.cloned()
.ok_or_else(|| format!("实体 '{}' 的查询结果未预填充", entity));
}
let db = self.db.clone().unwrap();
let event_bus = self.event_bus.clone()
.ok_or("事件总线不可用")?;
// 先 flush pending writes确保读后写一致性
let ops = std::mem::take(&mut self.pending_ops);
if !ops.is_empty() {
let rt = tokio::runtime::Handle::current();
rt.block_on(PluginEngine::flush_ops(
&db,
&self.plugin_id,
ops,
self.tenant_id,
self.user_id,
&event_bus,
))
.map_err(|e| format!("flush pending ops 失败: {}", e))?;
}
// 解析 filter 和 pagination
let filter_val: Option<serde_json::Value> = if filter.is_empty() {
None
} else {
serde_json::from_slice(&filter).ok()
};
let pagination_val: Option<serde_json::Value> = if pagination.is_empty() {
None
} else {
serde_json::from_slice(&pagination).ok()
};
// 构建查询 — 支持点分记号跨插件查询(如 "erp-crm.customer"
let table_name = if entity.contains('.') {
self.cross_plugin_entities
.get(&entity)
.cloned()
.ok_or_else(|| format!("跨插件实体 '{}' 未注册", entity))?
} else {
DynamicTableManager::table_name(&self.plugin_id, &entity)
};
let limit = pagination_val
.as_ref()
.and_then(|p| p.get("limit"))
.and_then(|v| v.as_u64())
.unwrap_or(50);
let offset = pagination_val
.as_ref()
.and_then(|p| p.get("offset"))
.and_then(|v| v.as_u64())
.unwrap_or(0);
let (sql, values) = DynamicTableManager::build_filtered_query_sql(
&table_name,
self.tenant_id,
limit,
offset,
filter_val,
None,
None,
None,
)
.map_err(|e| format!("查询构建失败: {}", e))?;
// 执行查询
let rt = tokio::runtime::Handle::current();
let rows = rt.block_on(async {
use sea_orm::{FromQueryResult, Statement};
#[derive(Debug, FromQueryResult)]
struct QueryRow {
data: serde_json::Value,
}
let results = QueryRow::find_by_statement(Statement::from_sql_and_values(
sea_orm::DatabaseBackend::Postgres,
sql,
values,
))
.all(&db)
.await
.map_err(|e| format!("查询执行失败: {}", e))?;
let items: Vec<serde_json::Value> = results
.into_iter()
.map(|r| r.data)
.collect();
Ok::<Vec<serde_json::Value>, String>(items)
})
.map_err(|e: String| e)?;
serde_json::to_vec(&rows).map_err(|e| e.to_string())
}
fn db_update(

104
crates/erp-plugin/src/manifest.rs
View File

@@ -47,6 +47,8 @@ pub struct PluginEntity {
pub relations: Vec<PluginRelation>,
#[serde(default)]
pub data_scope: Option<bool>, // 是否启用行级数据权限
#[serde(default)]
pub is_public: Option<bool>, // 是否可被其他插件引用
}
/// 字段校验规则
@@ -87,6 +89,8 @@ pub struct PluginField {
pub no_cycle: Option<bool>, // 禁止循环引用
#[serde(default)]
pub scope_role: Option<String>, // 标记为数据权限的"所有者"字段
pub ref_plugin: Option<String>, // 跨插件引用的目标插件 manifest ID如 "erp-crm"
pub ref_fallback_label: Option<String>, // 目标插件未安装时的降级显示文本
}
/// 字段类型
@@ -158,6 +162,8 @@ impl PluginField {
validation: None,
no_cycle: None,
scope_role: None,
ref_plugin: None,
ref_fallback_label: None,
}
}
}
@@ -186,6 +192,12 @@ pub struct PluginRelation {
pub entity: String,
pub foreign_key: String,
pub on_delete: OnDeleteStrategy,
#[serde(default)]
pub name: Option<String>, // 关联名称UI 显示用)
#[serde(default, alias = "type")]
pub relation_type: Option<String>, // "one_to_many" | "many_to_one" | "many_to_many"
#[serde(default)]
pub display_field: Option<String>, // 关联记录的显示字段
}
/// 事件订阅配置
@@ -916,6 +928,98 @@ cascade_filter = "customer_id"
assert_eq!(contact_field.cascade_filter.as_deref(), Some("customer_id"));
}
#[test]
fn parse_field_with_cross_plugin_ref() {
let toml = r#"
[metadata]
id = "erp-inventory"
name = "进销存"
version = "0.2.0"
dependencies = ["erp-crm"]
[schema]
[[schema.entities]]
name = "sales_order"
display_name = "销售订单"
[[schema.entities.fields]]
name = "customer_id"
field_type = "uuid"
display_name = "客户"
ui_widget = "entity_select"
ref_plugin = "erp-crm"
ref_entity = "customer"
ref_label_field = "name"
ref_search_fields = ["name", "code"]
ref_fallback_label = "CRM 客户"
"#;
let manifest = parse_manifest(toml).unwrap();
let field = &manifest.schema.unwrap().entities[0].fields[0];
assert_eq!(field.ref_plugin.as_deref(), Some("erp-crm"));
assert_eq!(field.ref_entity.as_deref(), Some("customer"));
assert_eq!(field.ref_label_field.as_deref(), Some("name"));
assert_eq!(field.ref_fallback_label.as_deref(), Some("CRM 客户"));
assert_eq!(manifest.metadata.dependencies, vec!["erp-crm"]);
}
#[test]
fn parse_entity_with_is_public() {
let toml = r#"
[metadata]
id = "erp-crm"
name = "CRM"
version = "0.1.0"
[schema]
[[schema.entities]]
name = "customer"
display_name = "客户"
is_public = true
[[schema.entities]]
name = "internal_config"
display_name = "内部配置"
"#;
let manifest = parse_manifest(toml).unwrap();
let entities = &manifest.schema.unwrap().entities;
assert_eq!(entities[0].is_public, Some(true));
assert_eq!(entities[1].is_public, None);
}
#[test]
fn parse_relation_with_name_and_type() {
let toml = r#"
[metadata]
id = "test"
name = "Test"
version = "0.1.0"
[schema]
[[schema.entities]]
name = "customer"
display_name = "客户"
[[schema.entities.fields]]
name = "code"
field_type = "string"
display_name = "编码"
[[schema.entities.relations]]
entity = "contact"
foreign_key = "customer_id"
on_delete = "cascade"
name = "contacts"
type = "one_to_many"
display_field = "name"
"#;
let manifest = parse_manifest(toml).unwrap();
let relation = &manifest.schema.unwrap().entities[0].relations[0];
assert_eq!(relation.entity, "contact");
assert_eq!(relation.name.as_deref(), Some("contacts"));
assert_eq!(relation.relation_type.as_deref(), Some("one_to_many"));
assert_eq!(relation.display_field.as_deref(), Some("name"));
}
#[test]
fn parse_kanban_page() {
let toml = r#"

18
crates/erp-plugin/src/module.rs
View File

@@ -91,6 +91,10 @@ impl PluginModule {
"/plugins/{plugin_id}/{entity}/aggregate",
get(crate::handler::data_handler::aggregate_plugin_data::<S>),
)
.route(
"/plugins/{plugin_id}/{entity}/aggregate-multi",
post(crate::handler::data_handler::aggregate_multi_plugin_data::<S>),
)
// 批量操作路由
.route(
"/plugins/{plugin_id}/{entity}/batch",
@@ -100,8 +104,20 @@ impl PluginModule {
.route(
"/plugins/{plugin_id}/{entity}/timeseries",
get(crate::handler::data_handler::get_plugin_timeseries::<S>),
)
// 跨插件引用:批量标签解析
.route(
"/plugins/{plugin_id}/{entity}/resolve-labels",
post(crate::handler::data_handler::resolve_ref_labels::<S>),
);
admin_routes.merge(data_routes)
// 实体注册表路由
let registry_routes = Router::new()
.route(
"/plugin-registry/entities",
get(crate::handler::data_handler::list_public_entities::<S>),
);
admin_routes.merge(data_routes).merge(registry_routes)
}
}

4
crates/erp-server/migration/src/lib.rs
View File

@@ -37,6 +37,8 @@ mod m20260417_000034_seed_plugin_permissions;
mod m20260418_000035_pg_trgm_and_entity_columns;
mod m20260418_000036_add_data_scope_to_role_permissions;
mod m20260419_000037_create_user_departments;
mod m20260419_000038_fix_crm_permission_codes;
mod m20260419_000039_entity_registry_columns;
pub struct Migrator;
@@ -81,6 +83,8 @@ impl MigratorTrait for Migrator {
Box::new(m20260418_000035_pg_trgm_and_entity_columns::Migration),
Box::new(m20260418_000036_add_data_scope_to_role_permissions::Migration),
Box::new(m20260419_000037_create_user_departments::Migration),
Box::new(m20260419_000038_fix_crm_permission_codes::Migration),
Box::new(m20260419_000039_entity_registry_columns::Migration),
]
}
}

51
crates/erp-server/migration/src/m20260419_000039_entity_registry_columns.rs Normal file
View File

@@ -0,0 +1,51 @@
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
// plugin_entities 新增 manifest_id 列 — 避免跨插件查询时 JOIN plugins 表
manager
.get_connection()
.execute_unprepared(
r#"
ALTER TABLE plugin_entities
ADD COLUMN IF NOT EXISTS manifest_id TEXT NOT NULL DEFAULT '';
ALTER TABLE plugin_entities
ADD COLUMN IF NOT EXISTS is_public BOOLEAN NOT NULL DEFAULT false;
-- 回填 manifest_id从 plugins.manifest_json 提取 metadata.id
UPDATE plugin_entities pe
SET manifest_id = COALESCE(p.manifest_json->'metadata'->>'id', '')
FROM plugins p
WHERE pe.plugin_id = p.id AND pe.deleted_at IS NULL;
-- 跨插件实体查找索引
CREATE INDEX IF NOT EXISTS idx_plugin_entities_cross_ref
ON plugin_entities (manifest_id, entity_name, tenant_id)
WHERE deleted_at IS NULL;
"#,
)
.await?;
Ok(())
}
async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.get_connection()
.execute_unprepared(
r#"
DROP INDEX IF EXISTS idx_plugin_entities_cross_ref;
ALTER TABLE plugin_entities DROP COLUMN IF EXISTS is_public;
ALTER TABLE plugin_entities DROP COLUMN IF EXISTS manifest_id;
"#,
)
.await?;
Ok(())
}
}