iven/erp - erp - 汕头市智界科技有限公司

iven/erp

Fork 0

Commit Graph

Author	SHA1	Message	Date
iven	0d7d3af0a8	fix(auth): standardize permission codes to dot notation and add missing permissions - Change all permission codes from colon (`:`) to dot (`.`) separator to match handler require_permission() calls consistently - Add missing user.list, role.list, permission.list, organization.list, department.list, position.list permissions (handlers check for .list but seeds only had :read) - Add missing message module permissions (message.list, message.send, message.template.list, message.template.create) - Add missing setting.delete, numbering.delete permissions - Fix workflow handlers: workflow: → workflow. - Fix message handlers: message: → message. - Update viewer role READ_PERM_INDICES for new permission list This fixes a critical runtime bug where ALL permission checks in erp-auth and erp-config handlers would return 403 Forbidden because the seed data used colon separators but handlers checked for dots.	2026-04-11 14:30:47 +08:00
iven	3a05523d23	fix: address Phase 1-2 audit findings - CORS: replace permissive() with configurable whitelist (default.toml) - Auth store: synchronously restore state at creation to eliminate flash-of-login-page on refresh - MainLayout: menu highlight now tracks current route via useLocation - Add extractErrorMessage() utility to reduce repeated error parsing - Fix all clippy warnings across 4 crates (erp-auth, erp-config, erp-workflow, erp-message): remove unnecessary casts, use div_ceil, collapse nested ifs, reduce function arguments with DTOs	2026-04-11 12:36:34 +08:00
iven	91ecaa3ed7	feat(workflow): add workflow engine module (Phase 4) Implement complete workflow engine with BPMN subset support: Backend (erp-workflow crate): - Token-driven execution engine with exclusive/parallel gateway support - BPMN parser with flow graph validation - Expression evaluator for conditional branching - Process definition CRUD with draft/publish lifecycle - Process instance management (start, suspend, terminate) - Task service (pending, complete, delegate) - PostgreSQL advisory locks for concurrent safety - 5 database tables: process_definitions, process_instances, tokens, tasks, process_variables - 13 API endpoints with RBAC protection - Timeout checker framework (placeholder) Frontend: - Workflow page with 4 tabs (definitions, pending, completed, monitor) - React Flow visual process designer (@xyflow/react) - Process viewer with active node highlighting - 3 API client modules for workflow endpoints - Sidebar menu integration	2026-04-11 09:54:02 +08:00

Author

SHA1

Message

Date

iven

0d7d3af0a8

fix(auth): standardize permission codes to dot notation and add missing permissions

- Change all permission codes from colon (`:`) to dot (`.`) separator
  to match handler require_permission() calls consistently
- Add missing user.list, role.list, permission.list, organization.list,
  department.list, position.list permissions (handlers check for .list
  but seeds only had :read)
- Add missing message module permissions (message.list, message.send,
  message.template.list, message.template.create)
- Add missing setting.delete, numbering.delete permissions
- Fix workflow handlers: workflow: → workflow.
- Fix message handlers: message: → message.
- Update viewer role READ_PERM_INDICES for new permission list

This fixes a critical runtime bug where ALL permission checks in
erp-auth and erp-config handlers would return 403 Forbidden because
the seed data used colon separators but handlers checked for dots.

2026-04-11 14:30:47 +08:00

iven

3a05523d23

fix: address Phase 1-2 audit findings

- CORS: replace permissive() with configurable whitelist (default.toml)
- Auth store: synchronously restore state at creation to eliminate
  flash-of-login-page on refresh
- MainLayout: menu highlight now tracks current route via useLocation
- Add extractErrorMessage() utility to reduce repeated error parsing
- Fix all clippy warnings across 4 crates (erp-auth, erp-config,
  erp-workflow, erp-message): remove unnecessary casts, use div_ceil,
  collapse nested ifs, reduce function arguments with DTOs

2026-04-11 12:36:34 +08:00

iven

91ecaa3ed7

feat(workflow): add workflow engine module (Phase 4)

Implement complete workflow engine with BPMN subset support:

Backend (erp-workflow crate):
- Token-driven execution engine with exclusive/parallel gateway support
- BPMN parser with flow graph validation
- Expression evaluator for conditional branching
- Process definition CRUD with draft/publish lifecycle
- Process instance management (start, suspend, terminate)
- Task service (pending, complete, delegate)
- PostgreSQL advisory locks for concurrent safety
- 5 database tables: process_definitions, process_instances,
  tokens, tasks, process_variables
- 13 API endpoints with RBAC protection
- Timeout checker framework (placeholder)

Frontend:
- Workflow page with 4 tabs (definitions, pending, completed, monitor)
- React Flow visual process designer (@xyflow/react)
- Process viewer with active node highlighting
- 3 API client modules for workflow endpoints
- Sidebar menu integration

2026-04-11 09:54:02 +08:00

3 Commits