use axum::Extension; use axum::extract::{FromRef, Path, Query, State}; use axum::response::Json; use serde::Deserialize; use validator::Validate; use erp_core::error::AppError; use erp_core::types::{ApiResponse, PaginatedResponse, Pagination, TenantContext}; use uuid::Uuid; use crate::auth_state::AuthState; use crate::dto::{CreateUserReq, UpdateUserReq, UserResp}; use erp_core::rbac::require_permission; use crate::service::user_service::UserService; /// Query parameters for user list endpoint. #[derive(Debug, Deserialize)] pub struct UserListParams { pub page: Option, pub page_size: Option, /// Optional search term — filters by username (case-insensitive contains). pub search: Option, } /// GET /api/v1/users /// /// List users within the current tenant with pagination and optional search. /// Requires the `user.list` permission. pub async fn list_users( State(state): State, Extension(ctx): Extension, Query(params): Query, ) -> Result>>, AppError> where AuthState: FromRef, S: Clone + Send + Sync + 'static, { require_permission(&ctx, "user.list")?; let pagination = Pagination { page: params.page, page_size: params.page_size, }; let (users, total) = UserService::list(ctx.tenant_id, &pagination, params.search.as_deref(), &state.db) .await?; let page = pagination.page.unwrap_or(1); let page_size = pagination.limit(); let total_pages = total.div_ceil(page_size); Ok(Json(ApiResponse::ok(PaginatedResponse { data: users, total, page, page_size, total_pages, }))) } /// POST /api/v1/users /// /// Create a new user within the current tenant. /// Requires the `user.create` permission. pub async fn create_user( State(state): State, Extension(ctx): Extension, Json(req): Json, ) -> Result>, AppError> where AuthState: FromRef, S: Clone + Send + Sync + 'static, { require_permission(&ctx, "user.create")?; req.validate() .map_err(|e| AppError::Validation(e.to_string()))?; let user = UserService::create( ctx.tenant_id, ctx.user_id, &req, &state.db, &state.event_bus, ) .await?; Ok(Json(ApiResponse::ok(user))) } /// GET /api/v1/users/:id /// /// Fetch a single user by ID within the current tenant. /// Requires the `user.read` permission. pub async fn get_user( State(state): State, Extension(ctx): Extension, Path(id): Path, ) -> Result>, AppError> where AuthState: FromRef, S: Clone + Send + Sync + 'static, { require_permission(&ctx, "user.read")?; let user = UserService::get_by_id(id, ctx.tenant_id, &state.db).await?; Ok(Json(ApiResponse::ok(user))) } /// PUT /api/v1/users/:id /// /// Update editable user fields. /// Requires the `user.update` permission. pub async fn update_user( State(state): State, Extension(ctx): Extension, Path(id): Path, Json(req): Json, ) -> Result>, AppError> where AuthState: FromRef, S: Clone + Send + Sync + 'static, { require_permission(&ctx, "user.update")?; let user = UserService::update(id, ctx.tenant_id, ctx.user_id, &req, &state.db).await?; Ok(Json(ApiResponse::ok(user))) } /// DELETE /api/v1/users/:id /// /// Soft-delete a user by ID within the current tenant. /// Requires the `user.delete` permission. pub async fn delete_user( State(state): State, Extension(ctx): Extension, Path(id): Path, ) -> Result>, AppError> where AuthState: FromRef, S: Clone + Send + Sync + 'static, { require_permission(&ctx, "user.delete")?; UserService::delete(id, ctx.tenant_id, ctx.user_id, &state.db, &state.event_bus).await?; Ok(Json(ApiResponse { success: true, data: None, message: Some("用户已删除".to_string()), })) }