274 lines
7.7 KiB
Rust
274 lines
7.7 KiB
Rust
use axum::Extension;
|
|
use axum::extract::{FromRef, Path, Query, State};
|
|
use axum::response::Json;
|
|
use serde::{Deserialize, Serialize};
|
|
use utoipa::{IntoParams, ToSchema};
|
|
use validator::Validate;
|
|
|
|
use erp_core::error::AppError;
|
|
use erp_core::types::{ApiResponse, PaginatedResponse, Pagination, TenantContext};
|
|
use uuid::Uuid;
|
|
|
|
use crate::auth_state::AuthState;
|
|
use crate::dto::{CreateUserReq, RoleResp, UpdateUserReq, UserResp};
|
|
use crate::service::user_service::UserService;
|
|
use erp_core::rbac::require_permission;
|
|
|
|
/// Query parameters for user list endpoint.
|
|
#[derive(Debug, Deserialize, IntoParams)]
|
|
pub struct UserListParams {
|
|
pub page: Option<u64>,
|
|
pub page_size: Option<u64>,
|
|
/// Optional search term — filters by username (case-insensitive contains).
|
|
pub search: Option<String>,
|
|
}
|
|
|
|
#[utoipa::path(
|
|
get,
|
|
path = "/api/v1/users",
|
|
params(UserListParams),
|
|
responses(
|
|
(status = 200, description = "成功", body = ApiResponse<PaginatedResponse<UserResp>>),
|
|
(status = 401, description = "未授权"),
|
|
(status = 403, description = "权限不足"),
|
|
),
|
|
security(("bearer_auth" = [])),
|
|
tag = "用户管理"
|
|
)]
|
|
/// GET /api/v1/users
|
|
///
|
|
/// List users within the current tenant with pagination and optional search.
|
|
/// Requires the `user.list` permission.
|
|
pub async fn list_users<S>(
|
|
State(state): State<AuthState>,
|
|
Extension(ctx): Extension<TenantContext>,
|
|
Query(params): Query<UserListParams>,
|
|
) -> Result<Json<ApiResponse<PaginatedResponse<UserResp>>>, AppError>
|
|
where
|
|
AuthState: FromRef<S>,
|
|
S: Clone + Send + Sync + 'static,
|
|
{
|
|
require_permission(&ctx, "user.list")?;
|
|
|
|
let pagination = Pagination {
|
|
page: params.page,
|
|
page_size: params.page_size,
|
|
};
|
|
let (users, total) = UserService::list(
|
|
ctx.tenant_id,
|
|
&pagination,
|
|
params.search.as_deref(),
|
|
&state.db,
|
|
)
|
|
.await?;
|
|
|
|
let page = pagination.page.unwrap_or(1);
|
|
let page_size = pagination.limit();
|
|
let total_pages = total.div_ceil(page_size);
|
|
|
|
Ok(Json(ApiResponse::ok(PaginatedResponse {
|
|
data: users,
|
|
total,
|
|
page,
|
|
page_size,
|
|
total_pages,
|
|
})))
|
|
}
|
|
|
|
#[utoipa::path(
|
|
post,
|
|
path = "/api/v1/users",
|
|
request_body = CreateUserReq,
|
|
responses(
|
|
(status = 200, description = "创建成功", body = ApiResponse<UserResp>),
|
|
(status = 401, description = "未授权"),
|
|
(status = 403, description = "权限不足"),
|
|
),
|
|
security(("bearer_auth" = [])),
|
|
tag = "用户管理"
|
|
)]
|
|
/// POST /api/v1/users
|
|
///
|
|
/// Create a new user within the current tenant.
|
|
/// Requires the `user.create` permission.
|
|
pub async fn create_user<S>(
|
|
State(state): State<AuthState>,
|
|
Extension(ctx): Extension<TenantContext>,
|
|
Json(mut req): Json<CreateUserReq>,
|
|
) -> Result<Json<ApiResponse<UserResp>>, AppError>
|
|
where
|
|
AuthState: FromRef<S>,
|
|
S: Clone + Send + Sync + 'static,
|
|
{
|
|
require_permission(&ctx, "user.create")?;
|
|
|
|
req.validate()
|
|
.map_err(|e| AppError::Validation(e.to_string()))?;
|
|
|
|
req.sanitize();
|
|
|
|
let user = UserService::create(
|
|
ctx.tenant_id,
|
|
ctx.user_id,
|
|
&req,
|
|
&state.db,
|
|
&state.event_bus,
|
|
)
|
|
.await?;
|
|
|
|
Ok(Json(ApiResponse::ok(user)))
|
|
}
|
|
|
|
#[utoipa::path(
|
|
get,
|
|
path = "/api/v1/users/{id}",
|
|
params(("id" = Uuid, Path, description = "用户ID")),
|
|
responses(
|
|
(status = 200, description = "成功", body = ApiResponse<UserResp>),
|
|
(status = 401, description = "未授权"),
|
|
(status = 403, description = "权限不足"),
|
|
(status = 404, description = "用户不存在"),
|
|
),
|
|
security(("bearer_auth" = [])),
|
|
tag = "用户管理"
|
|
)]
|
|
/// GET /api/v1/users/:id
|
|
///
|
|
/// Fetch a single user by ID within the current tenant.
|
|
/// Requires the `user.read` permission.
|
|
pub async fn get_user<S>(
|
|
State(state): State<AuthState>,
|
|
Extension(ctx): Extension<TenantContext>,
|
|
Path(id): Path<Uuid>,
|
|
) -> Result<Json<ApiResponse<UserResp>>, AppError>
|
|
where
|
|
AuthState: FromRef<S>,
|
|
S: Clone + Send + Sync + 'static,
|
|
{
|
|
require_permission(&ctx, "user.read")?;
|
|
|
|
let user = UserService::get_by_id(id, ctx.tenant_id, &state.db).await?;
|
|
Ok(Json(ApiResponse::ok(user)))
|
|
}
|
|
|
|
#[utoipa::path(
|
|
put,
|
|
path = "/api/v1/users/{id}",
|
|
params(("id" = Uuid, Path, description = "用户ID")),
|
|
request_body = UpdateUserReq,
|
|
responses(
|
|
(status = 200, description = "更新成功", body = ApiResponse<UserResp>),
|
|
(status = 401, description = "未授权"),
|
|
(status = 403, description = "权限不足"),
|
|
(status = 404, description = "用户不存在"),
|
|
),
|
|
security(("bearer_auth" = [])),
|
|
tag = "用户管理"
|
|
)]
|
|
/// PUT /api/v1/users/:id
|
|
///
|
|
/// Update editable user fields.
|
|
/// Requires the `user.update` permission.
|
|
pub async fn update_user<S>(
|
|
State(state): State<AuthState>,
|
|
Extension(ctx): Extension<TenantContext>,
|
|
Path(id): Path<Uuid>,
|
|
Json(mut req): Json<UpdateUserReq>,
|
|
) -> Result<Json<ApiResponse<UserResp>>, AppError>
|
|
where
|
|
AuthState: FromRef<S>,
|
|
S: Clone + Send + Sync + 'static,
|
|
{
|
|
require_permission(&ctx, "user.update")?;
|
|
|
|
req.sanitize();
|
|
|
|
let user = UserService::update(id, ctx.tenant_id, ctx.user_id, &req, &state.db).await?;
|
|
Ok(Json(ApiResponse::ok(user)))
|
|
}
|
|
|
|
#[utoipa::path(
|
|
delete,
|
|
path = "/api/v1/users/{id}",
|
|
params(("id" = Uuid, Path, description = "用户ID")),
|
|
responses(
|
|
(status = 200, description = "用户已删除"),
|
|
(status = 401, description = "未授权"),
|
|
(status = 403, description = "权限不足"),
|
|
(status = 404, description = "用户不存在"),
|
|
),
|
|
security(("bearer_auth" = [])),
|
|
tag = "用户管理"
|
|
)]
|
|
/// DELETE /api/v1/users/:id
|
|
///
|
|
/// Soft-delete a user by ID within the current tenant.
|
|
/// Requires the `user.delete` permission.
|
|
pub async fn delete_user<S>(
|
|
State(state): State<AuthState>,
|
|
Extension(ctx): Extension<TenantContext>,
|
|
Path(id): Path<Uuid>,
|
|
) -> Result<Json<ApiResponse<()>>, AppError>
|
|
where
|
|
AuthState: FromRef<S>,
|
|
S: Clone + Send + Sync + 'static,
|
|
{
|
|
require_permission(&ctx, "user.delete")?;
|
|
|
|
UserService::delete(id, ctx.tenant_id, ctx.user_id, &state.db, &state.event_bus).await?;
|
|
|
|
Ok(Json(ApiResponse {
|
|
success: true,
|
|
data: None,
|
|
message: Some("用户已删除".to_string()),
|
|
}))
|
|
}
|
|
|
|
/// Assign roles request body.
|
|
#[derive(Debug, Deserialize, ToSchema)]
|
|
pub struct AssignRolesReq {
|
|
pub role_ids: Vec<Uuid>,
|
|
}
|
|
|
|
/// Assign roles response.
|
|
#[derive(Debug, Serialize, ToSchema)]
|
|
pub struct AssignRolesResp {
|
|
pub roles: Vec<RoleResp>,
|
|
}
|
|
|
|
#[utoipa::path(
|
|
post,
|
|
path = "/api/v1/users/{id}/roles",
|
|
params(("id" = Uuid, Path, description = "用户ID")),
|
|
request_body = AssignRolesReq,
|
|
responses(
|
|
(status = 200, description = "角色分配成功", body = ApiResponse<AssignRolesResp>),
|
|
(status = 401, description = "未授权"),
|
|
(status = 403, description = "权限不足"),
|
|
(status = 404, description = "用户不存在"),
|
|
),
|
|
security(("bearer_auth" = [])),
|
|
tag = "用户管理"
|
|
)]
|
|
/// POST /api/v1/users/:id/roles
|
|
///
|
|
/// Replace all role assignments for a user within the current tenant.
|
|
/// Requires the `user.update` permission.
|
|
pub async fn assign_roles<S>(
|
|
State(state): State<AuthState>,
|
|
Extension(ctx): Extension<TenantContext>,
|
|
Path(id): Path<Uuid>,
|
|
Json(req): Json<AssignRolesReq>,
|
|
) -> Result<Json<ApiResponse<AssignRolesResp>>, AppError>
|
|
where
|
|
AuthState: FromRef<S>,
|
|
S: Clone + Send + Sync + 'static,
|
|
{
|
|
require_permission(&ctx, "user.update")?;
|
|
|
|
let roles =
|
|
UserService::assign_roles(id, ctx.tenant_id, ctx.user_id, &req.role_ids, &state.db).await?;
|
|
|
|
Ok(Json(ApiResponse::ok(AssignRolesResp { roles })))
|
|
}
|