fix(health): 患者摘要列表按 user_id 过滤

小程序 loadPatients() 现在只获取当前登录用户关联的患者，不再返回整个租户的所有患者。修复 wx_7141 上传数据写到错误 patient 记录下的问题。 - PatientListParams 增加 user_id 可选参数 - list_summaries 增加 user_id 过滤条件 - 小程序 getPatientSummaries 传入 userId - auth store loadPatients 传入当前 user.id
2026-06-05 10:51:17 +08:00
parent 76a89dc7de
commit 1982698b79
4 changed files with 21 additions and 5 deletions
--- a/apps/miniprogram/src/services/auth.ts
+++ b/apps/miniprogram/src/services/auth.ts
@@ -68,7 +68,9 @@ export interface PatientSummary {
 }

 /** 获取患者摘要列表（字段最小化，替代 getPatients） */
-export async function getPatientSummaries() {
-  const res = await api.get<PaginatedData<PatientSummary>>('/health/patients/summary');
+export async function getPatientSummaries(userId?: string) {
+  const params: Record<string, string> = {};
+  if (userId) params.user_id = userId;
+  const res = await api.get<PaginatedData<PatientSummary>>('/health/patients/summary', { params });
  return Array.isArray(res?.data) ? res.data : (Array.isArray(res) ? res : []);
 }
--- a/apps/miniprogram/src/stores/auth.ts
+++ b/apps/miniprogram/src/stores/auth.ts
@@ -249,7 +249,8 @@ export const useAuthStore = create<AuthState>((set, get) => ({

  loadPatients: async () => {
    try {
-      const summaries = await authApi.getPatientSummaries();
+      const userId = get().user?.id;
+      const summaries = await authApi.getPatientSummaries(userId);
      const patients: authApi.PatientInfo[] = summaries.map((p) => ({
        id: p.id,
        name: p.name,
--- a/crates/erp-health/src/handler/patient_handler.rs
+++ b/crates/erp-health/src/handler/patient_handler.rs
@@ -24,6 +24,9 @@ pub struct PatientListParams {
    pub page_size: Option<u64>,
    pub search: Option<String>,
    pub tag_id: Option<Uuid>,
+    /// Optional user_id filter — only return patients linked to this user.
+    /// Used by the mini-program to fetch only the logged-in user's own patients.
+    pub user_id: Option<Uuid>,
 }

 /// 分配医生请求
@@ -70,7 +73,9 @@ where
    require_permission(&ctx, "health.patient.list")?;
    let page = params.page.unwrap_or(1);
    let page_size = params.page_size.unwrap_or(20).min(100);
-    let result = patient_service::list_summaries(&state, ctx.tenant_id, page, page_size).await?;
+    let result =
+        patient_service::list_summaries(&state, ctx.tenant_id, page, page_size, params.user_id)
+            .await?;
    Ok(Json(ApiResponse::ok(result)))
 }

--- a/crates/erp-health/src/service/patient_service/crud.rs
+++ b/crates/erp-health/src/service/patient_service/crud.rs
@@ -552,19 +552,27 @@ pub async fn bind_by_phone(
 }

 /// 患者摘要列表 — 仅返回非敏感字段，供小程序切换/列表使用
+///
+/// When `user_id` is provided, only patients linked to that user are returned.
+/// This allows the mini-program to fetch only the logged-in user's own patients.
 pub async fn list_summaries(
    state: &HealthState,
    tenant_id: Uuid,
    page: u64,
    page_size: u64,
+    user_id: Option<Uuid>,
 ) -> HealthResult<PaginatedResponse<PatientSummary>> {
    let limit = page_size.min(100);
    let offset = page.saturating_sub(1) * limit;

-    let query = patient::Entity::find()
+    let mut query = patient::Entity::find()
        .filter(patient::Column::TenantId.eq(tenant_id))
        .filter(patient::Column::DeletedAt.is_null());

+    if let Some(uid) = user_id {
+        query = query.filter(patient::Column::UserId.eq(uid));
+    }
+
    let total = query.clone().count(&state.db).await?;

    let models = query