fix(health): 修复审计发现的 10 个 CRITICAL 问题

权限与安全: - 为全部 51 个 handler 端点添加 require_permission 权限检查 - 修复 CAS 预约操作中 doctor_id 为 None 时使用 Uuid::nil() 的问题状态机修复: - 预约初始状态从 "scheduled" 改为 "pending"（匹配设计规格） - 排班状态从 "active" 改为 "enabled" - 咨询会话添加 waiting→active 自动触发（首条消息时） - 新增 create_session 端点和 DTO 数据完整性: - doctor_profile 表添加 name 列（entity + migration + service） - lab_report/health_trend 的 json 列改为 json_binary（支持 GIN 索引） - 添加关键索引：patient.id_number UNIQUE、patient_tag UNIQUE、 doctor_schedule 唯一排班槽位、health_trend、doctor_profile.name - 随访记录完成后自动检查 next_follow_up_date 创建后续任务事件总线: - 实现 10 种核心事件发布（patient/appointment/follow_up/consultation/lab_report） - 实现 workflow.task.completed 和 message.sent 事件订阅框架种子数据: - 实现 seed_tenant_health（8 个默认患者标签） - 实现 soft_delete_tenant_data（16 张表级联软删除）
2026-04-23 23:25:53 +08:00
parent d6678d001e
commit 2e9eb55f2c
18 changed files with 423 additions and 31 deletions
--- a/crates/erp-health/src/handler/appointment_handler.rs
+++ b/crates/erp-health/src/handler/appointment_handler.rs
@@ -5,6 +5,7 @@ use utoipa::IntoParams;
 use uuid::Uuid;

 use erp_core::error::AppError;
+use erp_core::rbac::require_permission;
 use erp_core::types::{ApiResponse, PaginatedResponse, TenantContext};

 use crate::dto::appointment_dto::*;
@@ -59,6 +60,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.appointment.list")?;
    let page = params.page.unwrap_or(1);
    let page_size = params.page_size.unwrap_or(20);
    let result = appointment_service::list_appointments(
@@ -78,6 +80,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.appointment.manage")?;
    let result = appointment_service::create_appointment(
        &state, ctx.tenant_id, Some(ctx.user_id), req,
    )
@@ -95,6 +98,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.appointment.manage")?;
    let update_req = UpdateAppointmentStatusReq {
        status: req.status,
        cancel_reason: req.cancel_reason,
@@ -115,6 +119,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.appointment.list")?;
    let page = params.page.unwrap_or(1);
    let page_size = params.page_size.unwrap_or(20);
    let result = appointment_service::list_schedules(
@@ -133,6 +138,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.appointment.manage")?;
    let result = appointment_service::create_schedule(
        &state, ctx.tenant_id, Some(ctx.user_id), req,
    )
@@ -150,6 +156,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.appointment.manage")?;
    let result = appointment_service::update_schedule(
        &state, ctx.tenant_id, id, Some(ctx.user_id), req.data, req.version,
    )
@@ -166,6 +173,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.appointment.list")?;
    let result = appointment_service::calendar_view(
        &state, ctx.tenant_id, params.start_date, params.end_date, params.doctor_id,
    )
--- a/crates/erp-health/src/handler/consultation_handler.rs
+++ b/crates/erp-health/src/handler/consultation_handler.rs
@@ -5,6 +5,7 @@ use utoipa::IntoParams;
 use uuid::Uuid;

 use erp_core::error::AppError;
+use erp_core::rbac::require_permission;
 use erp_core::types::{ApiResponse, PaginatedResponse, TenantContext};

 use crate::dto::consultation_dto::*;
@@ -47,6 +48,23 @@ pub struct ExportSessionsParams {
    pub doctor_id: Option<Uuid>,
 }

+pub async fn create_session<S>(
+    State(state): State<HealthState>,
+    Extension(ctx): Extension<TenantContext>,
+    Json(req): Json<CreateSessionReq>,
+) -> Result<Json<ApiResponse<SessionResp>>, AppError>
+where
+    HealthState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "health.consultation.manage")?;
+    let result = consultation_service::create_session(
+        &state, ctx.tenant_id, Some(ctx.user_id), req,
+    )
+    .await?;
+    Ok(Json(ApiResponse::ok(result)))
+}
+
 pub async fn list_sessions<S>(
    State(state): State<HealthState>,
    Extension(ctx): Extension<TenantContext>,
@@ -56,6 +74,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.consultation.list")?;
    let page = params.page.unwrap_or(1);
    let page_size = params.page_size.unwrap_or(20);
    let result = consultation_service::list_sessions(
@@ -76,6 +95,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.consultation.list")?;
    let page = params.page.unwrap_or(1);
    let page_size = params.page_size.unwrap_or(20);
    let result = consultation_service::list_messages(
@@ -95,6 +115,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.consultation.manage")?;
    let result = consultation_service::close_session(
        &state, ctx.tenant_id, id, Some(ctx.user_id), req.version,
    )
@@ -111,6 +132,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.consultation.manage")?;
    let msg_req = CreateMessageReq {
        session_id: req.session_id,
        sender_id: req.sender_id,
@@ -134,6 +156,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.consultation.list")?;
    let result = consultation_service::export_sessions(
        &state, ctx.tenant_id, params.status, params.patient_id, params.doctor_id,
    )
--- a/crates/erp-health/src/handler/doctor_handler.rs
+++ b/crates/erp-health/src/handler/doctor_handler.rs
@@ -5,6 +5,7 @@ use utoipa::IntoParams;
 use uuid::Uuid;

 use erp_core::error::AppError;
+use erp_core::rbac::require_permission;
 use erp_core::types::{ApiResponse, PaginatedResponse, TenantContext};

 use crate::dto::doctor_dto::*;
@@ -36,6 +37,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.doctor.list")?;
    let page = params.page.unwrap_or(1);
    let page_size = params.page_size.unwrap_or(20);
    let result = doctor_service::list_doctors(
@@ -54,6 +56,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.doctor.manage")?;
    let result = doctor_service::create_doctor(
        &state, ctx.tenant_id, Some(ctx.user_id), req,
    )
@@ -70,6 +73,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.doctor.list")?;
    let result = doctor_service::get_doctor(&state, ctx.tenant_id, id).await?;
    Ok(Json(ApiResponse::ok(result)))
 }
@@ -84,6 +88,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.doctor.manage")?;
    let result = doctor_service::update_doctor(
        &state, ctx.tenant_id, id, Some(ctx.user_id), req.data, req.version,
    )
@@ -100,6 +105,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.doctor.manage")?;
    doctor_service::delete_doctor(&state, ctx.tenant_id, id, Some(ctx.user_id)).await?;
    Ok(Json(ApiResponse::ok(())))
 }
--- a/crates/erp-health/src/handler/follow_up_handler.rs
+++ b/crates/erp-health/src/handler/follow_up_handler.rs
@@ -5,6 +5,7 @@ use utoipa::IntoParams;
 use uuid::Uuid;

 use erp_core::error::AppError;
+use erp_core::rbac::require_permission;
 use erp_core::types::{ApiResponse, PaginatedResponse, TenantContext};

 use crate::dto::follow_up_dto::*;
@@ -44,6 +45,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.follow-up.list")?;
    let page = params.page.unwrap_or(1);
    let page_size = params.page_size.unwrap_or(20);
    let result = follow_up_service::list_tasks(
@@ -63,6 +65,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.follow-up.manage")?;
    let result = follow_up_service::create_task(
        &state, ctx.tenant_id, Some(ctx.user_id), req,
    )
@@ -80,6 +83,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.follow-up.manage")?;
    let result = follow_up_service::update_task(
        &state, ctx.tenant_id, id, Some(ctx.user_id), req.data, req.version,
    )
@@ -96,6 +100,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.follow-up.manage")?;
    follow_up_service::delete_task(&state, ctx.tenant_id, id, Some(ctx.user_id)).await?;
    Ok(Json(ApiResponse::ok(())))
 }
@@ -109,6 +114,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.follow-up.manage")?;
    let result = follow_up_service::create_record(
        &state, ctx.tenant_id, Some(ctx.user_id), req,
    )
@@ -125,6 +131,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.follow-up.list")?;
    let page = params.page.unwrap_or(1);
    let page_size = params.page_size.unwrap_or(20);
    let result = follow_up_service::list_records(
--- a/crates/erp-health/src/handler/health_data_handler.rs
+++ b/crates/erp-health/src/handler/health_data_handler.rs
@@ -5,6 +5,7 @@ use utoipa::IntoParams;
 use uuid::Uuid;

 use erp_core::error::AppError;
+use erp_core::rbac::require_permission;
 use erp_core::types::{ApiResponse, PaginatedResponse, TenantContext};

 use crate::dto::health_data_dto::*;
@@ -53,6 +54,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.health-data.list")?;
    let page = params.page.unwrap_or(1);
    let page_size = params.page_size.unwrap_or(20);
    let result = health_data_service::list_vital_signs(
@@ -72,6 +74,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.health-data.manage")?;
    let result = health_data_service::create_vital_signs(
        &state, ctx.tenant_id, patient_id, Some(ctx.user_id), req,
    )
@@ -89,6 +92,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.health-data.manage")?;
    let result = health_data_service::update_vital_signs(
        &state, ctx.tenant_id, patient_id, vid, Some(ctx.user_id), req.data, req.version,
    )
@@ -105,6 +109,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.health-data.manage")?;
    health_data_service::delete_vital_signs(&state, ctx.tenant_id, vid, Some(ctx.user_id)).await?;
    Ok(Json(ApiResponse::ok(())))
 }
@@ -123,6 +128,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.health-data.list")?;
    let page = params.page.unwrap_or(1);
    let page_size = params.page_size.unwrap_or(20);
    let result = health_data_service::list_lab_reports(
@@ -142,6 +148,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.health-data.manage")?;
    let result = health_data_service::create_lab_report(
        &state, ctx.tenant_id, patient_id, Some(ctx.user_id), req,
    )
@@ -159,6 +166,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.health-data.manage")?;
    let result = health_data_service::update_lab_report(
        &state, ctx.tenant_id, rid, Some(ctx.user_id), req.data, req.version,
    )
@@ -175,6 +183,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.health-data.manage")?;
    health_data_service::delete_lab_report(&state, ctx.tenant_id, rid, Some(ctx.user_id)).await?;
    Ok(Json(ApiResponse::ok(())))
 }
@@ -193,6 +202,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.health-data.list")?;
    let page = params.page.unwrap_or(1);
    let page_size = params.page_size.unwrap_or(20);
    let result = health_data_service::list_health_records(
@@ -212,6 +222,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.health-data.manage")?;
    let result = health_data_service::create_health_record(
        &state, ctx.tenant_id, patient_id, Some(ctx.user_id), req,
    )
@@ -229,6 +240,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.health-data.manage")?;
    let result = health_data_service::update_health_record(
        &state, ctx.tenant_id, rid, Some(ctx.user_id), req.data, req.version,
    )
@@ -245,6 +257,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.health-data.manage")?;
    health_data_service::delete_health_record(&state, ctx.tenant_id, rid, Some(ctx.user_id)).await?;
    Ok(Json(ApiResponse::ok(())))
 }
@@ -263,6 +276,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.health-data.list")?;
    let page = params.page.unwrap_or(1);
    let page_size = params.page_size.unwrap_or(20);
    let result = health_data_service::list_trends(
@@ -282,6 +296,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.health-data.manage")?;
    let result = health_data_service::generate_trend(
        &state, ctx.tenant_id, patient_id, Some(ctx.user_id), req.period_start, req.period_end,
    )
@@ -299,6 +314,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.health-data.list")?;
    let result = health_data_service::get_indicator_timeseries(
        &state, ctx.tenant_id, patient_id, indicator, params.start_date, params.end_date,
    )
--- a/crates/erp-health/src/handler/patient_handler.rs
+++ b/crates/erp-health/src/handler/patient_handler.rs
@@ -5,6 +5,7 @@ use utoipa::IntoParams;
 use uuid::Uuid;

 use erp_core::error::AppError;
+use erp_core::rbac::require_permission;
 use erp_core::types::{ApiResponse, PaginatedResponse, TenantContext};

 use crate::dto::patient_dto::{
@@ -38,6 +39,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.patient.list")?;
    let page = params.page.unwrap_or(1);
    let page_size = params.page_size.unwrap_or(20);
    let result = patient_service::list_patients(
@@ -56,6 +58,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.patient.manage")?;
    let result = patient_service::create_patient(
        &state, ctx.tenant_id, Some(ctx.user_id), req,
    )
@@ -72,6 +75,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.patient.list")?;
    let result = patient_service::get_patient(&state, ctx.tenant_id, id).await?;
    Ok(Json(ApiResponse::ok(result)))
 }
@@ -86,6 +90,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.patient.manage")?;
    let version = req.version;
    let update = UpdatePatientReq {
        name: req.name,
@@ -116,6 +121,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.patient.manage")?;
    patient_service::delete_patient(&state, ctx.tenant_id, id, Some(ctx.user_id)).await?;
    Ok(Json(ApiResponse::ok(())))
 }
@@ -130,6 +136,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.patient.manage")?;
    patient_service::manage_patient_tags(&state, ctx.tenant_id, id, req, Some(ctx.user_id)).await?;
    Ok(Json(ApiResponse::ok(())))
 }
@@ -143,6 +150,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.patient.list")?;
    let result = patient_service::get_health_summary(&state, ctx.tenant_id, id).await?;
    Ok(Json(ApiResponse::ok(result)))
 }
@@ -156,6 +164,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.patient.list")?;
    let result = patient_service::list_family_members(&state, ctx.tenant_id, id).await?;
    Ok(Json(ApiResponse::ok(result)))
 }
@@ -170,6 +179,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.patient.manage")?;
    let result = patient_service::create_family_member(
        &state, ctx.tenant_id, id, Some(ctx.user_id), req,
    )
@@ -187,6 +197,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.patient.manage")?;
    let version = req.version;
    let update = FamilyMemberReq {
        name: req.name,
@@ -211,6 +222,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.patient.manage")?;
    patient_service::delete_family_member(
        &state, ctx.tenant_id, patient_id, member_id, Some(ctx.user_id),
    )
@@ -228,6 +240,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.patient.manage")?;
    patient_service::assign_doctor(
        &state,
        ctx.tenant_id,
@@ -249,6 +262,7 @@ where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.patient.manage")?;
    patient_service::remove_doctor(&state, ctx.tenant_id, patient_id, doctor_id).await?;
    Ok(Json(ApiResponse::ok(())))
 }