iven/hms
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(health): 修复审计发现的 10 个 CRITICAL 问题
Some checks failed
CI / rust-check (push) Has been cancelled
Details
CI / rust-test (push) Has been cancelled
Details
CI / frontend-build (push) Has been cancelled
Details
CI / security-audit (push) Has been cancelled
Details

Browse Source 
权限与安全:
- 为全部 51 个 handler 端点添加 require_permission 权限检查
- 修复 CAS 预约操作中 doctor_id 为 None 时使用 Uuid::nil() 的问题

状态机修复:
- 预约初始状态从 "scheduled" 改为 "pending"(匹配设计规格)
- 排班状态从 "active" 改为 "enabled"
- 咨询会话添加 waiting→active 自动触发(首条消息时)
- 新增 create_session 端点和 DTO

数据完整性:
- doctor_profile 表添加 name 列(entity + migration + service)
- lab_report/health_trend 的 json 列改为 json_binary(支持 GIN 索引)
- 添加关键索引:patient.id_number UNIQUE、patient_tag UNIQUE、
  doctor_schedule 唯一排班槽位、health_trend、doctor_profile.name
- 随访记录完成后自动检查 next_follow_up_date 创建后续任务

事件总线:
- 实现 10 种核心事件发布(patient/appointment/follow_up/consultation/lab_report)
- 实现 workflow.task.completed 和 message.sent 事件订阅框架

种子数据:
- 实现 seed_tenant_health(8 个默认患者标签)
- 实现 soft_delete_tenant_data(16 张表级联软删除)
This commit is contained in:
iven
2026-04-23 23:25:53 +08:00
parent d6678d001e
commit 2e9eb55f2c
18 changed files with 423 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
crates/erp-health/src/handler/doctor_handler.rs
View File

@@ -5,6 +5,7 @@ use utoipa::IntoParams;
use uuid::Uuid;
use erp_core::error::AppError;
use erp_core::rbac::require_permission;
use erp_core::types::{ApiResponse, PaginatedResponse, TenantContext};
use crate::dto::doctor_dto::*;
@@ -36,6 +37,7 @@ where
HealthState: FromRef<S>,
S: Clone + Send + Sync + 'static,
{
require_permission(&ctx, "health.doctor.list")?;
let page = params.page.unwrap_or(1);
let page_size = params.page_size.unwrap_or(20);
let result = doctor_service::list_doctors(
@@ -54,6 +56,7 @@ where
HealthState: FromRef<S>,
S: Clone + Send + Sync + 'static,
{
require_permission(&ctx, "health.doctor.manage")?;
let result = doctor_service::create_doctor(
&state, ctx.tenant_id, Some(ctx.user_id), req,
)
@@ -70,6 +73,7 @@ where
HealthState: FromRef<S>,
S: Clone + Send + Sync + 'static,
{
require_permission(&ctx, "health.doctor.list")?;
let result = doctor_service::get_doctor(&state, ctx.tenant_id, id).await?;
Ok(Json(ApiResponse::ok(result)))
}
@@ -84,6 +88,7 @@ where
HealthState: FromRef<S>,
S: Clone + Send + Sync + 'static,
{
require_permission(&ctx, "health.doctor.manage")?;
let result = doctor_service::update_doctor(
&state, ctx.tenant_id, id, Some(ctx.user_id), req.data, req.version,
)
@@ -100,6 +105,7 @@ where
HealthState: FromRef<S>,
S: Clone + Send + Sync + 'static,
{
require_permission(&ctx, "health.doctor.manage")?;
doctor_service::delete_doctor(&state, ctx.tenant_id, id, Some(ctx.user_id)).await?;
Ok(Json(ApiResponse::ok(())))
}