fix: address Phase 1-2 audit findings

- CORS: replace permissive() with configurable whitelist (default.toml) - Auth store: synchronously restore state at creation to eliminate flash-of-login-page on refresh - MainLayout: menu highlight now tracks current route via useLocation - Add extractErrorMessage() utility to reduce repeated error parsing - Fix all clippy warnings across 4 crates (erp-auth, erp-config, erp-workflow, erp-message): remove unnecessary casts, use div_ceil, collapse nested ifs, reduce function arguments with DTOs
2026-04-11 12:36:34 +08:00
parent 5c899e6f4a
commit 3a05523d23
35 changed files with 283 additions and 187 deletions
--- a/crates/erp-auth/src/service/dept_service.rs
+++ b/crates/erp-auth/src/service/dept_service.rs
@@ -4,7 +4,7 @@ use chrono::Utc;
 use sea_orm::{ActiveModelTrait, ColumnTrait, EntityTrait, QueryFilter, Set};
 use uuid::Uuid;

-use crate::dto::{CreateDepartmentReq, DepartmentResp};
+use crate::dto::{CreateDepartmentReq, DepartmentResp, UpdateDepartmentReq};
 use crate::entity::department;
 use crate::entity::organization;
 use crate::error::{AuthError, AuthResult};
@@ -141,10 +141,7 @@ impl DeptService {
        id: Uuid,
        tenant_id: Uuid,
        operator_id: Uuid,
-        name: &Option<String>,
-        code: &Option<String>,
-        manager_id: &Option<Uuid>,
-        sort_order: &Option<i32>,
+        req: &UpdateDepartmentReq,
        db: &sea_orm::DatabaseConnection,
    ) -> AuthResult<DepartmentResp> {
        let model = department::Entity::find_by_id(id)
@@ -155,33 +152,33 @@ impl DeptService {
            .ok_or_else(|| AuthError::Validation("部门不存在".to_string()))?;

        // If code is being changed, check uniqueness
-        if let Some(new_code) = code {
-            if Some(new_code) != model.code.as_ref() {
-                let existing = department::Entity::find()
-                    .filter(department::Column::TenantId.eq(tenant_id))
-                    .filter(department::Column::Code.eq(new_code.as_str()))
-                    .filter(department::Column::DeletedAt.is_null())
-                    .one(db)
-                    .await
-                    .map_err(|e| AuthError::Validation(e.to_string()))?;
-                if existing.is_some() {
-                    return Err(AuthError::Validation("部门编码已存在".to_string()));
-                }
+        if let Some(new_code) = &req.code
+            && Some(new_code) != model.code.as_ref()
+        {
+            let existing = department::Entity::find()
+                .filter(department::Column::TenantId.eq(tenant_id))
+                .filter(department::Column::Code.eq(new_code.as_str()))
+                .filter(department::Column::DeletedAt.is_null())
+                .one(db)
+                .await
+                .map_err(|e| AuthError::Validation(e.to_string()))?;
+            if existing.is_some() {
+                return Err(AuthError::Validation("部门编码已存在".to_string()));
            }
        }

        let mut active: department::ActiveModel = model.into();

-        if let Some(n) = name {
+        if let Some(n) = &req.name {
            active.name = Set(n.clone());
        }
-        if let Some(c) = code {
+        if let Some(c) = &req.code {
            active.code = Set(Some(c.clone()));
        }
-        if let Some(mgr_id) = manager_id {
+        if let Some(mgr_id) = &req.manager_id {
            active.manager_id = Set(Some(*mgr_id));
        }
-        if let Some(so) = sort_order {
+        if let Some(so) = &req.sort_order {
            active.sort_order = Set(*so);
        }