iven/hms
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth,plugin): Q3 行级数据权限 — user_departments 表 + JWT 注入 department_ids + data_scope 接线

Browse Source 
- 新增 user_departments 关联表(migration + entity)
- JWT 中间件查询用户部门并注入 TenantContext.department_ids
- role_permission entity 添加 data_scope 字段
- data_handler 接线行级数据权限过滤(list/count/aggregate)
- DataScopeParams + build_scope_sql + merge_scope_condition 实现全链路
This commit is contained in:
iven
2026-04-17 21:42:40 +08:00
parent 9d18b7e079
commit 62eea3d20d
11 changed files with 326 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
crates/erp-auth/src/service/role_service.rs
View File

@@ -311,6 +311,7 @@ impl RoleService {
role_id: Set(role_id),
permission_id: Set(*perm_id),
tenant_id: Set(tenant_id),
data_scope: Set("all".to_string()),
created_at: Set(now),
updated_at: Set(now),
created_by: Set(operator_id),

2
crates/erp-auth/src/service/seed.rs
View File

@@ -410,6 +410,7 @@ pub async fn seed_tenant_auth(
role_id: Set(admin_role_id),
permission_id: Set(*perm_id),
tenant_id: Set(tenant_id),
data_scope: Set("all".to_string()),
created_at: Set(now),
updated_at: Set(now),
created_by: Set(system_user_id),
@@ -450,6 +451,7 @@ pub async fn seed_tenant_auth(
role_id: Set(viewer_role_id),
permission_id: Set(perm_ids[*idx]),
tenant_id: Set(tenant_id),
data_scope: Set("all".to_string()),
created_at: Set(now),
updated_at: Set(now),
created_by: Set(system_user_id),