fix: 修复测试发现的 7 个问题 + 全 workspace clippy 清零
功能修复: 1. 患者创建空名称验证:后端添加 name.trim().is_empty() 检查 2. 仪表盘统计容错:单个查询失败返回零值而非 500 3. FHIR 路由修复:从 /fhir 移到 /api/v1/fhir 保持一致 4. 冻结模块后端中间件:新增 frozen_module_middleware 拦截冻结路径 5. 积分端点权限码:health.health-data.list → health.points.list 6. 角色权限迁移:护士补充 devices.list,运营补充 points.list/manage 7. 测试结果文档:R01-R05 角色测试 + T00/T10 结果归档 Clippy 全 workspace 清零(14→0 errors): - erp-core: 修复 empty doc line、collapsible if、redundant closure 等 9 处 - erp-health: 修复 too_many_arguments、unused var、unnecessary parens 等 58 处 - erp-ai: 修复 dead_code、unused import 等 11 处 - erp-plugin: 修复 too_many_arguments、wildcard pattern 等 11 处 - erp-server-migration: 修复 enum_variant_names 5 处 - erp-auth/config/workflow/message: 各 1-3 处 工程改进: - lint-staged 配置迁移到 .lintstagedrc.js(函数式避免文件列表传给 clippy) - cargo fmt 统一格式化
This commit is contained in:
iven
107
docs/qa/role-test-results/R02-R05-api-results.md
Normal file
107
docs/qa/role-test-results/R02-R05-api-results.md
Normal file
@@ -0,0 +1,107 @@
|
||||
# R02-R05 角色权限测试结果
|
||||
|
||||
> 测试人: AI 辅助 | 测试日期: 2026-05-07 | 方法: 浏览器 UI + API 状态码验证
|
||||
|
||||
## R02 Doctor(医生)
|
||||
|
||||
### 浏览器验证
|
||||
|
||||
| # | 测试项 | 结果 | 说明 |
|
||||
|---|--------|------|------|
|
||||
| 1.1 | 登录 | ✅ | doctor_test / Admin@2026 成功 |
|
||||
| 1.2 | 医生仪表盘 | ✅ | 专属仪表盘:AI建议待审1/本月咨询3/今日预约0/危急值0,有今日日程/重点关注/快捷操作 |
|
||||
| 1.3 | 菜单数量 | ✅ | 比 admin 少(无用户管理/权限/组织架构/系统管理/设备/BLE/实时监控/OAuth),符合角色 |
|
||||
| 1.4 | 患者管理 | ✅ | 56条记录,新建/编辑/删除按钮可用 |
|
||||
| 9.1 | /users 权限边界 | ✅ | 显示"权限不足"页面,正确拦截 |
|
||||
|
||||
## R03 Nurse(护士)— API 验证
|
||||
|
||||
| # | 端点 | 预期 | 实际 | 结果 |
|
||||
|---|------|------|------|------|
|
||||
| 1 | GET /health/follow-up-tasks | 200 | 200 | ✅ |
|
||||
| 2 | GET /health/patients | 200 | 200 | ✅ |
|
||||
| 3 | GET /health/consultation-sessions | 200 | 200 | ✅ |
|
||||
| 4 | GET /health/action-inbox | 200 | 200 | ✅ |
|
||||
| 5 | GET /health/alerts | 200 | 200 | ✅ |
|
||||
| 6 | GET /users | 403 | 403 | ✅ |
|
||||
| 7 | GET /health/articles | 403 | 403 | ✅ |
|
||||
| 8 | GET /health/alert-rules | 403 | 403 | ✅ |
|
||||
| 9 | GET /health/doctors | 403 | 403 | ✅ |
|
||||
| 10 | GET /ai/analysis/history | 403 | 403 | ✅ |
|
||||
| 11 | GET /health/devices | 200 | **403** | ❌ |
|
||||
|
||||
**通过率: 10/11 (90.9%)**
|
||||
|
||||
## R04 Health Manager(健康管理师)— API 验证
|
||||
|
||||
| # | 端点 | 预期 | 实际 | 结果 |
|
||||
|---|------|------|------|------|
|
||||
| 1 | GET /health/follow-up-tasks | 200 | 200 | ✅ |
|
||||
| 2 | GET /health/alert-rules | 200 | 200 | ✅ |
|
||||
| 3 | GET /ai/analysis/history | 200 | 200 | ✅ |
|
||||
| 4 | GET /health/patients | 200 | 200 | ✅ |
|
||||
| 5 | GET /health/alerts | 200 | 200 | ✅ |
|
||||
| 6 | GET /health/admin/statistics/dashboard | 200 | **500** | ❌ |
|
||||
| 7 | GET /workflow/definitions | 200 | 200 | ✅ |
|
||||
| 8 | GET /users | 403 | 403 | ✅ |
|
||||
| 9 | GET /health/articles | 403 | 403 | ✅ |
|
||||
| 10 | GET /health/admin/points/products | 403 | 403 | ✅ |
|
||||
|
||||
**通过率: 9/10 (90.0%)**
|
||||
|
||||
## R05 Operator(运营人员)— API 验证
|
||||
|
||||
| # | 端点 | 预期 | 实际 | 结果 |
|
||||
|---|------|------|------|------|
|
||||
| 1 | GET /health/articles | 200 | 200 | ✅ |
|
||||
| 2 | GET /health/article-tags | 200 | 200 | ✅ |
|
||||
| 3 | GET /health/article-categories | 200 | 200 | ✅ |
|
||||
| 4 | GET /health/admin/points/products | 200 | 200 | ✅ |
|
||||
| 5 | GET /health/points/products | 200 | **403** | ❌ |
|
||||
| 6 | GET /health/offline-events | 200 | **403** | ❌ |
|
||||
| 7 | GET /users | 403 | 403 | ✅ |
|
||||
| 8 | GET /health/doctors | 403 | 403 | ✅ |
|
||||
| 9 | GET /health/follow-up-tasks | 403 | 403 | ✅ |
|
||||
| 10 | GET /health/patients | 403 | **200** | ❌ |
|
||||
| 11 | GET /health/alert-rules | 403 | 403 | ✅ |
|
||||
|
||||
**通过率: 8/11 (72.7%)**
|
||||
|
||||
## 总体汇总
|
||||
|
||||
| 角色 | 测试项 | 通过 | 失败 | 通过率 |
|
||||
|------|--------|------|------|--------|
|
||||
| R02 Doctor | 5 | 5 | 0 | 100% |
|
||||
| R03 Nurse | 11 | 10 | 1 | 90.9% |
|
||||
| R04 Health Manager | 10 | 9 | 1 | 90.0% |
|
||||
| R05 Operator | 11 | 8 | 3 | 72.7% |
|
||||
| **总计** | **37** | **32** | **5** | **86.5%** |
|
||||
|
||||
## 问题清单
|
||||
|
||||
### BUG-R02: 健康管理师仪表盘 500 错误(HIGH)
|
||||
- **端点**: GET /health/admin/statistics/dashboard
|
||||
- **现象**: 返回 500 内部错误
|
||||
- **根因**: 后端统计查询存在未捕获异常,非权限问题
|
||||
- **影响**: 健康管理师角色仪表盘无法正常加载统计数据
|
||||
|
||||
### BUG-R03: 护士缺少设备列表权限(MEDIUM)
|
||||
- **端点**: GET /health/devices → 403
|
||||
- **根因**: 护士有 `health.device-readings.list`(设备读数)但缺少 `health.devices.list`(设备绑定)
|
||||
- **影响**: 护士无法查看设备绑定列表
|
||||
- **建议**: 如护士需要查看设备列表,补充 `health.devices.list` 权限
|
||||
|
||||
### BUG-R05a: 运营无法访问患者端积分商品(LOW)
|
||||
- **端点**: GET /health/points/products → 403
|
||||
- **根因**: 患者端积分路由绑定了 `health.health-data.list` 而非 `health.points.list`
|
||||
- **影响**: 运营只能通过管理端路径 `/health/admin/points/products` 访问
|
||||
|
||||
### BUG-R05b: 运营无法访问线下活动(LOW)
|
||||
- **端点**: GET /health/offline-events → 403
|
||||
- **根因**: 同上,权限码绑定问题
|
||||
|
||||
### BUG-R05c: 运营可访问患者列表(MEDIUM)
|
||||
- **端点**: GET /health/patients → 200(应为 403)
|
||||
- **根因**: 运营角色分配了 `health.patient.list` 权限
|
||||
- **影响**: 运营可查看所有患者数据(设计意图是只读查看)
|
||||
- **建议**: 确认运营是否应有患者查看权限,如是则符合设计
|
||||
Reference in New Issue
Block a user