iven/hms
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 全局权限优化 — 7 项问题修复

Browse Source 
1. 菜单权限修复:补充 10 个菜单的 permission 字段 + 修复 menu_service
   回退逻辑(admin 直接跳过过滤,非 admin 无关联则不显示)+ 收紧前端过滤
2. 管理员重置密码:新增 POST /users/{id}/reset-password 端点 + 前端按钮
3. 告警处理人姓名:AlertResponse 添加 acknowledged_by_name 字段
4. Tab 权限过滤:PatientDetail 6 个 Tab 按权限过滤 + 状态字段 Tooltip
5. 消息中心 UI:添加 Popconfirm/AuthButton,移除 inline isDark
This commit is contained in:
iven
2026-05-15 19:00:48 +08:00
parent 9319203e09
commit 8763e10d6e
17 changed files with 451 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
apps/web/src/api/health/alerts.ts
View File

@@ -12,6 +12,7 @@ export interface Alert {
detail?: Record<string, unknown>;
status: string;
acknowledged_by?: string;
acknowledged_by_name?: string;
acknowledged_at?: string;
resolved_at?: string;
created_at: string;

4
apps/web/src/api/users.ts
View File

@@ -48,3 +48,7 @@ export async function deleteUser(id: string) {
export async function assignRoles(userId: string, roleIds: string[]) {
await client.post(`/users/${userId}/roles`, { role_ids: roleIds });
}
export async function resetPassword(id: string, req: { new_password: string; version: number }) {
await client.post(`/users/${id}/reset-password`, req);
}

9
apps/web/src/layouts/MainLayout.tsx
View File

@@ -179,7 +179,7 @@ const CollapsibleSubGroup = memo(function CollapsibleSubGroup({
const hasActive = visibleChildren.some((c) => currentPath === (c.path || c.id));
useEffect(() => {
if (hasActive) setExpanded(true);
if (hasActive) setExpanded(true); // eslint-disable-line react-hooks/set-state-in-effect -- 初始展开包含活跃菜单的分组
}, [hasActive]);
if (collapsed) {
@@ -397,7 +397,7 @@ export default function MainLayout({ children }: { children: React.ReactNode })
if (!cancelled) {
// 根据用户权限过滤菜单:菜单项声明 permission 时,用户必须有对应权限
const perms = useAuthStore.getState().permissions;
const isAdmin = useAuthStore.getState().user?.roles?.some((r: string) => r === 'admin') ?? false;
const isAdmin = useAuthStore.getState().user?.roles?.some((r) => typeof r === 'object' && r.code === 'admin') ?? false;
if (isAdmin) {
setDynamicMenus(menus);
} else {
@@ -408,10 +408,11 @@ export default function MainLayout({ children }: { children: React.ReactNode })
children: m.children ? filterByPerm(m.children) : undefined,
}))
.filter((m) => {
if (!m.permission) return true;
if (m.menu_type === 'directory') return true;
if (!m.permission) return false;
return perms.includes(m.permission);
})
.filter((m) => m.menu_type === 'directory' || !m.children || m.children.length > 0 || !m.permission || perms.includes(m.permission));
.filter((m) => m.menu_type === 'directory' || (m.children && m.children.length > 0) || (m.permission && perms.includes(m.permission)));
setDynamicMenus(filterByPerm(menus));
}
}

84
apps/web/src/pages/Users.tsx
View File

@@ -8,6 +8,8 @@ import {
Tag,
Popconfirm,
Checkbox,
Modal,
message,
} from 'antd';
import {
PlusOutlined,
@@ -17,6 +19,7 @@ import {
SafetyCertificateOutlined,
StopOutlined,
CheckCircleOutlined,
KeyOutlined,
} from '@ant-design/icons';
import {
listUsers,
@@ -24,6 +27,7 @@ import {
updateUser,
deleteUser,
assignRoles,
resetPassword,
type CreateUserRequest,
type UpdateUserRequest,
} from '../api/users';
@@ -31,6 +35,7 @@ import { listRoles, type RoleInfo } from '../api/roles';
import type { UserInfo } from '../api/auth';
import { PageContainer } from '../components/PageContainer';
import { DrawerForm } from '../components/DrawerForm';
import { AuthButton } from '../components/AuthButton';
import { useCrudDrawer } from '../hooks/useCrudDrawer';
import { usePaginatedData } from '../hooks/usePaginatedData';
import { useApiRequest } from '../hooks/useApiRequest';
@@ -101,6 +106,39 @@ export default function Users() {
setRoleDrawerOpen(true);
};
// 重置密码
const [resetModalOpen, setResetModalOpen] = useState(false);
const [resetTarget, setResetTarget] = useState<UserInfo | null>(null);
const [resetLoading, setResetLoading] = useState(false);
const [resetForm] = Form.useForm();
const openResetModal = (user: UserInfo) => {
setResetTarget(user);
resetForm.resetFields();
setResetModalOpen(true);
};
const handleResetPassword = async () => {
try {
const values = await resetForm.validateFields();
if (!resetTarget) return;
setResetLoading(true);
await resetPassword(resetTarget.id, {
new_password: values.new_password,
version: resetTarget.version,
});
message.success('密码已重置');
setResetModalOpen(false);
resetForm.resetFields();
refresh();
} catch (error) {
if (error && typeof error === 'object' && 'errorFields' in error) return; // 表单校验失败,忽略
throw error;
} finally {
setResetLoading(false);
}
};
const columns = [
{
title: '用户', dataIndex: 'username', key: 'username',
@@ -145,6 +183,9 @@ export default function Users() {
<Button size="small" type="text" icon={<EditOutlined />} onClick={() => userDrawer.openEdit(record, (r) => ({
username: r.username, display_name: r.display_name, email: r.email, phone: r.phone,
}))} style={{ color: isDark ? '#94a3b8' : '#475569' }} />
<AuthButton code="user.reset-password">
<Button size="small" type="text" icon={<KeyOutlined />} onClick={() => openResetModal(record)} style={{ color: isDark ? '#94a3b8' : '#475569' }} />
</AuthButton>
<Button size="small" type="text" icon={<SafetyCertificateOutlined />} onClick={() => openRoleDrawer(record)} style={{ color: isDark ? '#94a3b8' : '#475569' }} />
{record.status === 'active' ? (
<Popconfirm title="确定禁用此用户?" onConfirm={() => handleToggleStatus(record.id, 'disabled')}>
@@ -237,6 +278,49 @@ export default function Users() {
</Checkbox.Group>
</div>
</DrawerForm>
{/* 重置密码 Modal */}
<Modal
title={`重置密码 - ${resetTarget?.username || ''}`}
open={resetModalOpen}
onCancel={() => setResetModalOpen(false)}
onOk={handleResetPassword}
confirmLoading={resetLoading}
okText="确认重置"
cancelText="取消"
destroyOnClose
>
<Form form={resetForm} layout="vertical" style={{ marginTop: 16 }}>
<Form.Item
name="new_password"
label="新密码"
rules={[
{ required: true, message: '请输入新密码' },
{ min: 6, message: '密码至少6位' },
]}
>
<Input.Password placeholder="请输入新密码" />
</Form.Item>
<Form.Item
name="confirm_password"
label="确认密码"
dependencies={['new_password']}
rules={[
{ required: true, message: '请确认新密码' },
({ getFieldValue }) => ({
validator(_, value) {
if (!value || getFieldValue('new_password') === value) {
return Promise.resolve();
}
return Promise.reject(new Error('两次输入的密码不一致'));
},
}),
]}
>
<Input.Password placeholder="请再次输入新密码" />
</Form.Item>
</Form>
</Modal>
</PageContainer>
);
}

40
apps/web/src/pages/health/PatientDetail.tsx
View File

@@ -14,8 +14,10 @@ import {
DatePicker,
message,
Spin,
Tooltip,
} from 'antd';
import { ArrowLeftOutlined, EditOutlined } from '@ant-design/icons';
import { ArrowLeftOutlined, EditOutlined, InfoCircleOutlined } from '@ant-design/icons';
import { useAuthStore } from '../../stores/auth';
import { patientApi } from '../../api/health/patients';
import { AuthButton } from '../../components/AuthButton';
import { CopilotBadge } from '../../components/Copilot';
@@ -57,6 +59,22 @@ export default function PatientDetail() {
const [editModalOpen, setEditModalOpen] = useState(false);
const [form] = Form.useForm();
const isDark = useThemeMode();
const permissions = useAuthStore((s) => s.permissions);
/** Tab 权限映射:无权限码的 tab 始终可见 */
const TAB_PERMISSIONS: Record<string, string | undefined> = {
info: undefined,
family: 'health.patient.manage',
health: 'health.health-data.list',
followup: 'health.follow-up.list',
points: 'health.points.list',
ai: 'ai.analysis.list',
};
const hasPermission = (code: string | undefined): boolean => {
if (!code) return true;
return permissions.includes(code);
};
// --- 加载患者基本信息 ---
const fetchPatient = useCallback(async () => {
@@ -268,10 +286,24 @@ export default function PatientDetail() {
<Descriptions.Item label="身份证号">
{patient.id_number || '-'}
</Descriptions.Item>
<Descriptions.Item label="状态">
<Descriptions.Item label={
<Space size={4}>
<span></span>
<Tooltip title="active=活跃 | inactive=停诊 | deceased=已故。停诊/已故会触发对应业务事件。">
<InfoCircleOutlined style={{ color: 'var(--ant-color-text-quaternary)', fontSize: 12 }} />
</Tooltip>
</Space>
}>
<StatusTag status={patient.status} />
</Descriptions.Item>
<Descriptions.Item label="认证状态">
<Descriptions.Item label={
<Space size={4}>
<span></span>
<Tooltip title="pending=待认证 | verified=已认证 | rejected=已驳回。已认证会触发 PATIENT_VERIFIED 事件。">
<InfoCircleOutlined style={{ color: 'var(--ant-color-text-quaternary)', fontSize: 12 }} />
</Tooltip>
</Space>
}>
<StatusTag status={patient.verification_status} />
</Descriptions.Item>
<Descriptions.Item label="来源">
@@ -351,7 +383,7 @@ export default function PatientDetail() {
</Space>
) : null,
},
]}
].filter((tab) => hasPermission(TAB_PERMISSIONS[tab.key]))}
/>
</Card>

2
apps/web/src/pages/health/components/AlertDetailPanel.tsx
View File

@@ -173,7 +173,7 @@ export function AlertDetailPanel({
{alert.acknowledged_by && (
<Descriptions.Item label="处理人" span={2}>
<Typography.Text style={{ fontSize: 12 }}>
{alert.acknowledged_by}
{alert.acknowledged_by_name || `${alert.acknowledged_by.slice(0, 8)}...`}
</Typography.Text>
</Descriptions.Item>
)}

30
apps/web/src/pages/messages/MessageTemplates.tsx
View File

@@ -1,9 +1,9 @@
import { useEffect, useState, useCallback } from 'react';
import { Table, Button, Modal, Form, Input, Select, message, Tag } from 'antd';
import { Table, Button, Modal, Form, Input, Select, message, Tag, Card } from 'antd';
import { PlusOutlined } from '@ant-design/icons';
import type { ColumnsType } from 'antd/es/table';
import { listTemplates, createTemplate, type MessageTemplateInfo } from '../../api/messageTemplates';
import { useThemeMode } from '../../hooks/useThemeMode';
import { AuthButton } from '../../components/AuthButton';
const channelMap: Record<string, { label: string; color: string }> = {
in_app: { label: '站内', color: '#2563eb' },
@@ -19,7 +19,6 @@ export default function MessageTemplates() {
const [loading, setLoading] = useState(false);
const [modalOpen, setModalOpen] = useState(false);
const [form] = Form.useForm();
const isDark = useThemeMode();
const fetchData = useCallback(async (p = page) => {
setLoading(true);
@@ -64,9 +63,9 @@ export default function MessageTemplates() {
key: 'code',
render: (v: string) => (
<Tag style={{
background: isDark ? '#0f172a' : '#f8fafc',
background: 'var(--ant-color-fill-quaternary)',
border: 'none',
color: isDark ? '#94a3b8' : '#475569',
color: 'var(--ant-color-text-secondary)',
fontFamily: 'monospace',
fontSize: 12,
}}>
@@ -111,7 +110,7 @@ export default function MessageTemplates() {
key: 'created_at',
width: 180,
render: (v: string) => (
<span style={{ color: isDark ? '#475569' : '#94a3b8', fontSize: 13 }}>{v}</span>
<span style={{ color: 'var(--ant-color-text-secondary)', fontSize: 13 }}>{v}</span>
),
},
];
@@ -124,20 +123,17 @@ export default function MessageTemplates() {
alignItems: 'center',
marginBottom: 16,
}}>
<span style={{ fontSize: 13, color: isDark ? '#475569' : '#94a3b8' }}>
<span style={{ fontSize: 13, color: 'var(--ant-color-text-secondary)' }}>
{total}
</span>
<Button type="primary" icon={<PlusOutlined />} onClick={() => setModalOpen(true)}>
</Button>
<AuthButton code="message.manage">
<Button type="primary" icon={<PlusOutlined />} onClick={() => setModalOpen(true)}>
</Button>
</AuthButton>
</div>
<div style={{
background: isDark ? '#111827' : '#FFFFFF',
borderRadius: 12,
border: `1px solid ${isDark ? '#0f172a' : '#f8fafc'}`,
overflow: 'hidden',
}}>
<Card styles={{ body: { padding: 0 } }}>
<Table
columns={columns}
dataSource={data}
@@ -151,7 +147,7 @@ export default function MessageTemplates() {
showTotal: (t) => `${t} 条记录`,
}}
/>
</div>
</Card>
<Modal
title="新建消息模板"

58
apps/web/src/pages/messages/NotificationList.tsx
View File

@@ -1,9 +1,9 @@
import { useEffect, useState, useMemo, useCallback, useRef } from 'react';
import { Table, Button, Tag, Space, Modal, Typography, message } from 'antd';
import { Table, Button, Tag, Space, Modal, Typography, Popconfirm, Card, message } from 'antd';
import { CheckOutlined, DeleteOutlined, EyeOutlined } from '@ant-design/icons';
import type { ColumnsType } from 'antd/es/table';
import { listMessages, markRead, markAllRead, deleteMessage, type MessageInfo, type MessageQuery } from '../../api/messages';
import { useThemeMode } from '../../hooks/useThemeMode';
import { AuthButton } from '../../components/AuthButton';
const { Paragraph } = Typography;
@@ -32,7 +32,6 @@ export default function NotificationList({ queryFilter }: Props) {
const [total, setTotal] = useState(0);
const [page, setPage] = useState(1);
const [loading, setLoading] = useState(false);
const isDark = useThemeMode();
const fetchData = useCallback(async (p = page, filter?: MessageQuery) => {
setLoading(true);
@@ -93,7 +92,7 @@ export default function NotificationList({ queryFilter }: Props) {
content: (
<div>
<Paragraph>{record.body}</Paragraph>
<div style={{ marginTop: 8, color: isDark ? '#475569' : '#94a3b8', fontSize: 12 }}>
<div style={{ marginTop: 8, color: 'var(--ant-color-text-secondary)', fontSize: 12 }}>
{formatDateTime(record.created_at)}
</div>
</div>
@@ -114,7 +113,7 @@ export default function NotificationList({ queryFilter }: Props) {
style={{
fontWeight: record.is_read ? 400 : 600,
cursor: 'pointer',
color: record.is_read ? (isDark ? '#94a3b8' : '#475569') : 'inherit',
color: record.is_read ? 'var(--ant-color-text-secondary)' : 'inherit',
}}
onClick={() => showDetail(record)}
>
@@ -156,7 +155,7 @@ export default function NotificationList({ queryFilter }: Props) {
dataIndex: 'sender_type',
key: 'sender_type',
width: 80,
render: (s: string) => <span style={{ color: isDark ? '#475569' : '#94a3b8' }}>{s === 'system' ? '系统' : '用户'}</span>,
render: (s: string) => <span style={{ color: 'var(--ant-color-text-secondary)' }}>{s === 'system' ? '系统' : '用户'}</span>,
},
{
title: '状态',
@@ -165,9 +164,9 @@ export default function NotificationList({ queryFilter }: Props) {
width: 80,
render: (r: boolean) => (
<Tag style={{
background: r ? (isDark ? '#0f172a' : '#f8fafc') : '#eff6ff',
background: r ? 'var(--ant-color-fill-quaternary)' : '#eff6ff',
border: 'none',
color: r ? (isDark ? '#475569' : '#94a3b8') : '#2563eb',
color: r ? 'var(--ant-color-text-secondary)' : '#2563eb',
fontWeight: 500,
}}>
{r ? '已读' : '未读'}
@@ -180,7 +179,7 @@ export default function NotificationList({ queryFilter }: Props) {
key: 'created_at',
width: 180,
render: (v: string) => (
<span style={{ color: isDark ? '#475569' : '#94a3b8', fontSize: 13 }}>{formatDateTime(v)}</span>
<span style={{ color: 'var(--ant-color-text-secondary)', fontSize: 13 }}>{formatDateTime(v)}</span>
),
},
{
@@ -203,15 +202,21 @@ export default function NotificationList({ queryFilter }: Props) {
size="small"
icon={<EyeOutlined />}
onClick={() => showDetail(record)}
style={{ color: isDark ? '#475569' : '#94a3b8' }}
/>
<Button
type="text"
size="small"
danger
icon={<DeleteOutlined />}
onClick={() => handleDelete(record.id)}
style={{ color: 'var(--ant-color-text-secondary)' }}
/>
<AuthButton code="message.manage">
<Popconfirm
title="确定删除此消息?"
onConfirm={() => handleDelete(record.id)}
>
<Button
type="text"
size="small"
danger
icon={<DeleteOutlined />}
/>
</Popconfirm>
</AuthButton>
</Space>
),
},
@@ -225,20 +230,17 @@ export default function NotificationList({ queryFilter }: Props) {
alignItems: 'center',
marginBottom: 16,
}}>
<span style={{ fontSize: 13, color: isDark ? '#475569' : '#94a3b8' }}>
<span style={{ fontSize: 13, color: 'var(--ant-color-text-secondary)' }}>
{total}
</span>
<Button icon={<CheckOutlined />} onClick={handleMarkAllRead}>
</Button>
<AuthButton code="message.manage">
<Button icon={<CheckOutlined />} onClick={handleMarkAllRead}>
</Button>
</AuthButton>
</div>
<div style={{
background: isDark ? '#111827' : '#FFFFFF',
borderRadius: 12,
border: `1px solid ${isDark ? '#0f172a' : '#f8fafc'}`,
overflow: 'hidden',
}}>
<Card styles={{ body: { padding: 0 } }}>
<Table
columns={columns}
dataSource={data}
@@ -252,7 +254,7 @@ export default function NotificationList({ queryFilter }: Props) {
showTotal: (t) => `${t} 条记录`,
}}
/>
</div>
</Card>
</div>
);
}

9
crates/erp-auth/src/dto.rs
View File

@@ -62,6 +62,15 @@ pub struct ChangePasswordReq {
pub new_password: String,
}
/// 管理员重置用户密码请求
#[derive(Debug, Deserialize, Validate, ToSchema)]
pub struct ResetPasswordReq {
#[validate(length(min = 6, max = 128, message = "新密码长度需在6-128之间"))]
pub new_password: String,
#[validate(range(min = 0))]
pub version: i32,
}
// --- User DTOs ---
#[derive(Debug, Serialize, ToSchema)]

51
crates/erp-auth/src/handler/user_handler.rs
View File

@@ -10,7 +10,7 @@ use erp_core::types::{ApiResponse, PaginatedResponse, Pagination, TenantContext}
use uuid::Uuid;
use crate::auth_state::AuthState;
use crate::dto::{CreateUserReq, RoleResp, UpdateUserReq, UserResp};
use crate::dto::{CreateUserReq, ResetPasswordReq, RoleResp, UpdateUserReq, UserResp};
use crate::service::user_service::UserService;
use erp_core::rbac::require_permission;
@@ -271,3 +271,52 @@ where
Ok(Json(ApiResponse::ok(AssignRolesResp { roles })))
}
#[utoipa::path(
post,
path = "/api/v1/users/{id}/reset-password",
params(("id" = Uuid, Path, description = "用户ID")),
request_body = ResetPasswordReq,
responses(
(status = 200, description = "密码重置成功"),
(status = 401, description = "未授权"),
(status = 403, description = "权限不足"),
(status = 404, description = "用户不存在"),
),
security(("bearer_auth" = [])),
tag = "用户管理"
)]
/// POST /api/v1/users/{id}/reset-password
///
/// 管理员重置指定用户密码。需要 `user.reset-password` 权限。
pub async fn reset_password<S>(
State(state): State<AuthState>,
Extension(ctx): Extension<TenantContext>,
Path(id): Path<Uuid>,
Json(req): Json<ResetPasswordReq>,
) -> Result<Json<ApiResponse<()>>, AppError>
where
AuthState: FromRef<S>,
S: Clone + Send + Sync + 'static,
{
require_permission(&ctx, "user.reset-password")?;
req.validate()
.map_err(|e| AppError::Validation(e.to_string()))?;
UserService::reset_password(
id,
ctx.tenant_id,
ctx.user_id,
&req.new_password,
req.version,
&state.db,
)
.await?;
Ok(Json(ApiResponse {
success: true,
data: None,
message: Some("密码重置成功".to_string()),
}))
}

10
crates/erp-auth/src/module.rs
View File

@@ -69,6 +69,10 @@ impl AuthModule {
"/users/{id}/roles",
axum::routing::post(user_handler::assign_roles),
)
.route(
"/users/{id}/reset-password",
axum::routing::post(user_handler::reset_password),
)
.route(
"/roles",
axum::routing::get(role_handler::list_roles).post(role_handler::create_role),
@@ -237,6 +241,12 @@ impl ErpModule for AuthModule {
description: "软删除用户".into(),
module: "auth".into(),
},
PermissionDescriptor {
code: "user.reset-password".into(),
name: "重置用户密码".into(),
description: "管理员重置指定用户密码".into(),
module: "auth".into(),
},
PermissionDescriptor {
code: "role.list".into(),
name: "查看角色列表".into(),

61
crates/erp-auth/src/service/user_service.rs
View File

@@ -434,6 +434,67 @@ impl UserService {
result
}
/// 管理员重置指定用户密码。
pub async fn reset_password(
user_id: Uuid,
tenant_id: Uuid,
operator_id: Uuid,
new_password: &str,
version: i32,
db: &sea_orm::DatabaseConnection,
) -> AuthResult<()> {
// 1. 验证用户存在且属于当前租户
let user_model = user::Entity::find()
.filter(user::Column::Id.eq(user_id))
.filter(user::Column::TenantId.eq(tenant_id))
.filter(user::Column::DeletedAt.is_null())
.one(db)
.await
.map_err(|e| AuthError::Validation(e.to_string()))?
.ok_or_else(|| AuthError::Validation("用户不存在".to_string()))?;
let _next_version = check_version(version, user_model.version)
.map_err(|_| AuthError::Validation("版本冲突,请刷新后重试".to_string()))?;
// 2. 查找密码凭证
let cred = user_credential::Entity::find()
.filter(user_credential::Column::UserId.eq(user_id))
.filter(user_credential::Column::TenantId.eq(tenant_id))
.filter(user_credential::Column::CredentialType.eq("password"))
.filter(user_credential::Column::DeletedAt.is_null())
.one(db)
.await
.map_err(|e| AuthError::Validation(e.to_string()))?
.ok_or_else(|| AuthError::Validation("用户凭证不存在".to_string()))?;
// 3. 哈希新密码并更新凭证
let new_hash = password::hash_password(new_password)?;
let cred_version = cred.version;
let mut cred_active: user_credential::ActiveModel = cred.into();
cred_active.credential_data = Set(Some(serde_json::json!({ "hash": new_hash })));
cred_active.updated_at = Set(Utc::now());
cred_active.updated_by = Set(operator_id);
cred_active.version = Set(cred_version + 1);
cred_active
.update(db)
.await
.map_err(|e| AuthError::Validation(e.to_string()))?;
// 4. 吊销所有 refresh token
super::token_service::TokenService::revoke_all_user_tokens(user_id, tenant_id, db).await?;
// 5. 审计日志
audit_service::record(
AuditLog::new(tenant_id, Some(operator_id), "user.reset_password", "user")
.with_resource_id(user_id),
db,
)
.await;
tracing::info!(user_id = %user_id, operator_id = %operator_id, "Password reset by admin");
Ok(())
}
/// Fetch role details for a single user, returning RoleResp DTOs.
async fn fetch_user_role_resps(
user_id: Uuid,

35
crates/erp-config/src/service/menu_service.rs
View File

@@ -49,20 +49,33 @@ impl MenuService {
.collect())
}
/// 获取当前租户下指定角色可见的菜单树。
///
/// `role_codes` 为当前用户的角色 code 列表(如 ["admin"]、["doctor"])。
/// 方法内部将 code 转换为 ID再通过 menu_roles 表过滤。
/// 如果角色没有任何菜单关联返回全部菜单admin 兜底)。
pub async fn get_menu_tree(
tenant_id: Uuid,
role_codes: &[String],
db: &sea_orm::DatabaseConnection,
) -> ConfigResult<Vec<MenuResp>> {
// 0. 将角色 code 转换为 UUID
// 0. admin 角色直接返回全部菜单,跳过 menu_roles 过滤
if role_codes.iter().any(|c| c == "admin") {
let all_menus = menu::Entity::find()
.filter(menu::Column::TenantId.eq(tenant_id))
.filter(menu::Column::DeletedAt.is_null())
.order_by_asc(menu::Column::SortOrder)
.all(db)
.await
.map_err(|e| ConfigError::Validation(e.to_string()))?;
let mut children_map: HashMap<Option<Uuid>, Vec<&menu::Model>> = HashMap::new();
for m in &all_menus {
children_map.entry(m.parent_id).or_default().push(m);
}
let roots = children_map.get(&None).cloned().unwrap_or_default();
return Ok(Self::build_tree(&roots, &children_map));
}
// 1. 将角色 code 转换为 UUID
let role_ids = Self::resolve_role_ids(tenant_id, role_codes, db).await?;
// 1. 查询租户下所有未删除的菜单,按 sort_order 排序
// 2. 查询租户下所有未删除的菜单,按 sort_order 排序
let all_menus = menu::Entity::find()
.filter(menu::Column::TenantId.eq(tenant_id))
.filter(menu::Column::DeletedAt.is_null())
@@ -71,7 +84,7 @@ impl MenuService {
.await
.map_err(|e| ConfigError::Validation(e.to_string()))?;
// 2. 如果 role_ids 非空,通过 menu_roles 表过滤
// 3. 通过 menu_roles 表过滤
let visible_menu_ids: Option<Vec<Uuid>> = if !role_ids.is_empty() {
let mr_rows = menu_role::Entity::find()
.filter(menu_role::Column::TenantId.eq(tenant_id))
@@ -83,14 +96,12 @@ impl MenuService {
let ids: Vec<Uuid> = mr_rows.iter().map(|mr| mr.menu_id).collect();
if ids.is_empty() {
// 角色未关联菜单时回退到显示全部菜单,
// 避免种子数据阶段 menu_roles 为空导致所有有角色用户看不到菜单
None
Some(vec![]) // 无菜单关联 = 不显示
} else {
Some(ids)
}
} else {
None
Some(vec![]) // 无角色 = 不显示任何菜单
};
// 3. 按 parent_id 分组构建 HashMap

1
crates/erp-health/src/dto/alert_dto.rs
View File

@@ -81,6 +81,7 @@ pub struct AlertResponse {
pub detail: Option<serde_json::Value>,
pub status: String,
pub acknowledged_by: Option<Uuid>,
pub acknowledged_by_name: Option<String>,
pub acknowledged_at: Option<DateTime<Utc>>,
pub resolved_at: Option<DateTime<Utc>>,
pub created_at: DateTime<Utc>,

55
crates/erp-health/src/service/alert_service.rs
View File

@@ -1,7 +1,7 @@
use chrono::Utc;
use sea_orm::ActiveValue::Set;
use sea_orm::entity::prelude::*;
use sea_orm::{QueryOrder, QuerySelect};
use sea_orm::{DatabaseBackend, QueryOrder, QuerySelect, Statement};
use uuid::Uuid;
use erp_core::error::check_version;
@@ -85,6 +85,38 @@ pub async fn list_alerts(
std::collections::HashMap::new()
};
// 批量查询 acknowledged_by 用户名
let ack_ids: std::collections::HashSet<Uuid> =
models.iter().filter_map(|m| m.acknowledged_by).collect();
let ack_names: std::collections::HashMap<Uuid, String> = if !ack_ids.is_empty() {
let params: Vec<sea_orm::Value> = ack_ids.iter().map(|id| (*id).into()).collect();
let placeholders: Vec<String> = (1..=params.len()).map(|i| format!("${}", i)).collect();
let mut values = params;
values.push(tenant_id.into());
let sql = format!(
"SELECT id, COALESCE(display_name, username) AS name FROM users WHERE id IN ({}) AND tenant_id = ${}",
placeholders.join(","),
values.len()
);
let rows = state
.db
.query_all(Statement::from_sql_and_values(
DatabaseBackend::Postgres,
sql,
values,
))
.await?;
rows.into_iter()
.filter_map(|row| {
let id: Uuid = row.try_get_by_index(0).ok()?;
let name: String = row.try_get_by_index(1).ok()?;
Some((id, name))
})
.collect()
} else {
std::collections::HashMap::new()
};
let items = models
.into_iter()
.map(|m| AlertResponse {
@@ -97,6 +129,9 @@ pub async fn list_alerts(
detail: m.detail,
status: m.status,
acknowledged_by: m.acknowledged_by,
acknowledged_by_name: m
.acknowledged_by
.and_then(|uid| ack_names.get(&uid).cloned()),
acknowledged_at: m.acknowledged_at,
resolved_at: m.resolved_at,
created_at: m.created_at,
@@ -107,7 +142,7 @@ pub async fn list_alerts(
Ok((items, total))
}
/// 将 alerts::Model 转换为 AlertResponse并查找关联的患者名称。
/// 将 alerts::Model 转换为 AlertResponse并查找关联的患者名称和处理人名称
async fn enrich_alert_response(
db: &DatabaseConnection,
tenant_id: Uuid,
@@ -118,6 +153,21 @@ async fn enrich_alert_response(
.one(db)
.await?
.map(|p| p.name);
// 查询处理人用户名
let acknowledged_by_name = if let Some(ack_uid) = model.acknowledged_by {
let sql = Statement::from_sql_and_values(
DatabaseBackend::Postgres,
"SELECT COALESCE(display_name, username) AS name FROM users WHERE id = $1 AND tenant_id = $2",
[ack_uid.into(), tenant_id.into()],
);
db.query_one(sql)
.await?
.and_then(|row| row.try_get_by_index::<String>(0).ok())
} else {
None
};
Ok(AlertResponse {
id: model.id,
patient_id: model.patient_id,
@@ -128,6 +178,7 @@ async fn enrich_alert_response(
detail: model.detail,
status: model.status,
acknowledged_by: model.acknowledged_by,
acknowledged_by_name,
acknowledged_at: model.acknowledged_at,
resolved_at: model.resolved_at,
created_at: model.created_at,

2
crates/erp-server/migration/src/lib.rs
View File

@@ -147,6 +147,7 @@ mod m20260512_000142_seed_copilot_rules;
mod m20260512_000143_seed_copilot_alert_rules;
mod m20260513_000144_enforce_version_optimistic_lock;
mod m20260513_000145_seed_missing_permissions;
mod m20260515_000146_seed_menu_permissions_phase2;
pub struct Migrator;
@@ -301,6 +302,7 @@ impl MigratorTrait for Migrator {
Box::new(m20260512_000143_seed_copilot_alert_rules::Migration),
Box::new(m20260513_000144_enforce_version_optimistic_lock::Migration),
Box::new(m20260513_000145_seed_missing_permissions::Migration),
Box::new(m20260515_000146_seed_menu_permissions_phase2::Migration),
]
}
}

68
crates/erp-server/migration/src/m20260515_000146_seed_menu_permissions_phase2.rs Normal file
View File

@@ -0,0 +1,68 @@
//! 补充基础模块菜单的 permission 字段Phase 2
//!
//! 以下菜单在初始 seed 时 permission 为 NULL导致前端菜单过滤逻辑
//! `if (!m.permission) return true` 放行了这些菜单,使无权限用户也能看到。
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
let db = manager.get_connection();
let menu_perms: &[(&str, &str)] = &[
// 基础模块菜单
("/", "health.dashboard.list"), // 工作台
("/users", "user.list"), // 用户管理
("/roles", "permission.list"), // 权限管理
("/organizations", "organization.list"), // 组织架构
("/workflow", "workflow.list"), // 工作流
("/messages", "message.list"), // 消息中心
("/settings", "config.settings.list"), // 系统设置
("/plugins/admin", "plugin.list"), // 插件管理
// 健康模块遗漏
("/health/statistics", "health.stats.list"), // 统计报表
("/health/action-inbox", "health.action-inbox.list"), // 行动收件箱
];
for &(path, perm) in menu_perms {
db.execute_unprepared(&format!(
"UPDATE menus SET permission = '{perm}', updated_at = NOW() \
WHERE path = '{path}' AND deleted_at IS NULL AND (permission IS NULL OR permission = '')"
))
.await?;
}
Ok(())
}
async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
let db = manager.get_connection();
let paths: &[&str] = &[
"/",
"/users",
"/roles",
"/organizations",
"/workflow",
"/messages",
"/settings",
"/plugins/admin",
"/health/statistics",
"/health/action-inbox",
];
for &path in paths {
db.execute_unprepared(&format!(
"UPDATE menus SET permission = NULL, updated_at = NOW() \
WHERE path = '{path}' AND deleted_at IS NULL"
))
.await?;
}
Ok(())
}
}