iven/hms
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 全局权限优化 — 7 项问题修复

Browse Source 
1. 菜单权限修复:补充 10 个菜单的 permission 字段 + 修复 menu_service
   回退逻辑(admin 直接跳过过滤,非 admin 无关联则不显示)+ 收紧前端过滤
2. 管理员重置密码:新增 POST /users/{id}/reset-password 端点 + 前端按钮
3. 告警处理人姓名:AlertResponse 添加 acknowledged_by_name 字段
4. Tab 权限过滤:PatientDetail 6 个 Tab 按权限过滤 + 状态字段 Tooltip
5. 消息中心 UI:添加 Popconfirm/AuthButton,移除 inline isDark
This commit is contained in:
iven
2026-05-15 19:00:48 +08:00
parent 9319203e09
commit 8763e10d6e
17 changed files with 451 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
crates/erp-auth/src/dto.rs
View File

@@ -62,6 +62,15 @@ pub struct ChangePasswordReq {
pub new_password: String,
}
/// 管理员重置用户密码请求
#[derive(Debug, Deserialize, Validate, ToSchema)]
pub struct ResetPasswordReq {
#[validate(length(min = 6, max = 128, message = "新密码长度需在6-128之间"))]
pub new_password: String,
#[validate(range(min = 0))]
pub version: i32,
}
// --- User DTOs ---
#[derive(Debug, Serialize, ToSchema)]

51
crates/erp-auth/src/handler/user_handler.rs
View File

@@ -10,7 +10,7 @@ use erp_core::types::{ApiResponse, PaginatedResponse, Pagination, TenantContext}
use uuid::Uuid;
use crate::auth_state::AuthState;
use crate::dto::{CreateUserReq, RoleResp, UpdateUserReq, UserResp};
use crate::dto::{CreateUserReq, ResetPasswordReq, RoleResp, UpdateUserReq, UserResp};
use crate::service::user_service::UserService;
use erp_core::rbac::require_permission;
@@ -271,3 +271,52 @@ where
Ok(Json(ApiResponse::ok(AssignRolesResp { roles })))
}
#[utoipa::path(
post,
path = "/api/v1/users/{id}/reset-password",
params(("id" = Uuid, Path, description = "用户ID")),
request_body = ResetPasswordReq,
responses(
(status = 200, description = "密码重置成功"),
(status = 401, description = "未授权"),
(status = 403, description = "权限不足"),
(status = 404, description = "用户不存在"),
),
security(("bearer_auth" = [])),
tag = "用户管理"
)]
/// POST /api/v1/users/{id}/reset-password
///
/// 管理员重置指定用户密码。需要 `user.reset-password` 权限。
pub async fn reset_password<S>(
State(state): State<AuthState>,
Extension(ctx): Extension<TenantContext>,
Path(id): Path<Uuid>,
Json(req): Json<ResetPasswordReq>,
) -> Result<Json<ApiResponse<()>>, AppError>
where
AuthState: FromRef<S>,
S: Clone + Send + Sync + 'static,
{
require_permission(&ctx, "user.reset-password")?;
req.validate()
.map_err(|e| AppError::Validation(e.to_string()))?;
UserService::reset_password(
id,
ctx.tenant_id,
ctx.user_id,
&req.new_password,
req.version,
&state.db,
)
.await?;
Ok(Json(ApiResponse {
success: true,
data: None,
message: Some("密码重置成功".to_string()),
}))
}

10
crates/erp-auth/src/module.rs
View File

@@ -69,6 +69,10 @@ impl AuthModule {
"/users/{id}/roles",
axum::routing::post(user_handler::assign_roles),
)
.route(
"/users/{id}/reset-password",
axum::routing::post(user_handler::reset_password),
)
.route(
"/roles",
axum::routing::get(role_handler::list_roles).post(role_handler::create_role),
@@ -237,6 +241,12 @@ impl ErpModule for AuthModule {
description: "软删除用户".into(),
module: "auth".into(),
},
PermissionDescriptor {
code: "user.reset-password".into(),
name: "重置用户密码".into(),
description: "管理员重置指定用户密码".into(),
module: "auth".into(),
},
PermissionDescriptor {
code: "role.list".into(),
name: "查看角色列表".into(),

61
crates/erp-auth/src/service/user_service.rs
View File

@@ -434,6 +434,67 @@ impl UserService {
result
}
/// 管理员重置指定用户密码。
pub async fn reset_password(
user_id: Uuid,
tenant_id: Uuid,
operator_id: Uuid,
new_password: &str,
version: i32,
db: &sea_orm::DatabaseConnection,
) -> AuthResult<()> {
// 1. 验证用户存在且属于当前租户
let user_model = user::Entity::find()
.filter(user::Column::Id.eq(user_id))
.filter(user::Column::TenantId.eq(tenant_id))
.filter(user::Column::DeletedAt.is_null())
.one(db)
.await
.map_err(|e| AuthError::Validation(e.to_string()))?
.ok_or_else(|| AuthError::Validation("用户不存在".to_string()))?;
let _next_version = check_version(version, user_model.version)
.map_err(|_| AuthError::Validation("版本冲突,请刷新后重试".to_string()))?;
// 2. 查找密码凭证
let cred = user_credential::Entity::find()
.filter(user_credential::Column::UserId.eq(user_id))
.filter(user_credential::Column::TenantId.eq(tenant_id))
.filter(user_credential::Column::CredentialType.eq("password"))
.filter(user_credential::Column::DeletedAt.is_null())
.one(db)
.await
.map_err(|e| AuthError::Validation(e.to_string()))?
.ok_or_else(|| AuthError::Validation("用户凭证不存在".to_string()))?;
// 3. 哈希新密码并更新凭证
let new_hash = password::hash_password(new_password)?;
let cred_version = cred.version;
let mut cred_active: user_credential::ActiveModel = cred.into();
cred_active.credential_data = Set(Some(serde_json::json!({ "hash": new_hash })));
cred_active.updated_at = Set(Utc::now());
cred_active.updated_by = Set(operator_id);
cred_active.version = Set(cred_version + 1);
cred_active
.update(db)
.await
.map_err(|e| AuthError::Validation(e.to_string()))?;
// 4. 吊销所有 refresh token
super::token_service::TokenService::revoke_all_user_tokens(user_id, tenant_id, db).await?;
// 5. 审计日志
audit_service::record(
AuditLog::new(tenant_id, Some(operator_id), "user.reset_password", "user")
.with_resource_id(user_id),
db,
)
.await;
tracing::info!(user_id = %user_id, operator_id = %operator_id, "Password reset by admin");
Ok(())
}
/// Fetch role details for a single user, returning RoleResp DTOs.
async fn fetch_user_role_resps(
user_id: Uuid,