iven/hms
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(server+health): 修复权限同步 + 迁移幂等性 + 缺失菜单种子数据
Some checks failed
CI / rust-check (push) Has been cancelled
Details
CI / rust-test (push) Has been cancelled
Details
CI / frontend-build (push) Has been cancelled
Details
CI / security-audit (push) Has been cancelled
Details

Browse Source 
- sync_module_permissions 每次启动都确保 admin 拥有所有权限(修复 CRITICAL-001)
- 新增迁移 m20260505_000116: 补充 11 项缺失的健康管理菜单(多租户安全)
- 修复 000101: UUID 格式错误(缺少第 4 段)
- 修复 000104/000106/000107: Expr::val → Expr::cust(SQL 函数不应被引号包裹)
- 修复 000109: 外键创建改为 IF NOT EXISTS 模式
- 修复 000110: 表名 critical_alerts → critical_alert(匹配实际表名)
- 修复 000111/000112: create_table + create_index 添加 if_not_exists()
- 修复 000113: 改为 raw SQL 幂等模式,修正 FK 目标表名 patients → patient
This commit is contained in:
iven
2026-05-05 02:02:45 +08:00
parent bef2ea7169
commit 99dad17eac
12 changed files with 325 additions and 469 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
crates/erp-server/src/main.rs
View File

@@ -808,20 +808,20 @@ async fn sync_module_permissions(
}
}
if total_new > 0 {
// 将新权限分配给 admin 角色
db.execute(sea_orm::Statement::from_sql_and_values(
sea_orm::DatabaseBackend::Postgres,
r#"INSERT INTO role_permissions (role_id, permission_id, tenant_id, data_scope, created_at, updated_at, created_by, updated_by, deleted_at, version)
SELECT r.id, p.id, p.tenant_id, 'all', NOW(), NOW(), $1, $1, NULL, 1
FROM permissions p
JOIN roles r ON r.code = 'admin' AND r.tenant_id = p.tenant_id AND r.deleted_at IS NULL
WHERE p.tenant_id = $2
ON CONFLICT DO NOTHING"#,
[system_user_id.into(), tenant_id.into()],
)).await?;
// 每次启动都确保 admin 角色拥有所有模块权限(防止权限-角色关联缺失)
db.execute(sea_orm::Statement::from_sql_and_values(
sea_orm::DatabaseBackend::Postgres,
r#"INSERT INTO role_permissions (role_id, permission_id, tenant_id, data_scope, created_at, updated_at, created_by, updated_by, deleted_at, version)
SELECT r.id, p.id, p.tenant_id, 'all', NOW(), NOW(), $1, $1, NULL, 1
FROM permissions p
JOIN roles r ON r.code = 'admin' AND r.tenant_id = p.tenant_id AND r.deleted_at IS NULL
WHERE p.tenant_id = $2
ON CONFLICT DO NOTHING"#,
[system_user_id.into(), tenant_id.into()],
)).await?;
tracing::info!(total_new, "Module permissions synced to database");
if total_new > 0 {
tracing::info!(total_new, "New module permissions synced and bound to admin role");
}
Ok(())