iven/hms
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(db,ci): 补全 26 个缺失权限码 seed 注册 + 检查脚本增强

Browse Source 
- 新增迁移 000144 全实体乐观锁 version 字段强制化
- 新增迁移 000145 注册 26 个后端已声明但 seed 缺失的权限码
  (ai.analysis/prompt/suggestion/usage/provider, copilot.insights/risk/rules,
   health.ble-gateways/critical-alerts/devices/family-proxy/shifts 等)
- check-permissions.sh: 增加 module.rs PermissionDescriptor 提取,
  支持两段式权限码 (plugin.admin/tenant.manage)
- CI 检查结果: Check 1 PASS, Check 2 PASS, 0 个不一致
This commit is contained in:
iven
2026-05-13 14:30:27 +08:00
parent 935ca70dfa
commit c681049c82
4 changed files with 367 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
scripts/check-permissions.sh
View File

@@ -28,22 +28,27 @@ echo " 权限注册完整性检查"
echo "=========================================="
# --- 提取后端 handler 权限码 ---
# 1) require_permission 调用
grep -roh 'require_permission.*"[^"]*"' crates/ --include="*.rs" \
| grep -oE '"[^"]*"' | tr -d '"' | sort -u > "$BACKEND_PERMS"
# 2) module.rs 中 PermissionDescriptor 声明的 code 字段
grep -roh 'code: *"[^"]*"' crates/ --include="*.rs" \
| grep -oE '"[^"]*\.[^"]*\.[^"]*"' | tr -d '"' | sort -u >> "$BACKEND_PERMS"
# 去重
cat "$BACKEND_PERMS" | sort -u > "${BACKEND_PERMS}.tmp" && mv "${BACKEND_PERMS}.tmp" "$BACKEND_PERMS"
# --- 提取前端 routeConfig 权限码 ---
grep -oE '"[a-z][-a-z0-9]*\.[a-z][-a-z0-9]*\.[a-z][-a-z0-9]*"' \
apps/web/src/routeConfig.ts | tr -d '"' | sort -u > "$FRONTEND_PERMS"
# --- 提取 seed 迁移权限码 ---
grep -roh 'health\.[a-z_-]*\.[a-z_-]*' crates/erp-server/migration/src/ --include="*.rs" \
| grep -vE 'fn |mod |use |struct |impl |async |let |pub |self|super|crate' \
| sort -u > "$SEED_PERMS"
# 也提取非 health 前缀的
grep -roh '(user|role|workflow|message|setting|plugin|department|organization|position|dictionary|menu|numbering|theme|language|tenant|ai)\.[a-z_-]*\.[a-z_-]*' \
# 匹配三段式health.patient.list和两段式plugin.admin权限码
grep -rohE '[a-z][-a-z0-9]*\.[a-z][-a-z0-9]*(\.[a-z][-a-z0-9]*)?' \
crates/erp-server/migration/src/ --include="*.rs" \
| grep -vE 'fn |mod |use |struct |impl |async |let |pub |self|super|crate' \
| sort -u >> "$SEED_PERMS"
| grep -E '^(user|role|workflow|message|setting|plugin|department|organization|position|dictionary|menu|numbering|theme|language|tenant|ai|copilot|health)' \
| grep -v '\.(rs|sql|md|toml)$' \
| sort -u > "$SEED_PERMS"
# 提取 handler 中的非 health 权限码也加入 seed 对比
grep -roh 'require_permission.*"[^"]*"' crates/erp-auth/ crates/erp-config/ crates/erp-workflow/ crates/erp-message/ --include="*.rs" \
| grep -oE '"[^"]*"' | tr -d '"' | sort -u >> "$SEED_PERMS"