iven/hms
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: V1 测试版本端到端验证修复 — 6 CRITICAL + 3 HIGH 问题全量修复

Browse Source 
修复项:
- fix(db): 迁移 149 — 修复 Admin 角色权限绑定被迁移链破坏 (FE-C1)
- fix(health): 4 个 handler 添加空名称验证 — Doctor/Article/AlertRule/Tag (API-C1~C4)
- fix(health): Stats 仪表盘 new_this_week 查询修复 — SeaORM date_trunc bug (FE-C2)
- fix(server): 添加安全响应头 — X-Frame-Options/CSP/XSS-Protection/Referrer-Policy (SEC-H1)
- fix(mp): 预约创建契约修复 — notes/reason 字段映射 + 移除 schedule_id (MP-H1)
- fix(mp): 咨询会话 subject/last_message 字段改为可选 (MP-H3)
- fix(ai): AiConfig Default derive 替代手写 impl (clippy)

测试报告:
- 8 维度端到端测试全部完成 (后端 87 用例 / 前端 30 页面 / 小程序 80+ API / 安全 20 项 / 性能 20 端点)
- 多角色 7 角色 49 检查 100% 通过
- 综合测试报告 + 专家评估报告
This commit is contained in:
iven
2026-05-18 10:24:40 +08:00
parent 38b0d91407
commit d623f8b2ff
36 changed files with 5564 additions and 189 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
crates/erp-health/src/handler/alert_rule_handler.rs
View File

@@ -67,6 +67,9 @@ where
{
require_permission(&ctx, "health.alert-rules.manage")?;
body.sanitize();
if body.name.trim().is_empty() {
return Err(AppError::Validation("规则名称不能为空".into()));
}
let rule = alert_rule_service::create_rule(&state, ctx.tenant_id, ctx.user_id, body).await?;
Ok(axum::Json(ApiResponse::ok(rule)))
}

3
crates/erp-health/src/handler/article_handler.rs
View File

@@ -108,6 +108,9 @@ where
{
require_permission(&ctx, "health.articles.manage")?;
req.sanitize();
if req.title.trim().is_empty() {
return Err(AppError::Validation("文章标题不能为空".into()));
}
let result =
article_service::create_article(&state, ctx.tenant_id, Some(ctx.user_id), req.0).await?;
Ok(Json(ApiResponse::ok(result)))

3
crates/erp-health/src/handler/article_tag_handler.rs
View File

@@ -34,6 +34,9 @@ where
{
require_permission(&ctx, "health.articles.manage")?;
req.sanitize();
if req.name.trim().is_empty() {
return Err(AppError::Validation("标签名称不能为空".into()));
}
let result =
article_tag_service::create_tag(&state, ctx.tenant_id, Some(ctx.user_id), req.0).await?;
Ok(Json(ApiResponse::ok(result)))

3
crates/erp-health/src/handler/doctor_handler.rs
View File

@@ -66,6 +66,9 @@ where
require_permission(&ctx, "health.doctor.manage")?;
let mut req = req;
req.sanitize();
if req.name.trim().is_empty() {
return Err(AppError::Validation("医生姓名不能为空".into()));
}
let result =
doctor_service::create_doctor(&state, ctx.tenant_id, Some(ctx.user_id), req).await?;
Ok(Json(ApiResponse::ok(result)))