fix(auth): error 类型 + auth_service 小修复

crates/erp-auth/src/service/auth_service.rs

@@ -113,6 +113,16 @@ impl AuthService {
 
         // 5. Get roles and permissions
         let roles: Vec<String> = TokenService::get_user_roles(user_model.id, tenant_id, db).await?;
+
+        // 纯患者角色不允许登录管理端（同时拥有医护角色则放行）
+        let medical_roles = ["doctor", "nurse", "admin", "health_manager", "operator"];
+        let is_pure_patient =
+            roles.iter().all(|r| r == "patient") && roles.iter().any(|r| r == "patient");
+        let has_medical_role = roles.iter().any(|r| medical_roles.contains(&r.as_str()));
+        if is_pure_patient && !has_medical_role {
+            return Err(AuthError::Forbidden("患者账号请使用小程序登录".to_string()));
+        }
+
         let permissions = TokenService::get_user_permissions(user_model.id, tenant_id, db).await?;
 
         // 6. Sign tokens