feat(auth+config+workflow+message+plugin): 为 5 个基础模块添加 permissions() 声明

- erp-auth: 23 个权限码（用户/角色/权限/组织/部门/岗位） - erp-config: 18 个权限码（字典/菜单/配置/编号/主题/语言） - erp-workflow: 8 个权限码（流程定义/实例/任务） - erp-message: 5 个权限码（消息/模板），补充缺失的 message.template.manage - erp-plugin: 2 个权限码（插件管理/查看） - 同步更新 seed.rs 的 READ_PERM_INDICES 索引和权限计数使得 sync_module_permissions() 可以动态注册这些权限，与 erp-health/erp-dialysis/erp-ai 模式一致。
2026-04-30 22:41:26 +08:00
parent 8f9895be98
commit f05ca00c75
6 changed files with 102 additions and 8 deletions
--- a/crates/erp-auth/src/module.rs
+++ b/crates/erp-auth/src/module.rs
@@ -3,7 +3,7 @@ use uuid::Uuid;

 use erp_core::error::AppResult;
 use erp_core::events::EventBus;
-use erp_core::module::ErpModule;
+use erp_core::module::{ErpModule, PermissionDescriptor};

 use crate::handler::{auth_handler, org_handler, role_handler, user_handler, wechat_handler};

@@ -208,6 +208,34 @@ impl ErpModule for AuthModule {
        Ok(())
    }

+    fn permissions(&self) -> Vec<PermissionDescriptor> {
+        vec![
+            PermissionDescriptor { code: "user.list".into(), name: "查看用户列表".into(), description: "查看用户列表".into(), module: "auth".into() },
+            PermissionDescriptor { code: "user.create".into(), name: "创建用户".into(), description: "创建新用户".into(), module: "auth".into() },
+            PermissionDescriptor { code: "user.read".into(), name: "查看用户详情".into(), description: "查看用户信息".into(), module: "auth".into() },
+            PermissionDescriptor { code: "user.update".into(), name: "编辑用户".into(), description: "编辑用户信息".into(), module: "auth".into() },
+            PermissionDescriptor { code: "user.delete".into(), name: "删除用户".into(), description: "软删除用户".into(), module: "auth".into() },
+            PermissionDescriptor { code: "role.list".into(), name: "查看角色列表".into(), description: "查看角色列表".into(), module: "auth".into() },
+            PermissionDescriptor { code: "role.create".into(), name: "创建角色".into(), description: "创建新角色".into(), module: "auth".into() },
+            PermissionDescriptor { code: "role.read".into(), name: "查看角色详情".into(), description: "查看角色信息".into(), module: "auth".into() },
+            PermissionDescriptor { code: "role.update".into(), name: "编辑角色".into(), description: "编辑角色".into(), module: "auth".into() },
+            PermissionDescriptor { code: "role.delete".into(), name: "删除角色".into(), description: "删除角色".into(), module: "auth".into() },
+            PermissionDescriptor { code: "permission.list".into(), name: "查看权限".into(), description: "查看权限列表".into(), module: "auth".into() },
+            PermissionDescriptor { code: "organization.list".into(), name: "查看组织列表".into(), description: "查看组织列表".into(), module: "auth".into() },
+            PermissionDescriptor { code: "organization.create".into(), name: "创建组织".into(), description: "创建组织".into(), module: "auth".into() },
+            PermissionDescriptor { code: "organization.update".into(), name: "编辑组织".into(), description: "编辑组织".into(), module: "auth".into() },
+            PermissionDescriptor { code: "organization.delete".into(), name: "删除组织".into(), description: "删除组织".into(), module: "auth".into() },
+            PermissionDescriptor { code: "department.list".into(), name: "查看部门列表".into(), description: "查看部门列表".into(), module: "auth".into() },
+            PermissionDescriptor { code: "department.create".into(), name: "创建部门".into(), description: "创建部门".into(), module: "auth".into() },
+            PermissionDescriptor { code: "department.update".into(), name: "编辑部门".into(), description: "编辑部门".into(), module: "auth".into() },
+            PermissionDescriptor { code: "department.delete".into(), name: "删除部门".into(), description: "删除部门".into(), module: "auth".into() },
+            PermissionDescriptor { code: "position.list".into(), name: "查看岗位列表".into(), description: "查看岗位列表".into(), module: "auth".into() },
+            PermissionDescriptor { code: "position.create".into(), name: "创建岗位".into(), description: "创建岗位".into(), module: "auth".into() },
+            PermissionDescriptor { code: "position.update".into(), name: "编辑岗位".into(), description: "编辑岗位".into(), module: "auth".into() },
+            PermissionDescriptor { code: "position.delete".into(), name: "删除岗位".into(), description: "删除岗位".into(), module: "auth".into() },
+        ]
+    }
+
    fn as_any(&self) -> &dyn std::any::Any {
        self
    }
--- a/crates/erp-auth/src/service/seed.rs
+++ b/crates/erp-auth/src/service/seed.rs
@@ -302,6 +302,13 @@ const DEFAULT_PERMISSIONS: &[(&str, &str, &str, &str, &str)] = &[
        "create",
        "创建消息模板",
    ),
+    (
+        "message.template.manage",
+        "管理消息模板",
+        "message.template",
+        "manage",
+        "编辑、删除消息模板",
+    ),
    // === Plugin module ===
    (
        "plugin.admin",
@@ -339,13 +346,13 @@ const READ_PERM_INDICES: &[usize] = &[
    44, // workflow.read
    49, // message.list
    51, // message.template.list
-    53, // plugin.list
+    54, // plugin.list
 ];

 /// Seed default auth data for a new tenant.
 ///
 /// Creates:
-/// - 53 permissions covering auth/config/workflow/message modules
+/// - 56 permissions covering auth/config/workflow/message/plugin modules
 /// - An "admin" system role with all permissions
 /// - A "viewer" system role with read-only permissions
 /// - A super-admin user with the admin role and a password credential
--- a/crates/erp-config/src/module.rs
+++ b/crates/erp-config/src/module.rs
@@ -4,7 +4,7 @@ use uuid::Uuid;

 use erp_core::error::AppResult;
 use erp_core::events::EventBus;
-use erp_core::module::ErpModule;
+use erp_core::module::{ErpModule, PermissionDescriptor};

 use crate::handler::{
    dictionary_handler, language_handler, menu_handler, numbering_handler, setting_handler,
@@ -143,6 +143,29 @@ impl ErpModule for ConfigModule {
        Ok(())
    }

+    fn permissions(&self) -> Vec<PermissionDescriptor> {
+        vec![
+            PermissionDescriptor { code: "dictionary.list".into(), name: "查看字典".into(), description: "查看数据字典".into(), module: "config".into() },
+            PermissionDescriptor { code: "dictionary.create".into(), name: "创建字典".into(), description: "创建数据字典".into(), module: "config".into() },
+            PermissionDescriptor { code: "dictionary.update".into(), name: "编辑字典".into(), description: "编辑数据字典".into(), module: "config".into() },
+            PermissionDescriptor { code: "dictionary.delete".into(), name: "删除字典".into(), description: "删除数据字典".into(), module: "config".into() },
+            PermissionDescriptor { code: "menu.list".into(), name: "查看菜单".into(), description: "查看菜单配置".into(), module: "config".into() },
+            PermissionDescriptor { code: "menu.update".into(), name: "编辑菜单".into(), description: "编辑菜单配置".into(), module: "config".into() },
+            PermissionDescriptor { code: "setting.read".into(), name: "查看配置".into(), description: "查看系统参数".into(), module: "config".into() },
+            PermissionDescriptor { code: "setting.update".into(), name: "编辑配置".into(), description: "编辑系统参数".into(), module: "config".into() },
+            PermissionDescriptor { code: "setting.delete".into(), name: "删除配置".into(), description: "删除系统参数".into(), module: "config".into() },
+            PermissionDescriptor { code: "numbering.list".into(), name: "查看编号规则".into(), description: "查看编号规则".into(), module: "config".into() },
+            PermissionDescriptor { code: "numbering.create".into(), name: "创建编号规则".into(), description: "创建编号规则".into(), module: "config".into() },
+            PermissionDescriptor { code: "numbering.update".into(), name: "编辑编号规则".into(), description: "编辑编号规则".into(), module: "config".into() },
+            PermissionDescriptor { code: "numbering.delete".into(), name: "删除编号规则".into(), description: "删除编号规则".into(), module: "config".into() },
+            PermissionDescriptor { code: "numbering.generate".into(), name: "生成编号".into(), description: "生成文档编号".into(), module: "config".into() },
+            PermissionDescriptor { code: "theme.read".into(), name: "查看主题".into(), description: "查看主题设置".into(), module: "config".into() },
+            PermissionDescriptor { code: "theme.update".into(), name: "编辑主题".into(), description: "编辑主题设置".into(), module: "config".into() },
+            PermissionDescriptor { code: "language.list".into(), name: "查看语言".into(), description: "查看语言配置".into(), module: "config".into() },
+            PermissionDescriptor { code: "language.update".into(), name: "编辑语言".into(), description: "编辑语言设置".into(), module: "config".into() },
+        ]
+    }
+
    fn as_any(&self) -> &dyn std::any::Any {
        self
    }
--- a/crates/erp-message/src/module.rs
+++ b/crates/erp-message/src/module.rs
@@ -7,7 +7,7 @@ use uuid::Uuid;

 use erp_core::error::AppResult;
 use erp_core::events::EventBus;
-use erp_core::module::ErpModule;
+use erp_core::module::{ErpModule, PermissionDescriptor};

 use crate::entity::message_subscription;
 use crate::handler::{message_handler, sse_handler, subscription_handler, template_handler};
@@ -73,7 +73,13 @@ impl MessageModule {

                        // 先获取许可，再 spawn 任务
                        tokio::spawn(async move {
-                            let _permit = permit.acquire().await.unwrap();
+                            let _permit = match permit.acquire().await {
+                            Ok(p) => p,
+                            Err(_) => {
+                                tracing::warn!("信号量已关闭，跳过工作流事件处理");
+                                return;
+                            }
+                        };
                            if let Err(e) = handle_workflow_event(&event, &db, &event_bus).await {
                                tracing::warn!(
                                    event_type = %event.event_type,
@@ -135,6 +141,16 @@ impl ErpModule for MessageModule {
        Ok(())
    }

+    fn permissions(&self) -> Vec<PermissionDescriptor> {
+        vec![
+            PermissionDescriptor { code: "message.list".into(), name: "查看消息".into(), description: "查看消息列表".into(), module: "message".into() },
+            PermissionDescriptor { code: "message.send".into(), name: "发送消息".into(), description: "发送新消息".into(), module: "message".into() },
+            PermissionDescriptor { code: "message.template.list".into(), name: "查看消息模板".into(), description: "查看消息模板列表".into(), module: "message".into() },
+            PermissionDescriptor { code: "message.template.create".into(), name: "创建消息模板".into(), description: "创建消息模板".into(), module: "message".into() },
+            PermissionDescriptor { code: "message.template.manage".into(), name: "管理消息模板".into(), description: "编辑、删除消息模板".into(), module: "message".into() },
+        ]
+    }
+
    fn as_any(&self) -> &dyn std::any::Any {
        self
    }
--- a/crates/erp-plugin/src/module.rs
+++ b/crates/erp-plugin/src/module.rs
@@ -1,7 +1,7 @@
 use async_trait::async_trait;
 use axum::Router;
 use axum::routing::{delete, get, post, put};
-use erp_core::module::ErpModule;
+use erp_core::module::{ErpModule, PermissionDescriptor};

 pub struct PluginModule;

@@ -15,6 +15,13 @@ impl ErpModule for PluginModule {
        vec!["auth", "config"]
    }

+    fn permissions(&self) -> Vec<PermissionDescriptor> {
+        vec![
+            PermissionDescriptor { code: "plugin.admin".into(), name: "插件管理".into(), description: "管理插件全生命周期".into(), module: "plugin".into() },
+            PermissionDescriptor { code: "plugin.list".into(), name: "查看插件".into(), description: "查看插件列表".into(), module: "plugin".into() },
+        ]
+    }
+
    fn as_any(&self) -> &dyn std::any::Any {
        self
    }
--- a/crates/erp-workflow/src/module.rs
+++ b/crates/erp-workflow/src/module.rs
@@ -5,7 +5,7 @@ use uuid::Uuid;

 use erp_core::error::AppResult;
 use erp_core::events::EventBus;
-use erp_core::module::ErpModule;
+use erp_core::module::{ErpModule, PermissionDescriptor};

 use crate::handler::{definition_handler, instance_handler, task_handler};

@@ -340,6 +340,19 @@ impl ErpModule for WorkflowModule {
        Ok(())
    }

+    fn permissions(&self) -> Vec<PermissionDescriptor> {
+        vec![
+            PermissionDescriptor { code: "workflow.create".into(), name: "创建流程".into(), description: "创建流程定义".into(), module: "workflow".into() },
+            PermissionDescriptor { code: "workflow.list".into(), name: "查看流程".into(), description: "查看流程列表".into(), module: "workflow".into() },
+            PermissionDescriptor { code: "workflow.read".into(), name: "查看流程详情".into(), description: "查看流程定义详情".into(), module: "workflow".into() },
+            PermissionDescriptor { code: "workflow.update".into(), name: "编辑流程".into(), description: "编辑流程定义".into(), module: "workflow".into() },
+            PermissionDescriptor { code: "workflow.publish".into(), name: "发布流程".into(), description: "发布流程定义".into(), module: "workflow".into() },
+            PermissionDescriptor { code: "workflow.start".into(), name: "发起流程".into(), description: "发起流程实例".into(), module: "workflow".into() },
+            PermissionDescriptor { code: "workflow.approve".into(), name: "审批任务".into(), description: "审批流程任务".into(), module: "workflow".into() },
+            PermissionDescriptor { code: "workflow.delegate".into(), name: "委派任务".into(), description: "委派流程任务".into(), module: "workflow".into() },
+        ]
+    }
+
    fn as_any(&self) -> &dyn std::any::Any {
        self
    }