diff --git a/crates/erp-auth/src/module.rs b/crates/erp-auth/src/module.rs index 1cabf38..228b8f7 100644 --- a/crates/erp-auth/src/module.rs +++ b/crates/erp-auth/src/module.rs @@ -3,7 +3,7 @@ use uuid::Uuid; use erp_core::error::AppResult; use erp_core::events::EventBus; -use erp_core::module::ErpModule; +use erp_core::module::{ErpModule, PermissionDescriptor}; use crate::handler::{auth_handler, org_handler, role_handler, user_handler, wechat_handler}; @@ -208,6 +208,34 @@ impl ErpModule for AuthModule { Ok(()) } + fn permissions(&self) -> Vec { + vec![ + PermissionDescriptor { code: "user.list".into(), name: "查看用户列表".into(), description: "查看用户列表".into(), module: "auth".into() }, + PermissionDescriptor { code: "user.create".into(), name: "创建用户".into(), description: "创建新用户".into(), module: "auth".into() }, + PermissionDescriptor { code: "user.read".into(), name: "查看用户详情".into(), description: "查看用户信息".into(), module: "auth".into() }, + PermissionDescriptor { code: "user.update".into(), name: "编辑用户".into(), description: "编辑用户信息".into(), module: "auth".into() }, + PermissionDescriptor { code: "user.delete".into(), name: "删除用户".into(), description: "软删除用户".into(), module: "auth".into() }, + PermissionDescriptor { code: "role.list".into(), name: "查看角色列表".into(), description: "查看角色列表".into(), module: "auth".into() }, + PermissionDescriptor { code: "role.create".into(), name: "创建角色".into(), description: "创建新角色".into(), module: "auth".into() }, + PermissionDescriptor { code: "role.read".into(), name: "查看角色详情".into(), description: "查看角色信息".into(), module: "auth".into() }, + PermissionDescriptor { code: "role.update".into(), name: "编辑角色".into(), description: "编辑角色".into(), module: "auth".into() }, + PermissionDescriptor { code: "role.delete".into(), name: "删除角色".into(), description: "删除角色".into(), module: "auth".into() }, + PermissionDescriptor { code: "permission.list".into(), name: "查看权限".into(), description: "查看权限列表".into(), module: "auth".into() }, + PermissionDescriptor { code: "organization.list".into(), name: "查看组织列表".into(), description: "查看组织列表".into(), module: "auth".into() }, + PermissionDescriptor { code: "organization.create".into(), name: "创建组织".into(), description: "创建组织".into(), module: "auth".into() }, + PermissionDescriptor { code: "organization.update".into(), name: "编辑组织".into(), description: "编辑组织".into(), module: "auth".into() }, + PermissionDescriptor { code: "organization.delete".into(), name: "删除组织".into(), description: "删除组织".into(), module: "auth".into() }, + PermissionDescriptor { code: "department.list".into(), name: "查看部门列表".into(), description: "查看部门列表".into(), module: "auth".into() }, + PermissionDescriptor { code: "department.create".into(), name: "创建部门".into(), description: "创建部门".into(), module: "auth".into() }, + PermissionDescriptor { code: "department.update".into(), name: "编辑部门".into(), description: "编辑部门".into(), module: "auth".into() }, + PermissionDescriptor { code: "department.delete".into(), name: "删除部门".into(), description: "删除部门".into(), module: "auth".into() }, + PermissionDescriptor { code: "position.list".into(), name: "查看岗位列表".into(), description: "查看岗位列表".into(), module: "auth".into() }, + PermissionDescriptor { code: "position.create".into(), name: "创建岗位".into(), description: "创建岗位".into(), module: "auth".into() }, + PermissionDescriptor { code: "position.update".into(), name: "编辑岗位".into(), description: "编辑岗位".into(), module: "auth".into() }, + PermissionDescriptor { code: "position.delete".into(), name: "删除岗位".into(), description: "删除岗位".into(), module: "auth".into() }, + ] + } + fn as_any(&self) -> &dyn std::any::Any { self } diff --git a/crates/erp-auth/src/service/seed.rs b/crates/erp-auth/src/service/seed.rs index 005d041..57dcb00 100644 --- a/crates/erp-auth/src/service/seed.rs +++ b/crates/erp-auth/src/service/seed.rs @@ -302,6 +302,13 @@ const DEFAULT_PERMISSIONS: &[(&str, &str, &str, &str, &str)] = &[ "create", "创建消息模板", ), + ( + "message.template.manage", + "管理消息模板", + "message.template", + "manage", + "编辑、删除消息模板", + ), // === Plugin module === ( "plugin.admin", @@ -339,13 +346,13 @@ const READ_PERM_INDICES: &[usize] = &[ 44, // workflow.read 49, // message.list 51, // message.template.list - 53, // plugin.list + 54, // plugin.list ]; /// Seed default auth data for a new tenant. /// /// Creates: -/// - 53 permissions covering auth/config/workflow/message modules +/// - 56 permissions covering auth/config/workflow/message/plugin modules /// - An "admin" system role with all permissions /// - A "viewer" system role with read-only permissions /// - A super-admin user with the admin role and a password credential diff --git a/crates/erp-config/src/module.rs b/crates/erp-config/src/module.rs index 1131bde..17522b8 100644 --- a/crates/erp-config/src/module.rs +++ b/crates/erp-config/src/module.rs @@ -4,7 +4,7 @@ use uuid::Uuid; use erp_core::error::AppResult; use erp_core::events::EventBus; -use erp_core::module::ErpModule; +use erp_core::module::{ErpModule, PermissionDescriptor}; use crate::handler::{ dictionary_handler, language_handler, menu_handler, numbering_handler, setting_handler, @@ -143,6 +143,29 @@ impl ErpModule for ConfigModule { Ok(()) } + fn permissions(&self) -> Vec { + vec![ + PermissionDescriptor { code: "dictionary.list".into(), name: "查看字典".into(), description: "查看数据字典".into(), module: "config".into() }, + PermissionDescriptor { code: "dictionary.create".into(), name: "创建字典".into(), description: "创建数据字典".into(), module: "config".into() }, + PermissionDescriptor { code: "dictionary.update".into(), name: "编辑字典".into(), description: "编辑数据字典".into(), module: "config".into() }, + PermissionDescriptor { code: "dictionary.delete".into(), name: "删除字典".into(), description: "删除数据字典".into(), module: "config".into() }, + PermissionDescriptor { code: "menu.list".into(), name: "查看菜单".into(), description: "查看菜单配置".into(), module: "config".into() }, + PermissionDescriptor { code: "menu.update".into(), name: "编辑菜单".into(), description: "编辑菜单配置".into(), module: "config".into() }, + PermissionDescriptor { code: "setting.read".into(), name: "查看配置".into(), description: "查看系统参数".into(), module: "config".into() }, + PermissionDescriptor { code: "setting.update".into(), name: "编辑配置".into(), description: "编辑系统参数".into(), module: "config".into() }, + PermissionDescriptor { code: "setting.delete".into(), name: "删除配置".into(), description: "删除系统参数".into(), module: "config".into() }, + PermissionDescriptor { code: "numbering.list".into(), name: "查看编号规则".into(), description: "查看编号规则".into(), module: "config".into() }, + PermissionDescriptor { code: "numbering.create".into(), name: "创建编号规则".into(), description: "创建编号规则".into(), module: "config".into() }, + PermissionDescriptor { code: "numbering.update".into(), name: "编辑编号规则".into(), description: "编辑编号规则".into(), module: "config".into() }, + PermissionDescriptor { code: "numbering.delete".into(), name: "删除编号规则".into(), description: "删除编号规则".into(), module: "config".into() }, + PermissionDescriptor { code: "numbering.generate".into(), name: "生成编号".into(), description: "生成文档编号".into(), module: "config".into() }, + PermissionDescriptor { code: "theme.read".into(), name: "查看主题".into(), description: "查看主题设置".into(), module: "config".into() }, + PermissionDescriptor { code: "theme.update".into(), name: "编辑主题".into(), description: "编辑主题设置".into(), module: "config".into() }, + PermissionDescriptor { code: "language.list".into(), name: "查看语言".into(), description: "查看语言配置".into(), module: "config".into() }, + PermissionDescriptor { code: "language.update".into(), name: "编辑语言".into(), description: "编辑语言设置".into(), module: "config".into() }, + ] + } + fn as_any(&self) -> &dyn std::any::Any { self } diff --git a/crates/erp-message/src/module.rs b/crates/erp-message/src/module.rs index d9c415d..06a2fb9 100644 --- a/crates/erp-message/src/module.rs +++ b/crates/erp-message/src/module.rs @@ -7,7 +7,7 @@ use uuid::Uuid; use erp_core::error::AppResult; use erp_core::events::EventBus; -use erp_core::module::ErpModule; +use erp_core::module::{ErpModule, PermissionDescriptor}; use crate::entity::message_subscription; use crate::handler::{message_handler, sse_handler, subscription_handler, template_handler}; @@ -73,7 +73,13 @@ impl MessageModule { // 先获取许可,再 spawn 任务 tokio::spawn(async move { - let _permit = permit.acquire().await.unwrap(); + let _permit = match permit.acquire().await { + Ok(p) => p, + Err(_) => { + tracing::warn!("信号量已关闭,跳过工作流事件处理"); + return; + } + }; if let Err(e) = handle_workflow_event(&event, &db, &event_bus).await { tracing::warn!( event_type = %event.event_type, @@ -135,6 +141,16 @@ impl ErpModule for MessageModule { Ok(()) } + fn permissions(&self) -> Vec { + vec![ + PermissionDescriptor { code: "message.list".into(), name: "查看消息".into(), description: "查看消息列表".into(), module: "message".into() }, + PermissionDescriptor { code: "message.send".into(), name: "发送消息".into(), description: "发送新消息".into(), module: "message".into() }, + PermissionDescriptor { code: "message.template.list".into(), name: "查看消息模板".into(), description: "查看消息模板列表".into(), module: "message".into() }, + PermissionDescriptor { code: "message.template.create".into(), name: "创建消息模板".into(), description: "创建消息模板".into(), module: "message".into() }, + PermissionDescriptor { code: "message.template.manage".into(), name: "管理消息模板".into(), description: "编辑、删除消息模板".into(), module: "message".into() }, + ] + } + fn as_any(&self) -> &dyn std::any::Any { self } diff --git a/crates/erp-plugin/src/module.rs b/crates/erp-plugin/src/module.rs index 138ccc7..bdf530b 100644 --- a/crates/erp-plugin/src/module.rs +++ b/crates/erp-plugin/src/module.rs @@ -1,7 +1,7 @@ use async_trait::async_trait; use axum::Router; use axum::routing::{delete, get, post, put}; -use erp_core::module::ErpModule; +use erp_core::module::{ErpModule, PermissionDescriptor}; pub struct PluginModule; @@ -15,6 +15,13 @@ impl ErpModule for PluginModule { vec!["auth", "config"] } + fn permissions(&self) -> Vec { + vec![ + PermissionDescriptor { code: "plugin.admin".into(), name: "插件管理".into(), description: "管理插件全生命周期".into(), module: "plugin".into() }, + PermissionDescriptor { code: "plugin.list".into(), name: "查看插件".into(), description: "查看插件列表".into(), module: "plugin".into() }, + ] + } + fn as_any(&self) -> &dyn std::any::Any { self } diff --git a/crates/erp-workflow/src/module.rs b/crates/erp-workflow/src/module.rs index 03744e5..c5e8063 100644 --- a/crates/erp-workflow/src/module.rs +++ b/crates/erp-workflow/src/module.rs @@ -5,7 +5,7 @@ use uuid::Uuid; use erp_core::error::AppResult; use erp_core::events::EventBus; -use erp_core::module::ErpModule; +use erp_core::module::{ErpModule, PermissionDescriptor}; use crate::handler::{definition_handler, instance_handler, task_handler}; @@ -340,6 +340,19 @@ impl ErpModule for WorkflowModule { Ok(()) } + fn permissions(&self) -> Vec { + vec![ + PermissionDescriptor { code: "workflow.create".into(), name: "创建流程".into(), description: "创建流程定义".into(), module: "workflow".into() }, + PermissionDescriptor { code: "workflow.list".into(), name: "查看流程".into(), description: "查看流程列表".into(), module: "workflow".into() }, + PermissionDescriptor { code: "workflow.read".into(), name: "查看流程详情".into(), description: "查看流程定义详情".into(), module: "workflow".into() }, + PermissionDescriptor { code: "workflow.update".into(), name: "编辑流程".into(), description: "编辑流程定义".into(), module: "workflow".into() }, + PermissionDescriptor { code: "workflow.publish".into(), name: "发布流程".into(), description: "发布流程定义".into(), module: "workflow".into() }, + PermissionDescriptor { code: "workflow.start".into(), name: "发起流程".into(), description: "发起流程实例".into(), module: "workflow".into() }, + PermissionDescriptor { code: "workflow.approve".into(), name: "审批任务".into(), description: "审批流程任务".into(), module: "workflow".into() }, + PermissionDescriptor { code: "workflow.delegate".into(), name: "委派任务".into(), description: "委派流程任务".into(), module: "workflow".into() }, + ] + } + fn as_any(&self) -> &dyn std::any::Any { self }