feat(auth+config+workflow+message+plugin): 为 5 个基础模块添加 permissions() 声明

- erp-auth: 23 个权限码（用户/角色/权限/组织/部门/岗位） - erp-config: 18 个权限码（字典/菜单/配置/编号/主题/语言） - erp-workflow: 8 个权限码（流程定义/实例/任务） - erp-message: 5 个权限码（消息/模板），补充缺失的 message.template.manage - erp-plugin: 2 个权限码（插件管理/查看） - 同步更新 seed.rs 的 READ_PERM_INDICES 索引和权限计数使得 sync_module_permissions() 可以动态注册这些权限，与 erp-health/erp-dialysis/erp-ai 模式一致。
2026-04-30 22:41:26 +08:00
parent 8f9895be98
commit f05ca00c75
6 changed files with 102 additions and 8 deletions
--- a/crates/erp-auth/src/module.rs
+++ b/crates/erp-auth/src/module.rs
@@ -3,7 +3,7 @@ use uuid::Uuid;

 use erp_core::error::AppResult;
 use erp_core::events::EventBus;
-use erp_core::module::ErpModule;
+use erp_core::module::{ErpModule, PermissionDescriptor};

 use crate::handler::{auth_handler, org_handler, role_handler, user_handler, wechat_handler};

@@ -208,6 +208,34 @@ impl ErpModule for AuthModule {
        Ok(())
    }

+    fn permissions(&self) -> Vec<PermissionDescriptor> {
+        vec![
+            PermissionDescriptor { code: "user.list".into(), name: "查看用户列表".into(), description: "查看用户列表".into(), module: "auth".into() },
+            PermissionDescriptor { code: "user.create".into(), name: "创建用户".into(), description: "创建新用户".into(), module: "auth".into() },
+            PermissionDescriptor { code: "user.read".into(), name: "查看用户详情".into(), description: "查看用户信息".into(), module: "auth".into() },
+            PermissionDescriptor { code: "user.update".into(), name: "编辑用户".into(), description: "编辑用户信息".into(), module: "auth".into() },
+            PermissionDescriptor { code: "user.delete".into(), name: "删除用户".into(), description: "软删除用户".into(), module: "auth".into() },
+            PermissionDescriptor { code: "role.list".into(), name: "查看角色列表".into(), description: "查看角色列表".into(), module: "auth".into() },
+            PermissionDescriptor { code: "role.create".into(), name: "创建角色".into(), description: "创建新角色".into(), module: "auth".into() },
+            PermissionDescriptor { code: "role.read".into(), name: "查看角色详情".into(), description: "查看角色信息".into(), module: "auth".into() },
+            PermissionDescriptor { code: "role.update".into(), name: "编辑角色".into(), description: "编辑角色".into(), module: "auth".into() },
+            PermissionDescriptor { code: "role.delete".into(), name: "删除角色".into(), description: "删除角色".into(), module: "auth".into() },
+            PermissionDescriptor { code: "permission.list".into(), name: "查看权限".into(), description: "查看权限列表".into(), module: "auth".into() },
+            PermissionDescriptor { code: "organization.list".into(), name: "查看组织列表".into(), description: "查看组织列表".into(), module: "auth".into() },
+            PermissionDescriptor { code: "organization.create".into(), name: "创建组织".into(), description: "创建组织".into(), module: "auth".into() },
+            PermissionDescriptor { code: "organization.update".into(), name: "编辑组织".into(), description: "编辑组织".into(), module: "auth".into() },
+            PermissionDescriptor { code: "organization.delete".into(), name: "删除组织".into(), description: "删除组织".into(), module: "auth".into() },
+            PermissionDescriptor { code: "department.list".into(), name: "查看部门列表".into(), description: "查看部门列表".into(), module: "auth".into() },
+            PermissionDescriptor { code: "department.create".into(), name: "创建部门".into(), description: "创建部门".into(), module: "auth".into() },
+            PermissionDescriptor { code: "department.update".into(), name: "编辑部门".into(), description: "编辑部门".into(), module: "auth".into() },
+            PermissionDescriptor { code: "department.delete".into(), name: "删除部门".into(), description: "删除部门".into(), module: "auth".into() },
+            PermissionDescriptor { code: "position.list".into(), name: "查看岗位列表".into(), description: "查看岗位列表".into(), module: "auth".into() },
+            PermissionDescriptor { code: "position.create".into(), name: "创建岗位".into(), description: "创建岗位".into(), module: "auth".into() },
+            PermissionDescriptor { code: "position.update".into(), name: "编辑岗位".into(), description: "编辑岗位".into(), module: "auth".into() },
+            PermissionDescriptor { code: "position.delete".into(), name: "删除岗位".into(), description: "删除岗位".into(), module: "auth".into() },
+        ]
+    }
+
    fn as_any(&self) -> &dyn std::any::Any {
        self
    }
--- a/crates/erp-auth/src/service/seed.rs
+++ b/crates/erp-auth/src/service/seed.rs
@@ -302,6 +302,13 @@ const DEFAULT_PERMISSIONS: &[(&str, &str, &str, &str, &str)] = &[
        "create",
        "创建消息模板",
    ),
+    (
+        "message.template.manage",
+        "管理消息模板",
+        "message.template",
+        "manage",
+        "编辑、删除消息模板",
+    ),
    // === Plugin module ===
    (
        "plugin.admin",
@@ -339,13 +346,13 @@ const READ_PERM_INDICES: &[usize] = &[
    44, // workflow.read
    49, // message.list
    51, // message.template.list
-    53, // plugin.list
+    54, // plugin.list
 ];

 /// Seed default auth data for a new tenant.
 ///
 /// Creates:
-/// - 53 permissions covering auth/config/workflow/message modules
+/// - 56 permissions covering auth/config/workflow/message/plugin modules
 /// - An "admin" system role with all permissions
 /// - A "viewer" system role with read-only permissions
 /// - A super-admin user with the admin role and a password credential