diff --git a/crates/erp-health/src/service/doctor_service.rs b/crates/erp-health/src/service/doctor_service.rs index 0309779..f3e8a14 100644 --- a/crates/erp-health/src/service/doctor_service.rs +++ b/crates/erp-health/src/service/doctor_service.rs @@ -142,6 +142,16 @@ pub async fn update_doctor( .map_err(|_| HealthError::VersionMismatch)?; let old_online_status = model.online_status.clone(); + // 记录变更前的关键字段(license_number 为加密值,不记录原文) + let old_values = serde_json::json!({ + "name": model.name, + "department": model.department, + "title": model.title, + "specialty": model.specialty, + "bio": model.bio, + "online_status": model.online_status, + }); + let mut active: doctor_profile::ActiveModel = model.into(); if let Some(v) = req.name { active.name = Set(v); } if let Some(v) = req.department { active.department = Set(Some(v)); } @@ -173,9 +183,20 @@ pub async fn update_doctor( let updated = active.update(&state.db).await?; + // 变更后快照 + let new_values = serde_json::json!({ + "name": updated.name, + "department": updated.department, + "title": updated.title, + "specialty": updated.specialty, + "bio": updated.bio, + "online_status": updated.online_status, + }); + audit_service::record( AuditLog::new(tenant_id, operator_id, "doctor.updated", "doctor") - .with_resource_id(updated.id), + .with_resource_id(updated.id) + .with_changes(Some(old_values), Some(new_values)), &state.db, ).await; @@ -242,8 +263,7 @@ fn model_to_resp(m: doctor_profile::Model) -> DoctorResp { fn model_to_resp_decrypted(crypto: &erp_core::crypto::PiiCrypto, m: doctor_profile::Model) -> DoctorResp { let license = m.license_number.as_ref() - .map(|l| pii::decrypt(crypto.kek(), l).unwrap_or_else(|_| l.clone())) - .map(|l| pii::mask_license_number(&l)); + .map(|l| pii::decrypt(crypto.kek(), l).unwrap_or_else(|_| l.clone())); DoctorResp { id: m.id, user_id: m.user_id,