hms/crates/erp-auth/src/handler/user_handler.rs

use axum::Extension;
use axum::extract::{FromRef, Path, Query, State};
use axum::response::Json;
use validator::Validate;

use erp_core::error::AppError;
use erp_core::types::{ApiResponse, PaginatedResponse, Pagination, TenantContext};
use uuid::Uuid;

use crate::auth_state::AuthState;
use crate::dto::{CreateUserReq, UpdateUserReq, UserResp};
use erp_core::rbac::require_permission;
use crate::service::user_service::UserService;

/// GET /api/v1/users
///
/// List users within the current tenant with pagination.
/// Requires the `user.list` permission.
pub async fn list_users<S>(
    State(state): State<AuthState>,
    Extension(ctx): Extension<TenantContext>,
    Query(pagination): Query<Pagination>,
) -> Result<Json<ApiResponse<PaginatedResponse<UserResp>>>, AppError>
where
    AuthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
{
    require_permission(&ctx, "user.list")?;

    let (users, total) = UserService::list(ctx.tenant_id, &pagination, &state.db).await?;

    let page = pagination.page.unwrap_or(1);
    let page_size = pagination.limit();
    let total_pages = total.div_ceil(page_size);

    Ok(Json(ApiResponse::ok(PaginatedResponse {
        data: users,
        total,
        page,
        page_size,
        total_pages,
    })))
}

/// POST /api/v1/users
///
/// Create a new user within the current tenant.
/// Requires the `user.create` permission.
pub async fn create_user<S>(
    State(state): State<AuthState>,
    Extension(ctx): Extension<TenantContext>,
    Json(req): Json<CreateUserReq>,
) -> Result<Json<ApiResponse<UserResp>>, AppError>
where
    AuthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
{
    require_permission(&ctx, "user.create")?;

    req.validate()
        .map_err(|e| AppError::Validation(e.to_string()))?;

    let user = UserService::create(
        ctx.tenant_id,
        ctx.user_id,
        &req,
        &state.db,
        &state.event_bus,
    )
    .await?;

    Ok(Json(ApiResponse::ok(user)))
}

/// GET /api/v1/users/:id
///
/// Fetch a single user by ID within the current tenant.
/// Requires the `user.read` permission.
pub async fn get_user<S>(
    State(state): State<AuthState>,
    Extension(ctx): Extension<TenantContext>,
    Path(id): Path<Uuid>,
) -> Result<Json<ApiResponse<UserResp>>, AppError>
where
    AuthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
{
    require_permission(&ctx, "user.read")?;

    let user = UserService::get_by_id(id, ctx.tenant_id, &state.db).await?;
    Ok(Json(ApiResponse::ok(user)))
}

/// PUT /api/v1/users/:id
///
/// Update editable user fields.
/// Requires the `user.update` permission.
pub async fn update_user<S>(
    State(state): State<AuthState>,
    Extension(ctx): Extension<TenantContext>,
    Path(id): Path<Uuid>,
    Json(req): Json<UpdateUserReq>,
) -> Result<Json<ApiResponse<UserResp>>, AppError>
where
    AuthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
{
    require_permission(&ctx, "user.update")?;

    let user =
        UserService::update(id, ctx.tenant_id, ctx.user_id, &req, &state.db).await?;
    Ok(Json(ApiResponse::ok(user)))
}

/// DELETE /api/v1/users/:id
///
/// Soft-delete a user by ID within the current tenant.
/// Requires the `user.delete` permission.
pub async fn delete_user<S>(
    State(state): State<AuthState>,
    Extension(ctx): Extension<TenantContext>,
    Path(id): Path<Uuid>,
) -> Result<Json<ApiResponse<()>>, AppError>
where
    AuthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
{
    require_permission(&ctx, "user.delete")?;

    UserService::delete(id, ctx.tenant_id, ctx.user_id, &state.db, &state.event_bus).await?;

    Ok(Json(ApiResponse {
        success: true,
        data: None,
        message: Some("用户已删除".to_string()),
    }))
}