hms/crates/erp-health/src/handler/article_handler.rs

use axum::Extension;
use axum::extract::{FromRef, Json, Path, Query, State};

use erp_core::error::AppError;
use erp_core::rbac::{require_any_permission, require_permission};
use erp_core::types::{ApiResponse, PaginatedResponse, TenantContext};

use crate::dto::article_dto::{ArticleListItem, ArticleListParams, ArticleResp, CreateArticleReq, ReviewArticleReq, UpdateArticleReq};
use crate::service::article_service;
use crate::state::HealthState;

pub async fn list_articles<S>(
    State(state): State<HealthState>,
    Extension(ctx): Extension<TenantContext>,
    Query(params): Query<ArticleListParams>,
) -> Result<Json<ApiResponse<PaginatedResponse<ArticleListItem>>>, AppError>
where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
{
    require_permission(&ctx, "health.articles.list")?;
    let page = params.page.unwrap_or(1);
    let page_size = params.page_size.unwrap_or(20);
    // 非管理权限用户只能查看已发布文章，防止草稿泄露
    let status = if require_any_permission(&ctx, &["health.articles.manage", "health.articles.review"]).is_ok() {
        params.status
    } else {
        Some("published".to_string())
    };
    let result = article_service::list_articles(
        &state, ctx.tenant_id, page, page_size,
        params.category, status, params.category_id, params.tag_id, params.keyword,
    )
    .await?;
    Ok(Json(ApiResponse::ok(result)))
}

pub async fn get_article<S>(
    State(state): State<HealthState>,
    Extension(ctx): Extension<TenantContext>,
    Path(id): Path<uuid::Uuid>,
) -> Result<Json<ApiResponse<ArticleResp>>, AppError>
where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
{
    require_permission(&ctx, "health.articles.list")?;
    let is_admin = require_any_permission(&ctx, &["health.articles.manage", "health.articles.review"]).is_ok();
    let result = article_service::get_article(&state, ctx.tenant_id, id, is_admin).await?;
    Ok(Json(ApiResponse::ok(result)))
}

pub async fn create_article<S>(
    State(state): State<HealthState>,
    Extension(ctx): Extension<TenantContext>,
    mut req: Json<CreateArticleReq>,
) -> Result<Json<ApiResponse<ArticleResp>>, AppError>
where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
{
    require_permission(&ctx, "health.articles.manage")?;
    req.sanitize();
    let result = article_service::create_article(
        &state, ctx.tenant_id, Some(ctx.user_id), req.0,
    ).await?;
    Ok(Json(ApiResponse::ok(result)))
}

pub async fn update_article<S>(
    State(state): State<HealthState>,
    Extension(ctx): Extension<TenantContext>,
    Path(id): Path<uuid::Uuid>,
    mut req: Json<UpdateArticleReq>,
) -> Result<Json<ApiResponse<ArticleResp>>, AppError>
where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
{
    require_permission(&ctx, "health.articles.manage")?;
    req.sanitize();
    let result = article_service::update_article(
        &state, ctx.tenant_id, id, Some(ctx.user_id), req.0,
    ).await?;
    Ok(Json(ApiResponse::ok(result)))
}

#[derive(Debug, serde::Deserialize, utoipa::ToSchema)]
pub struct DeleteArticleReq {
    pub version: i32,
}

pub async fn delete_article<S>(
    State(state): State<HealthState>,
    Extension(ctx): Extension<TenantContext>,
    Path(id): Path<uuid::Uuid>,
    Json(req): Json<DeleteArticleReq>,
) -> Result<Json<ApiResponse<()>>, AppError>
where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
{
    require_permission(&ctx, "health.articles.manage")?;
    article_service::delete_article(&state, ctx.tenant_id, id, Some(ctx.user_id), req.version).await?;
    Ok(Json(ApiResponse::ok(())))
}

// ---------------------------------------------------------------------------
// 审核工作流
// ---------------------------------------------------------------------------

#[derive(Debug, serde::Deserialize, utoipa::ToSchema)]
pub struct VersionReq {
    pub version: i32,
}

/// 提交审核
pub async fn submit_article<S>(
    State(state): State<HealthState>,
    Extension(ctx): Extension<TenantContext>,
    Path(id): Path<uuid::Uuid>,
    Json(req): Json<VersionReq>,
) -> Result<Json<ApiResponse<ArticleResp>>, AppError>
where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
{
    require_permission(&ctx, "health.articles.manage")?;
    let result = article_service::submit_article(
        &state, ctx.tenant_id, id, Some(ctx.user_id), req.version,
    ).await?;
    Ok(Json(ApiResponse::ok(result)))
}

/// 审核通过并发布
pub async fn approve_article<S>(
    State(state): State<HealthState>,
    Extension(ctx): Extension<TenantContext>,
    Path(id): Path<uuid::Uuid>,
    mut req: Json<ReviewArticleReq>,
) -> Result<Json<ApiResponse<ArticleResp>>, AppError>
where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
{
    require_permission(&ctx, "health.articles.review")?;
    req.sanitize();
    let version = req.version.unwrap_or(0);
    let result = article_service::approve_article(
        &state, ctx.tenant_id, id, Some(ctx.user_id), req.0, version,
    ).await?;
    Ok(Json(ApiResponse::ok(result)))
}

/// 审核拒绝
pub async fn reject_article<S>(
    State(state): State<HealthState>,
    Extension(ctx): Extension<TenantContext>,
    Path(id): Path<uuid::Uuid>,
    mut req: Json<ReviewArticleReq>,
) -> Result<Json<ApiResponse<ArticleResp>>, AppError>
where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
{
    require_permission(&ctx, "health.articles.review")?;
    req.sanitize();
    let version = req.version.unwrap_or(0);
    let result = article_service::reject_article(
        &state, ctx.tenant_id, id, Some(ctx.user_id), req.0, version,
    ).await?;
    Ok(Json(ApiResponse::ok(result)))
}

/// 撤回发布
pub async fn unpublish_article<S>(
    State(state): State<HealthState>,
    Extension(ctx): Extension<TenantContext>,
    Path(id): Path<uuid::Uuid>,
    Json(req): Json<VersionReq>,
) -> Result<Json<ApiResponse<ArticleResp>>, AppError>
where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
{
    require_permission(&ctx, "health.articles.manage")?;
    let result = article_service::unpublish_article(
        &state, ctx.tenant_id, id, Some(ctx.user_id), req.version,
    ).await?;
    Ok(Json(ApiResponse::ok(result)))
}

/// 浏览计数
pub async fn view_article<S>(
    State(state): State<HealthState>,
    Extension(ctx): Extension<TenantContext>,
    Path(id): Path<uuid::Uuid>,
) -> Result<Json<ApiResponse<()>>, AppError>
where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
{
    article_service::increment_view_count(&state, ctx.tenant_id, id).await?;
    Ok(Json(ApiResponse::ok(())))
}

#[derive(Debug, serde::Deserialize)]
pub struct ListRevisionsQuery {
    pub page: Option<u64>,
    pub page_size: Option<u64>,
}

/// 查询文章修订历史
pub async fn list_revisions<S>(
    State(state): State<HealthState>,
    Extension(ctx): Extension<TenantContext>,
    Path(id): Path<uuid::Uuid>,
    Query(params): Query<ListRevisionsQuery>,
) -> Result<Json<ApiResponse<PaginatedResponse<crate::dto::article_dto::ArticleRevisionResp>>>, AppError>
where
    HealthState: FromRef<S>,
    S: Clone + Send + Sync + 'static,
{
    require_permission(&ctx, "health.articles.list")?;
    let page = params.page.unwrap_or(1);
    let page_size = params.page_size.unwrap_or(20);
    let result = article_service::list_revisions(
        &state, ctx.tenant_id, id, page, page_size,
    ).await?;
    Ok(Json(ApiResponse::ok(result)))
}