feat: update audit platform workspace

fastapi_modules/fastapi_leaudit/services/impl/ruleServiceImpl.py

@@ -793,6 +793,7 @@ class RuleServiceImpl(IRuleService):
             await self._assert_document_type_access(Session, DocTypeId, current_user)
             GroupId = await self._resolve_unique_accessible_child_group_id(Session, DocTypeId, current_user)
             if GroupId is not None:
+                binding_scope = self._build_group_binding_scope_payload(current_user)
                 ExistingGroupBinding = await Session.execute(
                     text(
                         """
@@ -800,11 +801,16 @@ class RuleServiceImpl(IRuleService):
                         FROM leaudit_rule_group_bindings
                         WHERE group_id = :group_id
                           AND rule_set_id = :rule_set_id
+                          AND COALESCE(NULLIF(BTRIM(tenant_code), ''), 'PROVINCIAL') = :tenant_code
                           AND deleted_at IS NULL
                         LIMIT 1
                         """
                     ),
-                    {"group_id": GroupId, "rule_set_id": RuleSetId},
+                    {
+                        "group_id": GroupId,
+                        "rule_set_id": RuleSetId,
+                        "tenant_code": binding_scope["tenant_code"],
+                    },
                 )
                 if ExistingGroupBinding.mappings().first():
                     raise LeauditException(StatusCodeEnum.HTTP_409_CONFLICT, "该文档类型对应子组已绑定此规则集")
@@ -815,6 +821,9 @@ class RuleServiceImpl(IRuleService):
                         INSERT INTO leaudit_rule_group_bindings (
                             group_id,
                             rule_set_id,
+                            tenant_code,
+                            scope_type,
+                            tenant_name_snapshot,
                             priority,
                             is_active,
                             note,
@@ -823,6 +832,9 @@ class RuleServiceImpl(IRuleService):
                         ) VALUES (
                             :group_id,
                             :rule_set_id,
+                            :tenant_code,
+                            :scope_type,
+                            :tenant_name_snapshot,
                             :priority,
                             true,
                             :note,
@@ -835,6 +847,9 @@ class RuleServiceImpl(IRuleService):
                     {
                         "group_id": GroupId,
                         "rule_set_id": RuleSetId,
+                        "tenant_code": binding_scope["tenant_code"],
+                        "scope_type": binding_scope["scope_type"],
+                        "tenant_name_snapshot": binding_scope["tenant_name_snapshot"],
                         "priority": Priority,
                         "note": Note,
                     },
@@ -1177,6 +1192,23 @@ class RuleServiceImpl(IRuleService):
             "note": "由租户规则集派生自动补绑",
         }
 
+    def _build_group_binding_scope_payload(self, current_user: dict[str, object] | None) -> dict[str, object | None]:
+        if current_user and not current_user.get("is_global"):
+            tenant_code = normalize_scoped_tenant_code(str(current_user.get("tenant_code") or ""), default="")
+            if not tenant_code:
+                raise LeauditException(StatusCodeEnum.HTTP_403_FORBIDDEN, "当前租户上下文缺失，不能绑定规则集")
+            return {
+                "tenant_code": tenant_code,
+                "scope_type": "TENANT",
+                "tenant_name_snapshot": str(current_user.get("tenant_name") or "").strip() or None,
+            }
+
+        return {
+            "tenant_code": "PROVINCIAL",
+            "scope_type": "PROVINCIAL",
+            "tenant_name_snapshot": None,
+        }
+
     async def _load_source_group_binding_ids(self, Session, source_rule_set_id: int) -> list[int]:
         if not await self._column_exists(Session, "leaudit_rule_group_bindings", "tenant_code"):
             return []