fix: update_by增加enterprise_id过滤，防止跨企业员工数据覆盖

backend/app/plugin/module_payment/employee/crud.py

@@ -26,11 +26,21 @@ class EmployeeCRUD(CRUDBase[EmployeeModel, EmployeeCreateOrUpdateSchema, Employe
         employee_mobile: Optional[str] = None, 
         employee_email: Optional[str] = None, 
         identity_open_id: Optional[str] = None, 
+        enterprise_id: Optional[str] = None,
         data: dict = {},
     ) -> EmployeeModel | None:
-        """根据员工手机号或邮箱更新员工(业务主键)"""
-        print(data)
-        obj = await self.get(employee_mobile=employee_mobile, employee_email=employee_email, identity_open_id=identity_open_id, preload=[])
+        """根据员工手机号或邮箱更新员工(业务主键)，必须传入 enterprise_id 防止跨企业覆盖"""
+        filters = {}
+        if employee_mobile:
+            filters["employee_mobile"] = employee_mobile
+        if employee_email:
+            filters["employee_email"] = employee_email
+        if identity_open_id:
+            filters["identity_open_id"] = identity_open_id
+        if enterprise_id:
+            filters["enterprise_id"] = enterprise_id
+
+        obj = await self.get(preload=[], **filters)
         if not obj:
             raise CustomException(msg="更新失败！对象不存在")
 

backend/app/plugin/module_payment/employee/service.py

@@ -402,6 +402,7 @@ class EmployeeService:
             employee_mobile=data.employee_mobile, 
             employee_email=data.employee_email, 
             identity_open_id=data.identity_open_id, 
+            enterprise_id=data.enterprise_id,
             data=data.model_dump(exclude_none=True)
         )