feat: add tenant-scoped rule and permission management

2026-05-21 22:03:08 +08:00
parent a2c2bf1969
commit 1f1bccf3b3
193 changed files with 64463 additions and 1771 deletions
@@ -32,6 +32,9 @@ async def ensure_rule_group_schema(session) -> None:
            group_id BIGINT NOT NULL REFERENCES leaudit_evaluation_point_groups(id),
            rule_set_id BIGINT NOT NULL REFERENCES leaudit_rule_sets(id),
            rule_type_binding_id BIGINT NULL REFERENCES leaudit_rule_type_bindings(id),
+            tenant_code VARCHAR(64) NULL,
+            scope_type VARCHAR(32) NOT NULL DEFAULT 'PROVINCIAL',
+            tenant_name_snapshot VARCHAR(255) NULL,
            priority INTEGER NOT NULL DEFAULT 0,
            is_active BOOLEAN NOT NULL DEFAULT TRUE,
            note TEXT NULL,
@@ -45,9 +48,12 @@ async def ensure_rule_group_schema(session) -> None:
        "CREATE INDEX IF NOT EXISTS idx_leaudit_ep_groups_entry_module ON leaudit_evaluation_point_groups(entry_module_id)",
        "CREATE INDEX IF NOT EXISTS idx_leaudit_rule_group_bindings_group_id ON leaudit_rule_group_bindings(group_id)",
        "CREATE INDEX IF NOT EXISTS idx_leaudit_rule_group_bindings_rule_set_id ON leaudit_rule_group_bindings(rule_set_id)",
+        "CREATE INDEX IF NOT EXISTS idx_leaudit_rule_group_bindings_group_tenant ON leaudit_rule_group_bindings(group_id, tenant_code) WHERE deleted_at IS NULL",
+        "CREATE INDEX IF NOT EXISTS idx_leaudit_rule_group_bindings_scope_type ON leaudit_rule_group_bindings(scope_type) WHERE deleted_at IS NULL",
        "CREATE UNIQUE INDEX IF NOT EXISTS uq_leaudit_ep_groups_code_active ON leaudit_evaluation_point_groups (LOWER(code)) WHERE deleted_at IS NULL",
        "DROP INDEX IF EXISTS uq_leaudit_ep_groups_doc_type_active",
-        "CREATE UNIQUE INDEX IF NOT EXISTS uq_leaudit_rule_group_bindings_active ON leaudit_rule_group_bindings (group_id, rule_set_id) WHERE deleted_at IS NULL",
+        "DROP INDEX IF EXISTS uq_leaudit_rule_group_bindings_active",
+        "CREATE UNIQUE INDEX IF NOT EXISTS uq_leaudit_rule_group_bindings_group_scope_rule_set_active ON leaudit_rule_group_bindings (group_id, COALESCE(NULLIF(BTRIM(tenant_code), ''), 'PROVINCIAL'), rule_set_id) WHERE deleted_at IS NULL",
    ]
    for statement in statements:
        await session.execute(text(statement))