feat(govdoc): 新增内部公文模块全链路(后端58+前端11文件)

This commit is contained in:
wren
2026-05-13 14:37:12 +08:00
parent 99699e20e1
commit 5d777599bf
63 changed files with 7608 additions and 0 deletions
@@ -0,0 +1,138 @@
-- ============================================================================
-- govdoc 模块权限种子
-- 用途:
-- 1. 为 govdoc 模块插入权限点到 permissions 表
-- 2. 为默认角色分发角色-权限映射到 role_permissions 表
-- 3. 幂等执行,重复跑会更新 description / display_name 等可刷新字段
--
-- 权限键格式:govdoc:{resource}:{action}
-- 角色分发遵循《内部公文模块接口与权限设计》§5
-- ============================================================================
BEGIN;
-- ---------------------------------------------------------------------------
-- 1. 权限点定义
-- ---------------------------------------------------------------------------
INSERT INTO permissions (
permission_key, module, resource, action, description, display_name,
permission_type, is_system, metadata, created_at, updated_at,
sort_order, route_id, api_path, api_method
)
VALUES
-- 模块权限
('govdoc:module:read', 'govdoc', 'module', 'read', '查看内部公文处理模块菜单', '查看公文模块', 'MENU', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 10, NULL, '/govdoc', 'GET'),
-- 文档权限
('govdoc:document:create', 'govdoc', 'document', 'create', '上传公文文档', '上传公文', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 20, NULL, '/api/govdoc/documents', 'POST'),
('govdoc:document:read', 'govdoc', 'document', 'read', '查看公文文档列表与详情', '查看公文', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 21, NULL, '/api/govdoc/documents', 'GET'),
('govdoc:document:update', 'govdoc', 'document', 'update', '更新公文文档基础信息', '编辑公文', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 22, NULL, '/api/govdoc/documents/{DocumentId}', 'PATCH'),
('govdoc:document:delete', 'govdoc', 'document', 'delete', '删除公文文档', '删除公文', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 23, NULL, '/api/govdoc/documents/{DocumentId}', 'DELETE'),
-- 审查运行权限
('govdoc:run:create', 'govdoc', 'run', 'create', '发起公文格式审查', '发起审查', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 30, NULL, '/api/govdoc/runs', 'POST'),
('govdoc:run:read', 'govdoc', 'run', 'read', '查看审查运行状态', '查看审查状态', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 31, NULL, '/api/govdoc/runs/{RunId}', 'GET'),
('govdoc:run:retry', 'govdoc', 'run', 'retry', '失败后重试审查', '重试审查', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 32, NULL, '/api/govdoc/runs/{RunId}/retry', 'POST'),
-- 报告与结果权限
('govdoc:report:read', 'govdoc', 'report', 'read', '下载审查报告(HTML/DOCX/原文)', '下载报告', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 40, NULL, '/api/govdoc/runs/{RunId}/report', 'GET'),
('govdoc:result:read', 'govdoc', 'result', 'read', '查看审查结果(findings/entities/summary', '查看审查结果', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 41, NULL, '/api/govdoc/runs/{RunId}/result', 'GET'),
-- 规则权限
('govdoc:rule:read', 'govdoc', 'rule', 'read', '查看公文规则清单与详情', '查看规则', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 50, NULL, '/api/govdoc/rules', 'GET'),
('govdoc:rule:manage', 'govdoc', 'rule', 'manage', '发布、更新、切换规则版本', '管理规则', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 51, NULL, '/api/govdoc/rule-versions', 'POST'),
-- 配置权限(可选)
('govdoc:settings:read', 'govdoc', 'settings', 'read', '查看公文模块配置', '查看设置', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 60, NULL, '/api/govdoc/settings', 'GET'),
('govdoc:settings:update', 'govdoc', 'settings', 'update', '修改公文模块配置', '修改设置', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 61, NULL, '/api/govdoc/settings', 'PATCH')
ON CONFLICT (permission_key) DO UPDATE SET
module = EXCLUDED.module,
resource = EXCLUDED.resource,
action = EXCLUDED.action,
description = EXCLUDED.description,
display_name = EXCLUDED.display_name,
api_path = EXCLUDED.api_path,
api_method = EXCLUDED.api_method,
updated_at = NOW();
-- ---------------------------------------------------------------------------
-- 2. 角色权限分发
-- ---------------------------------------------------------------------------
WITH role_map AS (
SELECT id, role_key
FROM roles
WHERE role_key IN ('super_admin', 'provincial_admin', 'admin', 'common')
),
perm_map AS (
SELECT id, permission_key
FROM permissions
WHERE permission_key LIKE 'govdoc:%'
),
seed(role_key, permission_key, grant_type, data_scope) AS (
VALUES
-- super_admin: 全部权限
('super_admin', 'govdoc:module:read', 'GRANT', 'ALL'),
('super_admin', 'govdoc:document:create', 'GRANT', 'ALL'),
('super_admin', 'govdoc:document:read', 'GRANT', 'ALL'),
('super_admin', 'govdoc:document:update', 'GRANT', 'ALL'),
('super_admin', 'govdoc:document:delete', 'GRANT', 'ALL'),
('super_admin', 'govdoc:run:create', 'GRANT', 'ALL'),
('super_admin', 'govdoc:run:read', 'GRANT', 'ALL'),
('super_admin', 'govdoc:run:retry', 'GRANT', 'ALL'),
('super_admin', 'govdoc:report:read', 'GRANT', 'ALL'),
('super_admin', 'govdoc:result:read', 'GRANT', 'ALL'),
('super_admin', 'govdoc:rule:read', 'GRANT', 'ALL'),
('super_admin', 'govdoc:rule:manage', 'GRANT', 'ALL'),
('super_admin', 'govdoc:settings:read', 'GRANT', 'ALL'),
('super_admin', 'govdoc:settings:update', 'GRANT', 'ALL'),
-- provincial_admin: 全部业务权限
('provincial_admin', 'govdoc:module:read', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:document:create', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:document:read', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:document:update', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:document:delete', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:run:create', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:run:read', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:run:retry', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:report:read', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:result:read', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:rule:read', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:rule:manage', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:settings:read', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:settings:update', 'GRANT', 'ALL'),
-- admin: 模块读写 + 规则查看,不含规则管理与配置修改
('admin', 'govdoc:module:read', 'GRANT', 'REGION'),
('admin', 'govdoc:document:create', 'GRANT', 'REGION'),
('admin', 'govdoc:document:read', 'GRANT', 'REGION'),
('admin', 'govdoc:document:update', 'GRANT', 'REGION'),
('admin', 'govdoc:document:delete', 'GRANT', 'REGION'),
('admin', 'govdoc:run:create', 'GRANT', 'REGION'),
('admin', 'govdoc:run:read', 'GRANT', 'REGION'),
('admin', 'govdoc:run:retry', 'GRANT', 'REGION'),
('admin', 'govdoc:report:read', 'GRANT', 'REGION'),
('admin', 'govdoc:result:read', 'GRANT', 'REGION'),
('admin', 'govdoc:rule:read', 'GRANT', 'REGION'),
-- common: 模块查看 + 文档上传/查看 + 审查发起/查看 + 报告/结果查看 + 规则查看
('common', 'govdoc:module:read', 'GRANT', 'OWN'),
('common', 'govdoc:document:create', 'GRANT', 'OWN'),
('common', 'govdoc:document:read', 'GRANT', 'OWN'),
('common', 'govdoc:run:create', 'GRANT', 'OWN'),
('common', 'govdoc:run:read', 'GRANT', 'OWN'),
('common', 'govdoc:report:read', 'GRANT', 'OWN'),
('common', 'govdoc:result:read', 'GRANT', 'OWN'),
('common', 'govdoc:rule:read', 'GRANT', 'OWN')
)
INSERT INTO role_permissions (role_id, permission_id, grant_type, data_scope, created_at, updated_at)
SELECT rm.id, pm.id, seed.grant_type, seed.data_scope, NOW(), NOW()
FROM seed
JOIN role_map rm ON rm.role_key = seed.role_key
JOIN perm_map pm ON pm.permission_key = seed.permission_key
ON CONFLICT (role_id, permission_id) DO UPDATE SET
grant_type = EXCLUDED.grant_type,
data_scope = EXCLUDED.data_scope,
updated_at = NOW();
COMMIT;