feat: update audit platform workspace
This commit is contained in:
@@ -0,0 +1,66 @@
|
||||
-- ============================================================================
|
||||
-- 入口模块管理权限收口:仅系统超级管理员维护入口模块
|
||||
-- 说明:
|
||||
-- 1. 不在代码里硬编码角色名,运行时仍然只认 RBAC 权限点。
|
||||
-- 2. 本脚本只调整默认 RBAC 数据,把 admin / provincial_admin 的入口模块管理能力移除。
|
||||
-- 3. 若后续确需给某个角色开放入口模块管理,请通过角色权限页面重新分配。
|
||||
-- 4. 可重复执行。
|
||||
-- ============================================================================
|
||||
|
||||
BEGIN;
|
||||
|
||||
-- 保证系统超级管理员拥有入口模块路由。
|
||||
INSERT INTO role_route (role_id, route_id, permission, status, created_at, updated_at)
|
||||
SELECT r.id, sr.id, 'RW', 1, NOW(), NOW()
|
||||
FROM roles r
|
||||
JOIN sys_routes sr ON sr.route_path = '/entry-modules' AND sr.deleted_at IS NULL
|
||||
WHERE r.role_key = 'super_admin'
|
||||
ON CONFLICT (role_id, route_id) DO UPDATE SET
|
||||
permission = EXCLUDED.permission,
|
||||
status = EXCLUDED.status,
|
||||
updated_at = NOW();
|
||||
|
||||
-- 保证系统超级管理员拥有入口模块全部权限点。
|
||||
INSERT INTO role_permissions (role_id, permission_id, grant_type, data_scope, created_at, updated_at)
|
||||
SELECT r.id, p.id, 'GRANT', 'ALL', NOW(), NOW()
|
||||
FROM roles r
|
||||
JOIN permissions p ON p.permission_key LIKE 'entry_module:%'
|
||||
WHERE r.role_key = 'super_admin'
|
||||
ON CONFLICT (role_id, permission_id) DO UPDATE SET
|
||||
grant_type = EXCLUDED.grant_type,
|
||||
data_scope = EXCLUDED.data_scope,
|
||||
updated_at = NOW();
|
||||
|
||||
-- 移除地区管理员 / 旧省级管理员的入口模块权限点。
|
||||
DELETE FROM role_permissions rp
|
||||
USING roles r, permissions p
|
||||
WHERE rp.role_id = r.id
|
||||
AND rp.permission_id = p.id
|
||||
AND r.role_key IN ('admin', 'provincial_admin')
|
||||
AND p.permission_key LIKE 'entry_module:%';
|
||||
|
||||
-- 移除地区管理员 / 旧省级管理员的入口模块管理菜单。
|
||||
DELETE FROM role_route rr
|
||||
USING roles r, sys_routes sr
|
||||
WHERE rr.role_id = r.id
|
||||
AND rr.route_id = sr.id
|
||||
AND r.role_key IN ('admin', 'provincial_admin')
|
||||
AND sr.route_path = '/entry-modules';
|
||||
|
||||
COMMIT;
|
||||
|
||||
-- 验证结果:应只看到 super_admin 拥有入口模块权限。
|
||||
SELECT r.role_key, p.permission_key
|
||||
FROM roles r
|
||||
JOIN role_permissions rp ON rp.role_id = r.id
|
||||
JOIN permissions p ON p.id = rp.permission_id
|
||||
WHERE p.permission_key LIKE 'entry_module:%'
|
||||
ORDER BY r.role_key, p.permission_key;
|
||||
|
||||
-- 验证结果:admin / provincial_admin 不应再拥有 /entry-modules 路由。
|
||||
SELECT r.role_key, sr.route_path, rr.permission, rr.status
|
||||
FROM roles r
|
||||
JOIN role_route rr ON rr.role_id = r.id
|
||||
JOIN sys_routes sr ON sr.id = rr.route_id
|
||||
WHERE sr.route_path = '/entry-modules'
|
||||
ORDER BY r.role_key;
|
||||
Reference in New Issue
Block a user