feat: add backend rule group and permission support

2026-05-06 09:40:37 +08:00
parent 7acbe0f1d9
commit 76ba7e65ed
45 changed files with 6175 additions and 110 deletions
@@ -0,0 +1,91 @@
+BEGIN;
+
+WITH rules_route AS (
+  SELECT id
+  FROM sys_routes
+  WHERE route_path = '/rules'
+    AND deleted_at IS NULL
+  LIMIT 1
+)
+INSERT INTO permissions (
+  permission_key,
+  module,
+  resource,
+  action,
+  description,
+  display_name,
+  permission_type,
+  is_system,
+  metadata,
+  created_at,
+  updated_at,
+  sort_order,
+  route_id,
+  api_path,
+  api_method
+)
+SELECT *
+FROM (
+  SELECT 'evaluation_point:list:read', 'evaluation_point', 'list', 'read', '查看评查点列表', '评查点列表', 'API', TRUE, '{}'::jsonb, NOW(), NOW(), 51, (SELECT id FROM rules_route), '/api/v3/evaluation-points', 'GET'
+  UNION ALL
+  SELECT 'evaluation_point:detail:read', 'evaluation_point', 'detail', 'read', '查看评查点详情', '评查点详情', 'API', TRUE, '{}'::jsonb, NOW(), NOW(), 52, (SELECT id FROM rules_route), '/api/v3/evaluation-points/{id}', 'GET'
+  UNION ALL
+  SELECT 'evaluation_point:create:write', 'evaluation_point', 'create', 'write', '创建评查点', '创建评查点', 'API', TRUE, '{}'::jsonb, NOW(), NOW(), 53, (SELECT id FROM rules_route), '/api/v3/evaluation-points', 'POST'
+  UNION ALL
+  SELECT 'evaluation_point:update:write', 'evaluation_point', 'update', 'write', '更新评查点', '更新评查点', 'API', TRUE, '{}'::jsonb, NOW(), NOW(), 54, (SELECT id FROM rules_route), '/api/v3/evaluation-points/{id}', 'PUT'
+  UNION ALL
+  SELECT 'evaluation_point:delete:delete', 'evaluation_point', 'delete', 'delete', '删除评查点', '删除评查点', 'API', TRUE, '{}'::jsonb, NOW(), NOW(), 55, (SELECT id FROM rules_route), '/api/v3/evaluation-points/{id}', 'DELETE'
+) AS seed
+ON CONFLICT (permission_key)
+DO UPDATE SET
+  module = EXCLUDED.module,
+  resource = EXCLUDED.resource,
+  action = EXCLUDED.action,
+  description = EXCLUDED.description,
+  display_name = EXCLUDED.display_name,
+  permission_type = EXCLUDED.permission_type,
+  is_system = EXCLUDED.is_system,
+  metadata = EXCLUDED.metadata,
+  updated_at = NOW(),
+  sort_order = EXCLUDED.sort_order,
+  route_id = EXCLUDED.route_id,
+  api_path = EXCLUDED.api_path,
+  api_method = EXCLUDED.api_method;
+
+WITH permission_ids AS (
+  SELECT id
+  FROM permissions
+  WHERE permission_key IN (
+    'evaluation_point:list:read',
+    'evaluation_point:detail:read',
+    'evaluation_point:create:write',
+    'evaluation_point:update:write',
+    'evaluation_point:delete:delete'
+  )
+), admin_roles AS (
+  SELECT id,
+         CASE
+           WHEN role_key = 'admin' THEN 'DEPT'
+           ELSE 'ALL'
+         END AS data_scope
+  FROM roles
+  WHERE role_key IN ('super_admin', 'provincial_admin', 'admin')
+)
+INSERT INTO role_permissions (
+  role_id,
+  permission_id,
+  grant_type,
+  data_scope,
+  created_at,
+  updated_at
+)
+SELECT admin_roles.id, permission_ids.id, 'GRANT', admin_roles.data_scope, NOW(), NOW()
+FROM admin_roles
+CROSS JOIN permission_ids
+ON CONFLICT (role_id, permission_id)
+DO UPDATE SET
+  grant_type = EXCLUDED.grant_type,
+  data_scope = EXCLUDED.data_scope,
+  updated_at = NOW();
+
+COMMIT;