feat: 完善模板对比持久化与附件版本处理

scripts/创建sql/seed_contract_templates_rbac.sql

@@ -4,7 +4,7 @@ BEGIN;
 -- LeAudit Platform Contract Template RBAC Seed
 -- 目标：
 --   1. 补齐合同模板读写删权限
---   2. 给 super_admin / provincial_admin / admin 分配模板权限
+--   2. 给角色分配模板权限，其中上传/更新/删除仅开放给地区管理员 admin
 -- 说明：
 --   - 依赖 user_rbac_schema_patch.sql
 --   - 依赖合同模板前端路由已存在于 sys_routes
@@ -108,16 +108,10 @@ seed(role_key, permission_key, grant_type, data_scope) AS (
         ('super_admin', 'contract_template:list:read', 'GRANT', 'ALL'),
         ('super_admin', 'contract_template:search:read', 'GRANT', 'ALL'),
         ('super_admin', 'contract_template:detail:read', 'GRANT', 'ALL'),
-        ('super_admin', 'contract_template:create:write', 'GRANT', 'ALL'),
-        ('super_admin', 'contract_template:update:write', 'GRANT', 'ALL'),
-        ('super_admin', 'contract_template:delete:delete', 'GRANT', 'ALL'),
 
         ('provincial_admin', 'contract_template:list:read', 'GRANT', 'ALL'),
         ('provincial_admin', 'contract_template:search:read', 'GRANT', 'ALL'),
         ('provincial_admin', 'contract_template:detail:read', 'GRANT', 'ALL'),
-        ('provincial_admin', 'contract_template:create:write', 'GRANT', 'ALL'),
-        ('provincial_admin', 'contract_template:update:write', 'GRANT', 'ALL'),
-        ('provincial_admin', 'contract_template:delete:delete', 'GRANT', 'ALL'),
 
         ('admin', 'contract_template:list:read', 'GRANT', 'DEPT'),
         ('admin', 'contract_template:search:read', 'GRANT', 'DEPT'),
@@ -149,4 +143,15 @@ ON CONFLICT (role_id, permission_id) DO UPDATE SET
     data_scope = EXCLUDED.data_scope,
     updated_at = NOW();
 
+DELETE FROM role_permissions rp
+USING roles r, permissions p
+WHERE rp.role_id = r.id
+  AND rp.permission_id = p.id
+  AND r.role_key IN ('super_admin', 'provincial_admin')
+  AND p.permission_key IN (
+      'contract_template:create:write',
+      'contract_template:update:write',
+      'contract_template:delete:delete'
+  );
+
 COMMIT;