-- ========================================================================== -- LeAudit Platform RBAC / User Seed -- 说明: -- 1. 本文件依赖 scripts/user_rbac_schema_patch.sql 已执行 -- 2. 权限键统一采用 module:resource:action 风格 -- 3. 当前只初始化新系统当前开发真正需要的最小权限集 -- ============================================================================ BEGIN; -- -------------------------------------------------------------------------- -- 1. 角色初始化 -- -------------------------------------------------------------------------- INSERT INTO roles (role_key, role_name, data_scope, description, priority, is_system_role, created_at, updated_at) VALUES ('super_admin', '系统超级管理员', 'ALL', '可选,仅系统维护/排障使用', 100, TRUE, NOW(), NOW()), ('provincial_admin', '省级管理员', 'ALL', '查看全局数据并维护系统配置', 90, TRUE, NOW(), NOW()), ('admin', '地区管理员', 'DEPT', '仅管理本地区数据', 50, TRUE, NOW(), NOW()), ('common', '普通用户', 'SELF', '仅处理本人数据', 10, TRUE, NOW(), NOW()) ON CONFLICT (role_key) DO UPDATE SET role_name = EXCLUDED.role_name, data_scope = EXCLUDED.data_scope, description = EXCLUDED.description, priority = EXCLUDED.priority, is_system_role = EXCLUDED.is_system_role, updated_at = NOW(); -- -------------------------------------------------------------------------- -- 2. 路由初始化 -- -------------------------------------------------------------------------- INSERT INTO sys_routes (route_path, route_name, component, parent_id, route_title, icon, sort_order, is_hidden, is_cache, meta, status, created_at, updated_at, deleted_at) VALUES ('/documents', 'documents', 'Layout', NULL, '文档管理', 'files', 10, FALSE, TRUE, '{"group":"documents"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL), ('/documents/list', 'documents.list', 'documents/list', NULL, '文档列表', 'table', 11, FALSE, TRUE, '{"group":"documents"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL), ('/audit', 'audit', 'Layout', NULL, '评查任务', 'audit', 20, FALSE, TRUE, '{"group":"audit"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL), ('/audit/runs', 'audit.runs', 'audit/runs', NULL, '评查运行', 'history', 21, FALSE, TRUE, '{"group":"audit"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL), ('/rules', 'rules', 'Layout', NULL, '规则管理', 'rule', 30, FALSE, TRUE, '{"group":"rules"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL), ('/rules/sets', 'rules.sets', 'rules/sets', NULL, '规则集管理', 'yaml', 31, FALSE, TRUE, '{"group":"rules"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL), ('/system', 'system', 'Layout', NULL, '系统管理', 'setting', 90, FALSE, TRUE, '{"group":"system"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL), ('/system/users', 'system.users', 'system/users', NULL, '用户管理', 'user', 91, FALSE, TRUE, '{"group":"system"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL), ('/system/roles', 'system.roles', 'system/roles', NULL, '角色权限', 'shield', 92, FALSE, TRUE, '{"group":"system"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL), ('/chat-with-llm', 'chat-with-llm', 'chat-with-llm', NULL, 'AI对话', 'chat', 15, FALSE, TRUE, '{"group":"assistant"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL), ('/contract-template', 'contract-template', 'contract-template', NULL, '合同管理', 'file-search', 40, FALSE, TRUE, '{"group":"contract"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL), ('/contract-template/search', 'contract-template.search', 'contract-template/search', NULL, '模板搜索', 'search', 41, FALSE, TRUE, '{"group":"contract"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL), ('/contract-template/list', 'contract-template.list', 'contract-template/list', NULL, '模板列表', 'folder', 42, FALSE, TRUE, '{"group":"contract"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL), ('/cross-checking', 'cross-checking', 'cross-checking', NULL, '交叉评查', 'flow', 60, FALSE, TRUE, '{"group":"cross-review"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL), ('/cross-checking/upload', 'cross-checking.upload', 'cross-checking/upload', NULL, '创建任务', 'upload', 61, FALSE, TRUE, '{"group":"cross-review"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL), ('/cross-checking/result', 'cross-checking.result', 'cross-checking/result', NULL, '评查结果', 'table', 62, FALSE, TRUE, '{"group":"cross-review"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL) ON CONFLICT DO NOTHING; -- -------------------------------------------------------------------------- -- 3. 权限点初始化 -- -------------------------------------------------------------------------- INSERT INTO permissions ( permission_key, module, resource, action, description, display_name, permission_type, is_system, metadata, created_at, updated_at, created_by, updated_by, parent_id, sort_order, route_id, api_path, api_method, related_routes ) VALUES ('auth:me:read', 'auth', 'me', 'read', '查看当前登录用户信息', '当前用户信息', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 10, NULL, '/api/auth/me', 'GET', NULL), ('documents:upload:write', 'documents', 'upload', 'write', '上传文档', '上传文档', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 20, NULL, '/api/upload', 'POST', NULL), ('documents:list:read', 'documents', 'list', 'read', '查看文档列表', '文档列表', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 21, NULL, '/api/documents/list', 'GET', NULL), ('documents:detail:read', 'documents', 'detail', 'read', '查看文档详情', '文档详情', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 22, NULL, '/api/documents/{document_id}', 'GET', NULL), ('documents:history:read', 'documents', 'history', 'read', '查看文档历史版本', '文档历史版本', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 23, NULL, '/api/documents/{document_id}/versions', 'GET', NULL), ('documents:delete:delete', 'documents', 'delete', 'delete', '删除文档', '删除文档', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 24, NULL, '/api/documents/{document_id}', 'DELETE', NULL), ('audit:run:execute', 'audit', 'run', 'execute', '发起评查任务', '发起评查', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 30, NULL, '/api/audit/run', 'POST', NULL), ('audit:status:read', 'audit', 'status', 'read', '查看评查运行状态', '评查状态', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 31, NULL, '/api/audit/run/{run_id}', 'GET', NULL), ('audit:result:read', 'audit', 'result', 'read', '查看评查结果', '评查结果', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 32, NULL, '/api/audit/result/{run_id}', 'GET', NULL), ('rules:list:read', 'rules', 'list', 'read', '查看规则集列表', '规则集列表', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 40, NULL, '/api/rule-sets', 'GET', NULL), ('rules:version_list:read', 'rules', 'version_list', 'read', '查看规则版本列表', '规则版本列表', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 41, NULL, '/api/rule-sets/{rule_type}/versions', 'GET', NULL), ('rules:content:read', 'rules', 'content', 'read', '查看规则正文', '规则正文', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 42, NULL, '/api/rule-sets/versions/{version_id}/content', 'GET', NULL), ('rules:validate:execute', 'rules', 'validate', 'execute', '校验规则 YAML', '规则校验', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 43, NULL, '/api/rule-sets/{rule_type}/validate', 'POST', NULL), ('rules:version_create:write', 'rules', 'version_create', 'write', '创建规则版本', '创建规则版本', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 44, NULL, '/api/rule-sets/{rule_type}/versions', 'POST', NULL), ('rules:publish:write', 'rules', 'publish', 'write', '发布规则版本', '发布规则', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 45, NULL, '/api/rule-sets/{rule_type}/publish', 'POST', NULL), ('rules:rollback:write', 'rules', 'rollback', 'write', '回滚规则版本', '回滚规则', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 46, NULL, '/api/rule-sets/{rule_type}/rollback', 'POST', NULL), ('rules:binding_list:read', 'rules', 'binding_list', 'read', '查看规则绑定列表', '规则绑定列表', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 47, NULL, '/api/rule-sets/bindings', 'GET', NULL), ('rules:binding_create:write', 'rules', 'binding_create', 'write', '创建规则绑定', '创建规则绑定', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 48, NULL, '/api/rule-sets/{rule_type}/bindings', 'POST', NULL), ('rules:binding_update:write', 'rules', 'binding_update', 'write', '更新规则绑定', '更新规则绑定', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 49, NULL, '/api/rule-sets/bindings/{binding_id}', 'PUT', NULL), ('rules:binding_delete:delete', 'rules', 'binding_delete', 'delete', '删除规则绑定', '删除规则绑定', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 50, NULL, '/api/rule-sets/bindings/{binding_id}', 'DELETE', NULL), ('evaluation_point:list:read', 'evaluation_point', 'list', 'read', '查看评查点列表', '评查点列表', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 51, NULL, '/api/v3/evaluation-points', 'GET', NULL), ('evaluation_point:detail:read', 'evaluation_point', 'detail', 'read', '查看评查点详情', '评查点详情', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 52, NULL, '/api/v3/evaluation-points/{id}', 'GET', NULL), ('evaluation_point:create:write', 'evaluation_point', 'create', 'write', '创建评查点', '创建评查点', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 53, NULL, '/api/v3/evaluation-points', 'POST', NULL), ('evaluation_point:update:write', 'evaluation_point', 'update', 'write', '更新评查点', '更新评查点', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 54, NULL, '/api/v3/evaluation-points/{id}', 'PUT', NULL), ('evaluation_point:delete:delete', 'evaluation_point', 'delete', 'delete', '删除评查点', '删除评查点', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 55, NULL, '/api/v3/evaluation-points/{id}', 'DELETE', NULL), ('users:list:read', 'users', 'list', 'read', '查看用户列表', '用户列表', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 60, NULL, '/api/users/list', 'GET', NULL), ('users:create:write', 'users', 'create', 'write', '创建用户', '创建用户', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 61, NULL, '/api/users', 'POST', NULL), ('users:update:write', 'users', 'update', 'write', '更新用户', '更新用户', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 62, NULL, '/api/users/{user_id}', 'PUT', NULL), ('users:disable:write', 'users', 'disable', 'write', '禁用/启用用户', '禁用用户', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 63, NULL, '/api/users/{user_id}/disable', 'PUT', NULL), ('users:roles_assign:write', 'users', 'roles_assign', 'write', '分配用户角色', '分配用户角色', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 64, NULL, '/api/users/{user_id}/roles', 'POST', NULL), ('rbac:roles:read', 'rbac', 'roles', 'read', '查看角色列表', '角色列表', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 70, NULL, '/api/rbac/roles', 'GET', NULL), ('rbac:roles:update', 'rbac', 'roles', 'update', '维护角色信息', '维护角色', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 71, NULL, '/api/rbac/roles/{role_id}', 'PUT', NULL), ('rbac:permissions:read', 'rbac', 'permissions', 'read', '查看权限点列表', '权限点列表', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 72, NULL, '/api/rbac/permissions', 'GET', NULL), ('rbac:role_permissions:write', 'rbac', 'role_permissions', 'write', '分配角色权限', '分配角色权限', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 73, NULL, '/api/rbac/roles/{role_id}/permissions', 'POST', NULL), ('rbac:role_routes:write', 'rbac', 'role_routes', 'write', '分配角色菜单', '分配角色菜单', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 74, NULL, '/api/rbac/roles/{role_id}/routes', 'PUT', NULL) ON CONFLICT (permission_key) DO UPDATE SET module = EXCLUDED.module, resource = EXCLUDED.resource, action = EXCLUDED.action, description = EXCLUDED.description, display_name = EXCLUDED.display_name, permission_type = EXCLUDED.permission_type, is_system = EXCLUDED.is_system, updated_at = CURRENT_TIMESTAMP, api_path = EXCLUDED.api_path, api_method = EXCLUDED.api_method, sort_order = EXCLUDED.sort_order; -- -------------------------------------------------------------------------- -- 4. 角色菜单授权 -- -------------------------------------------------------------------------- WITH role_map AS ( SELECT id, role_key FROM roles WHERE role_key IN ('super_admin', 'provincial_admin', 'admin', 'common') ), route_map AS ( SELECT id, route_path FROM sys_routes WHERE deleted_at IS NULL ), seed(role_key, route_path, permission, status) AS ( VALUES ('super_admin', '/documents', 'RW', 1), ('super_admin', '/documents/list', 'RW', 1), ('super_admin', '/audit', 'RW', 1), ('super_admin', '/audit/runs', 'RW', 1), ('super_admin', '/rules', 'RW', 1), ('super_admin', '/rules/sets', 'RW', 1), ('super_admin', '/chat-with-llm', 'RW', 1), ('super_admin', '/contract-template', 'RW', 1), ('super_admin', '/contract-template/search', 'RW', 1), ('super_admin', '/contract-template/list', 'RW', 1), ('super_admin', '/cross-checking', 'RW', 1), ('super_admin', '/cross-checking/upload', 'RW', 1), ('super_admin', '/cross-checking/result', 'RW', 1), ('super_admin', '/system', 'RW', 1), ('super_admin', '/system/users', 'RW', 1), ('super_admin', '/system/roles', 'RW', 1), ('provincial_admin', '/documents', 'RW', 1), ('provincial_admin', '/documents/list', 'RW', 1), ('provincial_admin', '/audit', 'RW', 1), ('provincial_admin', '/audit/runs', 'RW', 1), ('provincial_admin', '/rules', 'RW', 1), ('provincial_admin', '/rules/sets', 'RW', 1), ('provincial_admin', '/chat-with-llm', 'RW', 1), ('provincial_admin', '/contract-template', 'RW', 1), ('provincial_admin', '/contract-template/search', 'RW', 1), ('provincial_admin', '/contract-template/list', 'RW', 1), ('provincial_admin', '/cross-checking', 'RW', 1), ('provincial_admin', '/cross-checking/upload', 'RW', 1), ('provincial_admin', '/cross-checking/result', 'RW', 1), ('provincial_admin', '/system', 'RW', 1), ('provincial_admin', '/system/users', 'RW', 1), ('provincial_admin', '/system/roles', 'RW', 1), ('admin', '/documents', 'RW', 1), ('admin', '/documents/list', 'RW', 1), ('admin', '/audit', 'RW', 1), ('admin', '/audit/runs', 'RW', 1), ('admin', '/rules', 'RW', 1), ('admin', '/rules/sets', 'RW', 1), ('admin', '/chat-with-llm', 'RW', 1), ('admin', '/contract-template', 'RW', 1), ('admin', '/contract-template/search', 'RW', 1), ('admin', '/contract-template/list', 'RW', 1), ('admin', '/cross-checking', 'RW', 1), ('admin', '/cross-checking/upload', 'RW', 1), ('admin', '/cross-checking/result', 'RW', 1), ('admin', '/system', 'RW', 1), ('admin', '/system/users', 'RW', 1), ('common', '/documents', 'R', 1), ('common', '/documents/list', 'R', 1), ('common', '/audit', 'R', 1), ('common', '/audit/runs', 'R', 1) ) INSERT INTO role_route (role_id, route_id, permission, status, created_at, updated_at) SELECT rm.id, tm.id, s.permission, s.status, NOW(), NOW() FROM seed s JOIN role_map rm ON rm.role_key = s.role_key JOIN route_map tm ON tm.route_path = s.route_path ON CONFLICT (role_id, route_id) DO UPDATE SET permission = EXCLUDED.permission, status = EXCLUDED.status, updated_at = NOW(); -- -------------------------------------------------------------------------- -- 5. 角色权限授权 -- -------------------------------------------------------------------------- WITH role_map AS ( SELECT id, role_key FROM roles WHERE role_key IN ('super_admin', 'provincial_admin', 'admin', 'common') ), perm_map AS ( SELECT id, permission_key FROM permissions ), seed(role_key, permission_key, grant_type, data_scope) AS ( VALUES ('super_admin', 'auth:me:read', 'GRANT', 'ALL'), ('super_admin', 'documents:upload:write', 'GRANT', 'ALL'), ('super_admin', 'documents:list:read', 'GRANT', 'ALL'), ('super_admin', 'documents:detail:read', 'GRANT', 'ALL'), ('super_admin', 'documents:history:read', 'GRANT', 'ALL'), ('super_admin', 'documents:delete:delete', 'GRANT', 'ALL'), ('super_admin', 'audit:run:execute', 'GRANT', 'ALL'), ('super_admin', 'audit:status:read', 'GRANT', 'ALL'), ('super_admin', 'audit:result:read', 'GRANT', 'ALL'), ('super_admin', 'rules:list:read', 'GRANT', 'ALL'), ('super_admin', 'rules:version_list:read', 'GRANT', 'ALL'), ('super_admin', 'rules:content:read', 'GRANT', 'ALL'), ('super_admin', 'rules:validate:execute', 'GRANT', 'ALL'), ('super_admin', 'rules:version_create:write', 'GRANT', 'ALL'), ('super_admin', 'rules:publish:write', 'GRANT', 'ALL'), ('super_admin', 'rules:rollback:write', 'GRANT', 'ALL'), ('super_admin', 'rules:binding_list:read', 'GRANT', 'ALL'), ('super_admin', 'rules:binding_create:write', 'GRANT', 'ALL'), ('super_admin', 'rules:binding_update:write', 'GRANT', 'ALL'), ('super_admin', 'rules:binding_delete:delete', 'GRANT', 'ALL'), ('super_admin', 'evaluation_point:list:read', 'GRANT', 'ALL'), ('super_admin', 'evaluation_point:detail:read', 'GRANT', 'ALL'), ('super_admin', 'evaluation_point:create:write', 'GRANT', 'ALL'), ('super_admin', 'evaluation_point:update:write', 'GRANT', 'ALL'), ('super_admin', 'evaluation_point:delete:delete', 'GRANT', 'ALL'), ('super_admin', 'users:list:read', 'GRANT', 'ALL'), ('super_admin', 'users:create:write', 'GRANT', 'ALL'), ('super_admin', 'users:update:write', 'GRANT', 'ALL'), ('super_admin', 'users:disable:write', 'GRANT', 'ALL'), ('super_admin', 'users:roles_assign:write', 'GRANT', 'ALL'), ('super_admin', 'rbac:roles:read', 'GRANT', 'ALL'), ('super_admin', 'rbac:roles:update', 'GRANT', 'ALL'), ('super_admin', 'rbac:permissions:read', 'GRANT', 'ALL'), ('super_admin', 'rbac:role_permissions:write', 'GRANT', 'ALL'), ('super_admin', 'rbac:role_routes:write', 'GRANT', 'ALL'), ('provincial_admin', 'auth:me:read', 'GRANT', 'ALL'), ('provincial_admin', 'documents:upload:write', 'GRANT', 'ALL'), ('provincial_admin', 'documents:list:read', 'GRANT', 'ALL'), ('provincial_admin', 'documents:detail:read', 'GRANT', 'ALL'), ('provincial_admin', 'documents:history:read', 'GRANT', 'ALL'), ('provincial_admin', 'documents:delete:delete', 'GRANT', 'ALL'), ('provincial_admin', 'audit:run:execute', 'GRANT', 'ALL'), ('provincial_admin', 'audit:status:read', 'GRANT', 'ALL'), ('provincial_admin', 'audit:result:read', 'GRANT', 'ALL'), ('provincial_admin', 'rules:list:read', 'GRANT', 'ALL'), ('provincial_admin', 'rules:version_list:read', 'GRANT', 'ALL'), ('provincial_admin', 'rules:content:read', 'GRANT', 'ALL'), ('provincial_admin', 'rules:validate:execute', 'GRANT', 'ALL'), ('provincial_admin', 'rules:version_create:write', 'GRANT', 'ALL'), ('provincial_admin', 'rules:publish:write', 'GRANT', 'ALL'), ('provincial_admin', 'rules:rollback:write', 'GRANT', 'ALL'), ('provincial_admin', 'rules:binding_list:read', 'GRANT', 'ALL'), ('provincial_admin', 'rules:binding_create:write', 'GRANT', 'ALL'), ('provincial_admin', 'rules:binding_update:write', 'GRANT', 'ALL'), ('provincial_admin', 'rules:binding_delete:delete', 'GRANT', 'ALL'), ('provincial_admin', 'evaluation_point:list:read', 'GRANT', 'ALL'), ('provincial_admin', 'evaluation_point:detail:read', 'GRANT', 'ALL'), ('provincial_admin', 'evaluation_point:create:write', 'GRANT', 'ALL'), ('provincial_admin', 'evaluation_point:update:write', 'GRANT', 'ALL'), ('provincial_admin', 'evaluation_point:delete:delete', 'GRANT', 'ALL'), ('provincial_admin', 'users:list:read', 'GRANT', 'ALL'), ('provincial_admin', 'users:create:write', 'GRANT', 'ALL'), ('provincial_admin', 'users:update:write', 'GRANT', 'ALL'), ('provincial_admin', 'users:disable:write', 'GRANT', 'ALL'), ('provincial_admin', 'users:roles_assign:write', 'GRANT', 'ALL'), ('provincial_admin', 'rbac:roles:read', 'GRANT', 'ALL'), ('provincial_admin', 'rbac:roles:update', 'GRANT', 'ALL'), ('provincial_admin', 'rbac:permissions:read', 'GRANT', 'ALL'), ('provincial_admin', 'rbac:role_permissions:write', 'GRANT', 'ALL'), ('provincial_admin', 'rbac:role_routes:write', 'GRANT', 'ALL'), ('admin', 'auth:me:read', 'GRANT', 'DEPT'), ('admin', 'documents:upload:write', 'GRANT', 'DEPT'), ('admin', 'documents:list:read', 'GRANT', 'DEPT'), ('admin', 'documents:detail:read', 'GRANT', 'DEPT'), ('admin', 'documents:history:read', 'GRANT', 'DEPT'), ('admin', 'documents:delete:delete', 'GRANT', 'DEPT'), ('admin', 'audit:run:execute', 'GRANT', 'DEPT'), ('admin', 'audit:status:read', 'GRANT', 'DEPT'), ('admin', 'audit:result:read', 'GRANT', 'DEPT'), ('admin', 'rules:list:read', 'GRANT', 'DEPT'), ('admin', 'rules:version_list:read', 'GRANT', 'DEPT'), ('admin', 'rules:content:read', 'GRANT', 'DEPT'), ('admin', 'rules:validate:execute', 'GRANT', 'DEPT'), ('admin', 'rules:binding_list:read', 'GRANT', 'DEPT'), ('admin', 'rules:binding_create:write', 'GRANT', 'DEPT'), ('admin', 'rules:binding_update:write', 'GRANT', 'DEPT'), ('admin', 'evaluation_point:list:read', 'GRANT', 'DEPT'), ('admin', 'evaluation_point:detail:read', 'GRANT', 'DEPT'), ('admin', 'evaluation_point:create:write', 'GRANT', 'DEPT'), ('admin', 'evaluation_point:update:write', 'GRANT', 'DEPT'), ('admin', 'evaluation_point:delete:delete', 'GRANT', 'DEPT'), ('admin', 'users:list:read', 'GRANT', 'DEPT'), ('admin', 'users:update:write', 'GRANT', 'DEPT'), ('common', 'auth:me:read', 'GRANT', 'SELF'), ('common', 'documents:upload:write', 'GRANT', 'SELF'), ('common', 'documents:list:read', 'GRANT', 'SELF'), ('common', 'documents:detail:read', 'GRANT', 'SELF'), ('common', 'documents:history:read', 'GRANT', 'SELF'), ('common', 'audit:run:execute', 'GRANT', 'SELF'), ('common', 'audit:status:read', 'GRANT', 'SELF'), ('common', 'audit:result:read', 'GRANT', 'SELF'), ('common', 'rules:list:read', 'GRANT', 'DEPT'), ('common', 'rules:version_list:read', 'GRANT', 'DEPT'), ('common', 'rules:content:read', 'GRANT', 'DEPT'), ('common', 'rules:binding_list:read', 'GRANT', 'DEPT') ) INSERT INTO role_permissions (role_id, permission_id, grant_type, data_scope, created_at, updated_at) SELECT rm.id, pm.id, s.grant_type, s.data_scope, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP FROM seed s JOIN role_map rm ON rm.role_key = s.role_key JOIN perm_map pm ON pm.permission_key = s.permission_key ON CONFLICT (role_id, permission_id) DO UPDATE SET grant_type = EXCLUDED.grant_type, data_scope = EXCLUDED.data_scope, updated_at = CURRENT_TIMESTAMP; COMMIT;