TanWenyan/leaudit-platform-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3894eba05cdcb21082a278397a01556480de3ade
leaudit-platform-backend/scripts/创建sql/seed_govdoc_permissions.sql
T

139 lines
8.4 KiB
PL/PgSQL
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
-- ============================================================================
-- govdoc 模块权限种子
-- 用途:
-- 1. 为 govdoc 模块插入权限点到 permissions 表
-- 2. 为默认角色分发角色-权限映射到 role_permissions 表
-- 3. 幂等执行,重复跑会更新 description / display_name 等可刷新字段
--
-- 权限键格式:govdoc:{resource}:{action}
-- 角色分发遵循《内部公文模块接口与权限设计》§5
-- ============================================================================
BEGIN;
-- ---------------------------------------------------------------------------
-- 1. 权限点定义
-- ---------------------------------------------------------------------------
INSERT INTO permissions (
permission_key, module, resource, action, description, display_name,
permission_type, is_system, metadata, created_at, updated_at,
sort_order, route_id, api_path, api_method
)
VALUES
-- 模块权限
('govdoc:module:read', 'govdoc', 'module', 'read', '查看内部公文处理模块菜单', '查看公文模块', 'MENU', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 10, NULL, '/govdoc', 'GET'),
-- 文档权限
('govdoc:document:create', 'govdoc', 'document', 'create', '上传公文文档', '上传公文', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 20, NULL, '/api/govdoc/documents', 'POST'),
('govdoc:document:read', 'govdoc', 'document', 'read', '查看公文文档列表与详情', '查看公文', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 21, NULL, '/api/govdoc/documents', 'GET'),
('govdoc:document:update', 'govdoc', 'document', 'update', '更新公文文档基础信息', '编辑公文', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 22, NULL, '/api/govdoc/documents/{DocumentId}', 'PATCH'),
('govdoc:document:delete', 'govdoc', 'document', 'delete', '删除公文文档', '删除公文', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 23, NULL, '/api/govdoc/documents/{DocumentId}', 'DELETE'),
-- 审查运行权限
('govdoc:run:create', 'govdoc', 'run', 'create', '发起公文格式审查', '发起审查', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 30, NULL, '/api/govdoc/runs', 'POST'),
('govdoc:run:read', 'govdoc', 'run', 'read', '查看审查运行状态', '查看审查状态', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 31, NULL, '/api/govdoc/runs/{RunId}', 'GET'),
('govdoc:run:retry', 'govdoc', 'run', 'retry', '失败后重试审查', '重试审查', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 32, NULL, '/api/govdoc/runs/{RunId}/retry', 'POST'),
-- 报告与结果权限
('govdoc:report:read', 'govdoc', 'report', 'read', '下载审查报告(HTML/DOCX/原文)', '下载报告', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 40, NULL, '/api/govdoc/runs/{RunId}/report', 'GET'),
('govdoc:result:read', 'govdoc', 'result', 'read', '查看审查结果(findings/entities/summary', '查看审查结果', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 41, NULL, '/api/govdoc/runs/{RunId}/result', 'GET'),
-- 规则权限
('govdoc:rule:read', 'govdoc', 'rule', 'read', '查看公文规则清单与详情', '查看规则', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 50, NULL, '/api/govdoc/rules', 'GET'),
('govdoc:rule:manage', 'govdoc', 'rule', 'manage', '发布、更新、切换规则版本', '管理规则', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 51, NULL, '/api/govdoc/rule-versions', 'POST'),
-- 配置权限(可选)
('govdoc:settings:read', 'govdoc', 'settings', 'read', '查看公文模块配置', '查看设置', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 60, NULL, '/api/govdoc/settings', 'GET'),
('govdoc:settings:update', 'govdoc', 'settings', 'update', '修改公文模块配置', '修改设置', 'API', TRUE, '{"group":"govdoc"}'::jsonb, NOW(), NOW(), 61, NULL, '/api/govdoc/settings', 'PATCH')
ON CONFLICT (permission_key) DO UPDATE SET
module = EXCLUDED.module,
resource = EXCLUDED.resource,
action = EXCLUDED.action,
description = EXCLUDED.description,
display_name = EXCLUDED.display_name,
api_path = EXCLUDED.api_path,
api_method = EXCLUDED.api_method,
updated_at = NOW();
-- ---------------------------------------------------------------------------
-- 2. 角色权限分发
-- ---------------------------------------------------------------------------
WITH role_map AS (
SELECT id, role_key
FROM roles
WHERE role_key IN ('super_admin', 'provincial_admin', 'admin', 'common')
),
perm_map AS (
SELECT id, permission_key
FROM permissions
WHERE permission_key LIKE 'govdoc:%'
),
seed(role_key, permission_key, grant_type, data_scope) AS (
VALUES
-- super_admin: 全部权限
('super_admin', 'govdoc:module:read', 'GRANT', 'ALL'),
('super_admin', 'govdoc:document:create', 'GRANT', 'ALL'),
('super_admin', 'govdoc:document:read', 'GRANT', 'ALL'),
('super_admin', 'govdoc:document:update', 'GRANT', 'ALL'),
('super_admin', 'govdoc:document:delete', 'GRANT', 'ALL'),
('super_admin', 'govdoc:run:create', 'GRANT', 'ALL'),
('super_admin', 'govdoc:run:read', 'GRANT', 'ALL'),
('super_admin', 'govdoc:run:retry', 'GRANT', 'ALL'),
('super_admin', 'govdoc:report:read', 'GRANT', 'ALL'),
('super_admin', 'govdoc:result:read', 'GRANT', 'ALL'),
('super_admin', 'govdoc:rule:read', 'GRANT', 'ALL'),
('super_admin', 'govdoc:rule:manage', 'GRANT', 'ALL'),
('super_admin', 'govdoc:settings:read', 'GRANT', 'ALL'),
('super_admin', 'govdoc:settings:update', 'GRANT', 'ALL'),
-- provincial_admin: 全部业务权限
('provincial_admin', 'govdoc:module:read', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:document:create', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:document:read', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:document:update', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:document:delete', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:run:create', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:run:read', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:run:retry', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:report:read', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:result:read', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:rule:read', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:rule:manage', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:settings:read', 'GRANT', 'ALL'),
('provincial_admin', 'govdoc:settings:update', 'GRANT', 'ALL'),
-- admin: 模块读写 + 规则查看,不含规则配置与配置修改
('admin', 'govdoc:module:read', 'GRANT', 'REGION'),
('admin', 'govdoc:document:create', 'GRANT', 'REGION'),
('admin', 'govdoc:document:read', 'GRANT', 'REGION'),
('admin', 'govdoc:document:update', 'GRANT', 'REGION'),
('admin', 'govdoc:document:delete', 'GRANT', 'REGION'),
('admin', 'govdoc:run:create', 'GRANT', 'REGION'),
('admin', 'govdoc:run:read', 'GRANT', 'REGION'),
('admin', 'govdoc:run:retry', 'GRANT', 'REGION'),
('admin', 'govdoc:report:read', 'GRANT', 'REGION'),
('admin', 'govdoc:result:read', 'GRANT', 'REGION'),
('admin', 'govdoc:rule:read', 'GRANT', 'REGION'),
-- common: 模块查看 + 文档上传/查看 + 审查发起/查看 + 报告/结果查看 + 规则查看
('common', 'govdoc:module:read', 'GRANT', 'OWN'),
('common', 'govdoc:document:create', 'GRANT', 'OWN'),
('common', 'govdoc:document:read', 'GRANT', 'OWN'),
('common', 'govdoc:run:create', 'GRANT', 'OWN'),
('common', 'govdoc:run:read', 'GRANT', 'OWN'),
('common', 'govdoc:report:read', 'GRANT', 'OWN'),
('common', 'govdoc:result:read', 'GRANT', 'OWN'),
('common', 'govdoc:rule:read', 'GRANT', 'OWN')
)
INSERT INTO role_permissions (role_id, permission_id, grant_type, data_scope, created_at, updated_at)
SELECT rm.id, pm.id, seed.grant_type, seed.data_scope, NOW(), NOW()
FROM seed
JOIN role_map rm ON rm.role_key = seed.role_key
JOIN perm_map pm ON pm.permission_key = seed.permission_key
ON CONFLICT (role_id, permission_id) DO UPDATE SET
grant_type = EXCLUDED.grant_type,
data_scope = EXCLUDED.data_scope,
updated_at = NOW();
COMMIT;
Reference in New Issue View Git Blame Copy Permalink