wren
227 lines
7.7 KiB
PL/PgSQL
227 lines
7.7 KiB
PL/PgSQL
BEGIN;
|
|
|
|
-- ============================================================================
|
|
-- LeAudit Platform Usage Stats RBAC Seed
|
|
-- 目标:
|
|
-- 1. 为“系统使用统计”补齐菜单路由
|
|
-- 2. 补齐 usage-stats 相关 API 权限点
|
|
-- 3. 为 super_admin / provincial_admin / admin 分配菜单和权限
|
|
-- 说明:
|
|
-- - super_admin / provincial_admin 使用 ALL 数据范围
|
|
-- - admin 使用 DEPT 数据范围,对应地区管理员只看本地区
|
|
-- - 幂等脚本,可重复执行
|
|
-- ============================================================================
|
|
|
|
WITH settings_root AS (
|
|
SELECT id
|
|
FROM sys_routes
|
|
WHERE route_path = '/settings'
|
|
AND deleted_at IS NULL
|
|
LIMIT 1
|
|
)
|
|
INSERT INTO sys_routes (
|
|
route_path,
|
|
route_name,
|
|
component,
|
|
parent_id,
|
|
route_title,
|
|
icon,
|
|
sort_order,
|
|
is_hidden,
|
|
is_cache,
|
|
meta,
|
|
status,
|
|
created_at,
|
|
updated_at,
|
|
deleted_at
|
|
)
|
|
SELECT
|
|
'/usage-stats',
|
|
'usage-stats',
|
|
'usage-stats',
|
|
settings_root.id,
|
|
'系统使用统计',
|
|
'ri-bar-chart-box-line',
|
|
4,
|
|
FALSE,
|
|
TRUE,
|
|
'{"group":"settings"}'::jsonb,
|
|
0,
|
|
NOW(),
|
|
NOW(),
|
|
NULL
|
|
FROM settings_root
|
|
ON CONFLICT (route_path) WHERE deleted_at IS NULL
|
|
DO UPDATE SET
|
|
route_name = EXCLUDED.route_name,
|
|
component = EXCLUDED.component,
|
|
parent_id = EXCLUDED.parent_id,
|
|
route_title = EXCLUDED.route_title,
|
|
icon = EXCLUDED.icon,
|
|
sort_order = EXCLUDED.sort_order,
|
|
is_hidden = EXCLUDED.is_hidden,
|
|
is_cache = EXCLUDED.is_cache,
|
|
meta = EXCLUDED.meta,
|
|
status = 0,
|
|
updated_at = NOW(),
|
|
deleted_at = NULL;
|
|
|
|
WITH usage_route AS (
|
|
SELECT id FROM sys_routes WHERE route_path = '/usage-stats' AND deleted_at IS NULL LIMIT 1
|
|
)
|
|
INSERT INTO permissions (
|
|
permission_key,
|
|
module,
|
|
resource,
|
|
action,
|
|
description,
|
|
display_name,
|
|
permission_type,
|
|
is_system,
|
|
metadata,
|
|
created_at,
|
|
updated_at,
|
|
created_by,
|
|
updated_by,
|
|
parent_id,
|
|
sort_order,
|
|
route_id,
|
|
api_path,
|
|
api_method,
|
|
related_routes
|
|
)
|
|
SELECT
|
|
seed.permission_key,
|
|
seed.module,
|
|
seed.resource,
|
|
seed.action,
|
|
seed.description,
|
|
seed.display_name,
|
|
seed.permission_type,
|
|
seed.is_system,
|
|
seed.metadata,
|
|
seed.created_at,
|
|
seed.updated_at,
|
|
seed.created_by,
|
|
seed.updated_by,
|
|
seed.parent_id,
|
|
seed.sort_order,
|
|
usage_route.id AS route_id,
|
|
seed.api_path,
|
|
seed.api_method,
|
|
seed.related_routes
|
|
FROM (
|
|
VALUES
|
|
('usage_stats:overview:read', 'usage_stats', 'overview', 'read', '查看系统使用统计总览', '查看统计总览', 'API', TRUE, NULL::jsonb, NOW(), NOW(), NULL::bigint, NULL::bigint, NULL::bigint, 210, NULL::bigint, '/api/v3/usage-stats/overview', 'GET', NULL::bigint[]),
|
|
('usage_stats:trends:read', 'usage_stats', 'trends', 'read', '查看系统使用趋势', '查看统计趋势', 'API', TRUE, NULL::jsonb, NOW(), NOW(), NULL::bigint, NULL::bigint, NULL::bigint, 211, NULL::bigint, '/api/v3/usage-stats/trends', 'GET', NULL::bigint[]),
|
|
('usage_stats:users:read', 'usage_stats', 'users', 'read', '查看用户维度统计', '查看用户统计', 'API', TRUE, NULL::jsonb, NOW(), NOW(), NULL::bigint, NULL::bigint, NULL::bigint, 212, NULL::bigint, '/api/v3/usage-stats/by-users', 'GET', NULL::bigint[]),
|
|
('usage_stats:departments:read', 'usage_stats', 'departments', 'read', '查看部门维度统计', '查看部门统计', 'API', TRUE, NULL::jsonb, NOW(), NOW(), NULL::bigint, NULL::bigint, NULL::bigint, 213, NULL::bigint, '/api/v3/usage-stats/by-departments', 'GET', NULL::bigint[]),
|
|
('usage_stats:areas:read', 'usage_stats', 'areas', 'read', '查看地区维度统计', '查看地区统计', 'API', TRUE, NULL::jsonb, NOW(), NOW(), NULL::bigint, NULL::bigint, NULL::bigint, 214, NULL::bigint, '/api/v3/usage-stats/by-areas', 'GET', NULL::bigint[]),
|
|
('usage_stats:details:read', 'usage_stats', 'details', 'read', '查看统计明细', '查看统计明细', 'API', TRUE, NULL::jsonb, NOW(), NOW(), NULL::bigint, NULL::bigint, NULL::bigint, 215, NULL::bigint, '/api/v3/usage-stats/details', 'GET', NULL::bigint[])
|
|
) AS seed(
|
|
permission_key,
|
|
module,
|
|
resource,
|
|
action,
|
|
description,
|
|
display_name,
|
|
permission_type,
|
|
is_system,
|
|
metadata,
|
|
created_at,
|
|
updated_at,
|
|
created_by,
|
|
updated_by,
|
|
parent_id,
|
|
sort_order,
|
|
route_id,
|
|
api_path,
|
|
api_method,
|
|
related_routes
|
|
)
|
|
CROSS JOIN usage_route
|
|
ON CONFLICT (permission_key) DO UPDATE SET
|
|
module = EXCLUDED.module,
|
|
resource = EXCLUDED.resource,
|
|
action = EXCLUDED.action,
|
|
description = EXCLUDED.description,
|
|
display_name = EXCLUDED.display_name,
|
|
permission_type = EXCLUDED.permission_type,
|
|
is_system = EXCLUDED.is_system,
|
|
updated_at = NOW(),
|
|
api_path = EXCLUDED.api_path,
|
|
api_method = EXCLUDED.api_method,
|
|
sort_order = EXCLUDED.sort_order;
|
|
|
|
WITH role_map AS (
|
|
SELECT id, role_key
|
|
FROM roles
|
|
WHERE role_key IN ('super_admin', 'provincial_admin', 'admin')
|
|
),
|
|
route_map AS (
|
|
SELECT id, route_path
|
|
FROM sys_routes
|
|
WHERE deleted_at IS NULL
|
|
AND route_path = '/usage-stats'
|
|
),
|
|
seed(role_key, route_path, permission, status) AS (
|
|
VALUES
|
|
('super_admin', '/usage-stats', 'R', 1),
|
|
('provincial_admin', '/usage-stats', 'R', 1),
|
|
('admin', '/usage-stats', 'R', 1)
|
|
)
|
|
INSERT INTO role_route (role_id, route_id, permission, status, created_at, updated_at)
|
|
SELECT rm.id, tm.id, s.permission, s.status, NOW(), NOW()
|
|
FROM seed s
|
|
JOIN role_map rm ON rm.role_key = s.role_key
|
|
JOIN route_map tm ON tm.route_path = s.route_path
|
|
ON CONFLICT (role_id, route_id) DO UPDATE SET
|
|
permission = EXCLUDED.permission,
|
|
status = EXCLUDED.status,
|
|
updated_at = NOW();
|
|
|
|
WITH role_map AS (
|
|
SELECT id, role_key
|
|
FROM roles
|
|
WHERE role_key IN ('super_admin', 'provincial_admin', 'admin')
|
|
),
|
|
perm_map AS (
|
|
SELECT id, permission_key
|
|
FROM permissions
|
|
WHERE permission_key LIKE 'usage_stats:%'
|
|
),
|
|
seed(role_key, permission_key, grant_type, data_scope) AS (
|
|
VALUES
|
|
('super_admin', 'usage_stats:overview:read', 'GRANT', 'ALL'),
|
|
('super_admin', 'usage_stats:trends:read', 'GRANT', 'ALL'),
|
|
('super_admin', 'usage_stats:users:read', 'GRANT', 'ALL'),
|
|
('super_admin', 'usage_stats:departments:read', 'GRANT', 'ALL'),
|
|
('super_admin', 'usage_stats:areas:read', 'GRANT', 'ALL'),
|
|
('super_admin', 'usage_stats:details:read', 'GRANT', 'ALL'),
|
|
|
|
('provincial_admin', 'usage_stats:overview:read', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'usage_stats:trends:read', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'usage_stats:users:read', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'usage_stats:departments:read', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'usage_stats:areas:read', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'usage_stats:details:read', 'GRANT', 'ALL'),
|
|
|
|
('admin', 'usage_stats:overview:read', 'GRANT', 'DEPT'),
|
|
('admin', 'usage_stats:trends:read', 'GRANT', 'DEPT'),
|
|
('admin', 'usage_stats:users:read', 'GRANT', 'DEPT'),
|
|
('admin', 'usage_stats:departments:read', 'GRANT', 'DEPT'),
|
|
('admin', 'usage_stats:areas:read', 'GRANT', 'DEPT'),
|
|
('admin', 'usage_stats:details:read', 'GRANT', 'DEPT')
|
|
)
|
|
INSERT INTO role_permissions (role_id, permission_id, grant_type, data_scope, created_at, updated_at)
|
|
SELECT rm.id, pm.id, seed.grant_type, seed.data_scope, NOW(), NOW()
|
|
FROM seed
|
|
JOIN role_map rm ON rm.role_key = seed.role_key
|
|
JOIN perm_map pm ON pm.permission_key = seed.permission_key
|
|
ON CONFLICT (role_id, permission_id) DO UPDATE SET
|
|
grant_type = EXCLUDED.grant_type,
|
|
data_scope = EXCLUDED.data_scope,
|
|
updated_at = NOW();
|
|
|
|
COMMIT;
|