TanWenyan/leaudit-platform-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b3ad4a6f33d3cd7ec7c633d2c18574eda9b4e0f7
leaudit-platform-backend/scripts/user_rbac_comments_patch.sql
T
wren b3ad4a6f33 feat: bootstrap user rbac foundation
2026-04-29 15:23:19 +08:00

138 lines
9.0 KiB
PL/PgSQL
Raw Blame History

-- ==========================================================================
-- LeAudit Platform RBAC / User 中文注释补丁
-- 目标:补齐 sso_users / roles / user_role / permissions / role_permissions /
-- sys_routes / role_route 的表注释与列注释
-- ============================================================================
BEGIN;
-- --------------------------------------------------------------------------
-- 1. sso_users
-- --------------------------------------------------------------------------
COMMENT ON TABLE sso_users IS '用户主表:统一承载认证身份、组织信息、登录信息与单地区隔离核心字段';
COMMENT ON COLUMN sso_users.id IS '主键ID';
COMMENT ON COLUMN sso_users.sub IS '统一身份唯一标识,OAuth/SSO 主键';
COMMENT ON COLUMN sso_users.username IS '登录名/工号/展示账号';
COMMENT ON COLUMN sso_users.nick_name IS '用户真实姓名';
COMMENT ON COLUMN sso_users.phone_number IS '手机号';
COMMENT ON COLUMN sso_users.email IS '邮箱地址';
COMMENT ON COLUMN sso_users.ou_id IS '所属组织单位ID/部门ID';
COMMENT ON COLUMN sso_users.ou_name IS '所属组织单位名称/部门名称';
COMMENT ON COLUMN sso_users.status IS '账户状态:0=正常,1=禁用';
COMMENT ON COLUMN sso_users.is_leader IS '是否为负责人';
COMMENT ON COLUMN sso_users.created_at IS '创建时间';
COMMENT ON COLUMN sso_users.updated_at IS '更新时间';
COMMENT ON COLUMN sso_users.deleted_at IS '软删除时间';
COMMENT ON COLUMN sso_users.password IS '密码字段:当前阶段兼容旧值,后续应迁移为哈希';
COMMENT ON COLUMN sso_users.try_count IS '尝试登录次数';
COMMENT ON COLUMN sso_users.try_login_time IS '最近一次尝试登录时间';
COMMENT ON COLUMN sso_users.area IS '用户主地区,当前系统唯一数据隔离字段';
COMMENT ON COLUMN sso_users.mq_person_uuid IS '关联组织/人员同步系统中的人员UUID';
COMMENT ON COLUMN sso_users.mq_account_uuid IS '关联组织/账号同步系统中的账号UUID';
COMMENT ON COLUMN sso_users.mq_synced_at IS '最近一次组织/账号同步时间';
COMMENT ON COLUMN sso_users.tenant_name IS '租户名称/管理单元名称';
COMMENT ON COLUMN sso_users.dep_short_name IS '组织简称';
COMMENT ON COLUMN sso_users.dep_name IS '组织名称';
-- --------------------------------------------------------------------------
-- 2. roles
-- --------------------------------------------------------------------------
COMMENT ON TABLE roles IS '角色表:定义系统角色及其默认数据范围,当前主业务角色为 provincial_admin/admin/common';
COMMENT ON COLUMN roles.id IS '主键ID';
COMMENT ON COLUMN roles.role_key IS '角色机器标识,例如 provincial_admin/admin/common';
COMMENT ON COLUMN roles.role_name IS '角色展示名称';
COMMENT ON COLUMN roles.data_scope IS '默认数据范围:ALL=全部,DEPT=同地区,SELF=仅自己,GROUP仅保留兼容';
COMMENT ON COLUMN roles.description IS '角色描述';
COMMENT ON COLUMN roles.created_at IS '创建时间';
COMMENT ON COLUMN roles.updated_at IS '更新时间';
COMMENT ON COLUMN roles.parent_role_id IS '父角色ID,用于角色继承';
COMMENT ON COLUMN roles.priority IS '角色优先级,数值越大优先级越高';
COMMENT ON COLUMN roles.is_system_role IS '是否系统内置角色';
COMMENT ON COLUMN roles.permissions_cache IS '权限缓存JSON,当前阶段不作为核心依赖';
COMMENT ON COLUMN roles.metadata IS '扩展元数据JSON';
-- --------------------------------------------------------------------------
-- 3. user_role
-- --------------------------------------------------------------------------
COMMENT ON TABLE user_role IS '用户角色关联表:一个用户可挂多个角色,用于聚合功能权限与数据范围';
COMMENT ON COLUMN user_role.id IS '主键ID';
COMMENT ON COLUMN user_role.user_id IS '用户ID,关联 sso_users.id';
COMMENT ON COLUMN user_role.role_id IS '角色ID,关联 roles.id';
COMMENT ON COLUMN user_role.created_at IS '创建时间';
COMMENT ON COLUMN user_role.updated_at IS '更新时间';
-- --------------------------------------------------------------------------
-- 4. permissions
-- --------------------------------------------------------------------------
COMMENT ON TABLE permissions IS '权限点定义表:统一定义 API/UI/数据权限点,权限键采用 module:resource:action 风格';
COMMENT ON COLUMN permissions.id IS '主键ID';
COMMENT ON COLUMN permissions.permission_key IS '权限键,例如 documents:list:read、audit:run:execute';
COMMENT ON COLUMN permissions.module IS '所属模块,例如 auth/documents/audit/rules/users/rbac';
COMMENT ON COLUMN permissions.resource IS '资源名,例如 list/detail/upload/run';
COMMENT ON COLUMN permissions.action IS '动作名,例如 read/write/delete/execute';
COMMENT ON COLUMN permissions.description IS '权限描述';
COMMENT ON COLUMN permissions.display_name IS '权限展示名称';
COMMENT ON COLUMN permissions.permission_type IS '权限类型:API/UI/DATA/RPC';
COMMENT ON COLUMN permissions.is_system IS '是否系统内置权限';
COMMENT ON COLUMN permissions.metadata IS '扩展元数据JSON';
COMMENT ON COLUMN permissions.created_at IS '创建时间';
COMMENT ON COLUMN permissions.updated_at IS '更新时间';
COMMENT ON COLUMN permissions.created_by IS '创建人用户ID';
COMMENT ON COLUMN permissions.updated_by IS '更新人用户ID';
COMMENT ON COLUMN permissions.parent_id IS '父权限ID,用于构建权限树';
COMMENT ON COLUMN permissions.sort_order IS '排序顺序';
COMMENT ON COLUMN permissions.route_id IS '主关联路由ID,关联 sys_routes.id';
COMMENT ON COLUMN permissions.api_path IS '对应后端 API 路径';
COMMENT ON COLUMN permissions.api_method IS '对应后端 HTTP 方法';
COMMENT ON COLUMN permissions.related_routes IS '共享权限可关联的多个路由ID列表';
-- --------------------------------------------------------------------------
-- 5. role_permissions
-- --------------------------------------------------------------------------
COMMENT ON TABLE role_permissions IS '角色权限关联表:定义某角色拥有哪些权限点,以及该权限点对应的数据范围';
COMMENT ON COLUMN role_permissions.id IS '主键ID';
COMMENT ON COLUMN role_permissions.role_id IS '角色ID,关联 roles.id';
COMMENT ON COLUMN role_permissions.permission_id IS '权限点ID,关联 permissions.id';
COMMENT ON COLUMN role_permissions.grant_type IS '授权类型:GRANT=授予,DENY=拒绝';
COMMENT ON COLUMN role_permissions.data_scope IS '数据范围:ALL=全部,DEPT=同地区,SELF=仅自己,GROUP仅保留兼容';
COMMENT ON COLUMN role_permissions.condition_filter IS '高级条件过滤JSON,当前阶段不作为核心依赖';
COMMENT ON COLUMN role_permissions.metadata IS '扩展元数据JSON';
COMMENT ON COLUMN role_permissions.created_at IS '创建时间';
COMMENT ON COLUMN role_permissions.created_by IS '创建人用户ID';
COMMENT ON COLUMN role_permissions.updated_at IS '更新时间';
COMMENT ON COLUMN role_permissions.updated_by IS '更新人用户ID';
-- --------------------------------------------------------------------------
-- 6. sys_routes
-- --------------------------------------------------------------------------
COMMENT ON TABLE sys_routes IS '前端菜单/页面路由表:用于控制角色可见菜单,不替代 API 权限表';
COMMENT ON COLUMN sys_routes.id IS '主键ID';
COMMENT ON COLUMN sys_routes.route_path IS '前端路由路径';
COMMENT ON COLUMN sys_routes.route_name IS '路由名称/内部标识';
COMMENT ON COLUMN sys_routes.component IS '前端组件路径';
COMMENT ON COLUMN sys_routes.parent_id IS '父路由ID';
COMMENT ON COLUMN sys_routes.route_title IS '路由标题/菜单显示名';
COMMENT ON COLUMN sys_routes.icon IS '菜单图标标识';
COMMENT ON COLUMN sys_routes.sort_order IS '排序顺序';
COMMENT ON COLUMN sys_routes.is_hidden IS '是否隐藏路由';
COMMENT ON COLUMN sys_routes.is_cache IS '是否启用前端缓存';
COMMENT ON COLUMN sys_routes.meta IS '路由扩展元数据JSON';
COMMENT ON COLUMN sys_routes.status IS '状态:0=启用,1=禁用';
COMMENT ON COLUMN sys_routes.created_at IS '创建时间';
COMMENT ON COLUMN sys_routes.updated_at IS '更新时间';
COMMENT ON COLUMN sys_routes.deleted_at IS '软删除时间';
-- --------------------------------------------------------------------------
-- 7. role_route
-- --------------------------------------------------------------------------
COMMENT ON TABLE role_route IS '角色路由关联表:定义某角色可访问哪些菜单/页面路由';
COMMENT ON COLUMN role_route.id IS '主键ID';
COMMENT ON COLUMN role_route.role_id IS '角色ID,关联 roles.id';
COMMENT ON COLUMN role_route.route_id IS '路由ID,关联 sys_routes.id';
COMMENT ON COLUMN role_route.permission IS '路由权限类型:R=读,W=写,RW=读写';
COMMENT ON COLUMN role_route.created_at IS '创建时间';
COMMENT ON COLUMN role_route.updated_at IS '更新时间';
COMMENT ON COLUMN role_route.status IS '状态:0=禁用,1=启用';
COMMIT;
Reference in New Issue View Git Blame Copy Permalink