wren
331 lines
25 KiB
PL/PgSQL
331 lines
25 KiB
PL/PgSQL
-- ==========================================================================
|
|
-- LeAudit Platform RBAC / User Seed
|
|
-- 说明:
|
|
-- 1. 本文件依赖 scripts/user_rbac_schema_patch.sql 已执行
|
|
-- 2. 权限键统一采用 module:resource:action 风格
|
|
-- 3. 当前只初始化新系统当前开发真正需要的最小权限集
|
|
-- ============================================================================
|
|
|
|
BEGIN;
|
|
|
|
-- --------------------------------------------------------------------------
|
|
-- 1. 角色初始化
|
|
-- --------------------------------------------------------------------------
|
|
INSERT INTO roles (role_key, role_name, data_scope, description, priority, is_system_role, created_at, updated_at)
|
|
VALUES
|
|
('super_admin', '系统超级管理员', 'ALL', '可选,仅系统维护/排障使用', 100, TRUE, NOW(), NOW()),
|
|
('provincial_admin', '省级管理员', 'ALL', '查看全局数据并维护系统配置', 90, TRUE, NOW(), NOW()),
|
|
('admin', '地区管理员', 'DEPT', '仅管理本地区数据', 50, TRUE, NOW(), NOW()),
|
|
('common', '普通用户', 'SELF', '仅处理本人数据', 10, TRUE, NOW(), NOW())
|
|
ON CONFLICT (role_key) DO UPDATE SET
|
|
role_name = EXCLUDED.role_name,
|
|
data_scope = EXCLUDED.data_scope,
|
|
description = EXCLUDED.description,
|
|
priority = EXCLUDED.priority,
|
|
is_system_role = EXCLUDED.is_system_role,
|
|
updated_at = NOW();
|
|
|
|
-- --------------------------------------------------------------------------
|
|
-- 2. 路由初始化
|
|
-- --------------------------------------------------------------------------
|
|
INSERT INTO sys_routes (route_path, route_name, component, parent_id, route_title, icon, sort_order, is_hidden, is_cache, meta, status, created_at, updated_at, deleted_at)
|
|
VALUES
|
|
('/documents', 'documents', 'Layout', NULL, '文档管理', 'files', 10, FALSE, TRUE, '{"group":"documents"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL),
|
|
('/documents/list', 'documents.list', 'documents/list', NULL, '文档列表', 'table', 11, FALSE, TRUE, '{"group":"documents"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL),
|
|
('/audit', 'audit', 'Layout', NULL, '评查任务', 'audit', 20, FALSE, TRUE, '{"group":"audit"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL),
|
|
('/audit/runs', 'audit.runs', 'audit/runs', NULL, '评查运行', 'history', 21, FALSE, TRUE, '{"group":"audit"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL),
|
|
('/rules', 'rules', 'Layout', NULL, '规则管理', 'rule', 30, FALSE, TRUE, '{"group":"rules"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL),
|
|
('/system', 'system', 'Layout', NULL, '系统管理', 'setting', 90, FALSE, TRUE, '{"group":"system"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL),
|
|
('/system/users', 'system.users', 'system/users', NULL, '用户管理', 'user', 91, FALSE, TRUE, '{"group":"system"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL),
|
|
('/system/roles', 'system.roles', 'system/roles', NULL, '角色权限', 'shield', 92, FALSE, TRUE, '{"group":"system"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL),
|
|
('/chat-with-llm', 'chat-with-llm', 'chat-with-llm', NULL, 'AI对话', 'chat', 15, FALSE, TRUE, '{"group":"assistant"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL),
|
|
('/contract-template', 'contract-template', 'contract-template', NULL, '合同管理', 'file-search', 40, FALSE, TRUE, '{"group":"contract"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL),
|
|
('/contract-template/search', 'contract-template.search', 'contract-template/search', NULL, '模板搜索', 'search', 41, FALSE, TRUE, '{"group":"contract"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL),
|
|
('/contract-template/list', 'contract-template.list', 'contract-template/list', NULL, '模板列表', 'folder', 42, FALSE, TRUE, '{"group":"contract"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL),
|
|
('/cross-checking', 'cross-checking', 'cross-checking', NULL, '交叉评查', 'flow', 60, FALSE, TRUE, '{"group":"cross-review"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL),
|
|
('/cross-checking/upload', 'cross-checking.upload', 'cross-checking/upload', NULL, '创建任务', 'upload', 61, FALSE, TRUE, '{"group":"cross-review"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL),
|
|
('/cross-checking/result', 'cross-checking.result', 'cross-checking/result', NULL, '评查结果', 'table', 62, FALSE, TRUE, '{"group":"cross-review"}'::jsonb, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL)
|
|
ON CONFLICT DO NOTHING;
|
|
|
|
UPDATE role_route
|
|
SET deleted_at = NOW(), updated_at = NOW()
|
|
WHERE deleted_at IS NULL
|
|
AND route_id IN (
|
|
SELECT id FROM sys_routes WHERE route_path = '/rules/sets' AND deleted_at IS NULL
|
|
);
|
|
|
|
UPDATE sys_routes
|
|
SET deleted_at = NOW(), updated_at = NOW()
|
|
WHERE route_path = '/rules/sets' AND deleted_at IS NULL;
|
|
|
|
-- --------------------------------------------------------------------------
|
|
-- 3. 权限点初始化
|
|
-- --------------------------------------------------------------------------
|
|
INSERT INTO permissions (
|
|
permission_key, module, resource, action, description, display_name,
|
|
permission_type, is_system, metadata, created_at, updated_at,
|
|
created_by, updated_by, parent_id, sort_order, route_id, api_path, api_method, related_routes
|
|
)
|
|
VALUES
|
|
('auth:me:read', 'auth', 'me', 'read', '查看当前登录用户信息', '当前用户信息', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 10, NULL, '/api/auth/me', 'GET', NULL),
|
|
|
|
('documents:upload:write', 'documents', 'upload', 'write', '上传文档', '上传文档', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 20, NULL, '/api/upload', 'POST', NULL),
|
|
('documents:list:read', 'documents', 'list', 'read', '查看文档列表', '文档列表', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 21, NULL, '/api/documents/list', 'GET', NULL),
|
|
('documents:detail:read', 'documents', 'detail', 'read', '查看文档详情', '文档详情', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 22, NULL, '/api/documents/{document_id}', 'GET', NULL),
|
|
('documents:history:read', 'documents', 'history', 'read', '查看文档历史版本', '文档历史版本', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 23, NULL, '/api/documents/{document_id}/versions', 'GET', NULL),
|
|
('documents:delete:delete', 'documents', 'delete', 'delete', '删除文档', '删除文档', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 24, NULL, '/api/documents/{document_id}', 'DELETE', NULL),
|
|
|
|
('audit:run:execute', 'audit', 'run', 'execute', '发起评查任务', '发起评查', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 30, NULL, '/api/audit/run', 'POST', NULL),
|
|
('audit:status:read', 'audit', 'status', 'read', '查看评查运行状态', '评查状态', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 31, NULL, '/api/audit/run/{run_id}', 'GET', NULL),
|
|
('audit:result:read', 'audit', 'result', 'read', '查看评查结果', '评查结果', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 32, NULL, '/api/audit/result/{run_id}', 'GET', NULL),
|
|
|
|
('rules:list:read', 'rules', 'list', 'read', '查看规则集列表', '规则集列表', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 40, NULL, '/api/rule-sets', 'GET', NULL),
|
|
('rules:version_list:read', 'rules', 'version_list', 'read', '查看规则版本列表', '规则版本列表', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 41, NULL, '/api/rule-sets/{rule_type}/versions', 'GET', NULL),
|
|
('rules:content:read', 'rules', 'content', 'read', '查看规则正文', '规则正文', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 42, NULL, '/api/rule-sets/versions/{version_id}/content', 'GET', NULL),
|
|
('rules:create:write', 'rules', 'create', 'write', '创建规则草稿', '创建规则草稿', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 43, NULL, '/api/v3/evaluation-point-groups/{id}/rule-drafts', 'POST', NULL),
|
|
('rules:validate:execute', 'rules', 'validate', 'execute', '校验规则 YAML', '规则校验', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 44, NULL, '/api/rule-sets/{rule_type}/validate', 'POST', NULL),
|
|
('rules:version_create:write', 'rules', 'version_create', 'write', '创建规则版本', '创建规则版本', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 45, NULL, '/api/rule-sets/{rule_type}/versions', 'POST', NULL),
|
|
('rules:publish:write', 'rules', 'publish', 'write', '发布规则版本', '发布规则', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 46, NULL, '/api/rule-sets/{rule_type}/publish', 'POST', NULL),
|
|
('rules:rollback:write', 'rules', 'rollback', 'write', '回滚规则版本', '回滚规则', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 47, NULL, '/api/rule-sets/{rule_type}/rollback', 'POST', NULL),
|
|
('rules:binding_list:read', 'rules', 'binding_list', 'read', '查看规则绑定列表', '规则绑定列表', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 48, NULL, '/api/rule-sets/bindings', 'GET', NULL),
|
|
('rules:binding_create:write', 'rules', 'binding_create', 'write', '创建规则绑定', '创建规则绑定', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 49, NULL, '/api/rule-sets/{rule_type}/bindings', 'POST', NULL),
|
|
('rules:binding_update:write', 'rules', 'binding_update', 'write', '更新规则绑定', '更新规则绑定', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 50, NULL, '/api/rule-sets/bindings/{binding_id}', 'PUT', NULL),
|
|
('rules:binding_delete:delete', 'rules', 'binding_delete', 'delete', '删除规则绑定', '删除规则绑定', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 51, NULL, '/api/rule-sets/bindings/{binding_id}', 'DELETE', NULL),
|
|
('evaluation_point:list:read', 'evaluation_point', 'list', 'read', '查看评查点列表', '评查点列表', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 52, NULL, '/api/v3/evaluation-points', 'GET', NULL),
|
|
('evaluation_point:detail:read', 'evaluation_point', 'detail', 'read', '查看评查点详情', '评查点详情', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 53, NULL, '/api/v3/evaluation-points/{id}', 'GET', NULL),
|
|
('evaluation_point:create:write', 'evaluation_point', 'create', 'write', '创建评查点', '创建评查点', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 54, NULL, '/api/v3/evaluation-points', 'POST', NULL),
|
|
('evaluation_point:update:write', 'evaluation_point', 'update', 'write', '更新评查点', '更新评查点', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 55, NULL, '/api/v3/evaluation-points/{id}', 'PUT', NULL),
|
|
('evaluation_point:delete:delete', 'evaluation_point', 'delete', 'delete', '删除评查点', '删除评查点', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 56, NULL, '/api/v3/evaluation-points/{id}', 'DELETE', NULL),
|
|
|
|
('users:list:read', 'users', 'list', 'read', '查看用户列表', '用户列表', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 60, NULL, '/api/users/list', 'GET', NULL),
|
|
('users:create:write', 'users', 'create', 'write', '创建用户', '创建用户', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 61, NULL, '/api/users', 'POST', NULL),
|
|
('users:update:write', 'users', 'update', 'write', '更新用户', '更新用户', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 62, NULL, '/api/users/{user_id}', 'PUT', NULL),
|
|
('users:disable:write', 'users', 'disable', 'write', '禁用/启用用户', '禁用用户', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 63, NULL, '/api/users/{user_id}/disable', 'PUT', NULL),
|
|
('users:roles_assign:write', 'users', 'roles_assign', 'write', '分配用户角色', '分配用户角色', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 64, NULL, '/api/users/{user_id}/roles', 'POST', NULL),
|
|
|
|
('rbac:roles:read', 'rbac', 'roles', 'read', '查看角色列表', '角色列表', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 70, NULL, '/api/rbac/roles', 'GET', NULL),
|
|
('rbac:roles:update', 'rbac', 'roles', 'update', '维护角色信息', '维护角色', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 71, NULL, '/api/rbac/roles/{role_id}', 'PUT', NULL),
|
|
('rbac:permissions:read', 'rbac', 'permissions', 'read', '查看权限点列表', '权限点列表', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 72, NULL, '/api/rbac/permissions', 'GET', NULL),
|
|
('rbac:role_permissions:write', 'rbac', 'role_permissions', 'write', '分配角色权限', '分配角色权限', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 73, NULL, '/api/rbac/roles/{role_id}/permissions', 'POST', NULL),
|
|
('rbac:role_routes:write', 'rbac', 'role_routes', 'write', '分配角色菜单', '分配角色菜单', 'API', TRUE, NULL, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL, NULL, NULL, 74, NULL, '/api/rbac/roles/{role_id}/routes', 'PUT', NULL)
|
|
ON CONFLICT (permission_key) DO UPDATE SET
|
|
module = EXCLUDED.module,
|
|
resource = EXCLUDED.resource,
|
|
action = EXCLUDED.action,
|
|
description = EXCLUDED.description,
|
|
display_name = EXCLUDED.display_name,
|
|
permission_type = EXCLUDED.permission_type,
|
|
is_system = EXCLUDED.is_system,
|
|
updated_at = CURRENT_TIMESTAMP,
|
|
api_path = EXCLUDED.api_path,
|
|
api_method = EXCLUDED.api_method,
|
|
sort_order = EXCLUDED.sort_order;
|
|
|
|
-- --------------------------------------------------------------------------
|
|
-- 4. 角色菜单授权
|
|
-- --------------------------------------------------------------------------
|
|
WITH role_map AS (
|
|
SELECT id, role_key FROM roles WHERE role_key IN ('super_admin', 'provincial_admin', 'admin', 'common')
|
|
),
|
|
route_map AS (
|
|
SELECT id, route_path FROM sys_routes WHERE deleted_at IS NULL
|
|
),
|
|
seed(role_key, route_path, permission, status) AS (
|
|
VALUES
|
|
('super_admin', '/documents', 'RW', 1),
|
|
('super_admin', '/documents/list', 'RW', 1),
|
|
('super_admin', '/audit', 'RW', 1),
|
|
('super_admin', '/audit/runs', 'RW', 1),
|
|
('super_admin', '/rules', 'RW', 1),
|
|
('super_admin', '/chat-with-llm', 'RW', 1),
|
|
('super_admin', '/contract-template', 'RW', 1),
|
|
('super_admin', '/contract-template/search', 'RW', 1),
|
|
('super_admin', '/contract-template/list', 'RW', 1),
|
|
('super_admin', '/cross-checking', 'RW', 1),
|
|
('super_admin', '/cross-checking/upload', 'RW', 1),
|
|
('super_admin', '/cross-checking/result', 'RW', 1),
|
|
('super_admin', '/system', 'RW', 1),
|
|
('super_admin', '/system/users', 'RW', 1),
|
|
('super_admin', '/system/roles', 'RW', 1),
|
|
|
|
('provincial_admin', '/documents', 'RW', 1),
|
|
('provincial_admin', '/documents/list', 'RW', 1),
|
|
('provincial_admin', '/audit', 'RW', 1),
|
|
('provincial_admin', '/audit/runs', 'RW', 1),
|
|
('provincial_admin', '/rules', 'RW', 1),
|
|
('provincial_admin', '/chat-with-llm', 'RW', 1),
|
|
('provincial_admin', '/contract-template', 'RW', 1),
|
|
('provincial_admin', '/contract-template/search', 'RW', 1),
|
|
('provincial_admin', '/contract-template/list', 'RW', 1),
|
|
('provincial_admin', '/cross-checking', 'RW', 1),
|
|
('provincial_admin', '/cross-checking/upload', 'RW', 1),
|
|
('provincial_admin', '/cross-checking/result', 'RW', 1),
|
|
('provincial_admin', '/system', 'RW', 1),
|
|
('provincial_admin', '/system/users', 'RW', 1),
|
|
('provincial_admin', '/system/roles', 'RW', 1),
|
|
|
|
('admin', '/documents', 'RW', 1),
|
|
('admin', '/documents/list', 'RW', 1),
|
|
('admin', '/audit', 'RW', 1),
|
|
('admin', '/audit/runs', 'RW', 1),
|
|
('admin', '/rules', 'RW', 1),
|
|
('admin', '/chat-with-llm', 'RW', 1),
|
|
('admin', '/contract-template', 'RW', 1),
|
|
('admin', '/contract-template/search', 'RW', 1),
|
|
('admin', '/contract-template/list', 'RW', 1),
|
|
('admin', '/cross-checking', 'RW', 1),
|
|
('admin', '/cross-checking/upload', 'RW', 1),
|
|
('admin', '/cross-checking/result', 'RW', 1),
|
|
('admin', '/system', 'RW', 1),
|
|
('admin', '/system/users', 'RW', 1),
|
|
|
|
('common', '/documents', 'R', 1),
|
|
('common', '/documents/list', 'R', 1),
|
|
('common', '/audit', 'R', 1),
|
|
('common', '/audit/runs', 'R', 1)
|
|
)
|
|
INSERT INTO role_route (role_id, route_id, permission, status, created_at, updated_at)
|
|
SELECT rm.id, tm.id, s.permission, s.status, NOW(), NOW()
|
|
FROM seed s
|
|
JOIN role_map rm ON rm.role_key = s.role_key
|
|
JOIN route_map tm ON tm.route_path = s.route_path
|
|
ON CONFLICT (role_id, route_id) DO UPDATE SET
|
|
permission = EXCLUDED.permission,
|
|
status = EXCLUDED.status,
|
|
updated_at = NOW();
|
|
|
|
-- --------------------------------------------------------------------------
|
|
-- 5. 角色权限授权
|
|
-- --------------------------------------------------------------------------
|
|
WITH role_map AS (
|
|
SELECT id, role_key FROM roles WHERE role_key IN ('super_admin', 'provincial_admin', 'admin', 'common')
|
|
),
|
|
perm_map AS (
|
|
SELECT id, permission_key FROM permissions
|
|
),
|
|
seed(role_key, permission_key, grant_type, data_scope) AS (
|
|
VALUES
|
|
('super_admin', 'auth:me:read', 'GRANT', 'ALL'),
|
|
('super_admin', 'documents:upload:write', 'GRANT', 'ALL'),
|
|
('super_admin', 'documents:list:read', 'GRANT', 'ALL'),
|
|
('super_admin', 'documents:detail:read', 'GRANT', 'ALL'),
|
|
('super_admin', 'documents:history:read', 'GRANT', 'ALL'),
|
|
('super_admin', 'documents:delete:delete', 'GRANT', 'ALL'),
|
|
('super_admin', 'audit:run:execute', 'GRANT', 'ALL'),
|
|
('super_admin', 'audit:status:read', 'GRANT', 'ALL'),
|
|
('super_admin', 'audit:result:read', 'GRANT', 'ALL'),
|
|
('super_admin', 'rules:list:read', 'GRANT', 'ALL'),
|
|
('super_admin', 'rules:create:write', 'GRANT', 'ALL'),
|
|
('super_admin', 'rules:version_list:read', 'GRANT', 'ALL'),
|
|
('super_admin', 'rules:content:read', 'GRANT', 'ALL'),
|
|
('super_admin', 'rules:validate:execute', 'GRANT', 'ALL'),
|
|
('super_admin', 'rules:version_create:write', 'GRANT', 'ALL'),
|
|
('super_admin', 'rules:publish:write', 'GRANT', 'ALL'),
|
|
('super_admin', 'rules:rollback:write', 'GRANT', 'ALL'),
|
|
('super_admin', 'rules:binding_list:read', 'GRANT', 'ALL'),
|
|
('super_admin', 'rules:binding_create:write', 'GRANT', 'ALL'),
|
|
('super_admin', 'rules:binding_update:write', 'GRANT', 'ALL'),
|
|
('super_admin', 'rules:binding_delete:delete', 'GRANT', 'ALL'),
|
|
('super_admin', 'evaluation_point:list:read', 'GRANT', 'ALL'),
|
|
('super_admin', 'evaluation_point:detail:read', 'GRANT', 'ALL'),
|
|
('super_admin', 'evaluation_point:create:write', 'GRANT', 'ALL'),
|
|
('super_admin', 'evaluation_point:update:write', 'GRANT', 'ALL'),
|
|
('super_admin', 'evaluation_point:delete:delete', 'GRANT', 'ALL'),
|
|
('super_admin', 'users:list:read', 'GRANT', 'ALL'),
|
|
('super_admin', 'users:create:write', 'GRANT', 'ALL'),
|
|
('super_admin', 'users:update:write', 'GRANT', 'ALL'),
|
|
('super_admin', 'users:disable:write', 'GRANT', 'ALL'),
|
|
('super_admin', 'users:roles_assign:write', 'GRANT', 'ALL'),
|
|
('super_admin', 'rbac:roles:read', 'GRANT', 'ALL'),
|
|
('super_admin', 'rbac:roles:update', 'GRANT', 'ALL'),
|
|
('super_admin', 'rbac:permissions:read', 'GRANT', 'ALL'),
|
|
('super_admin', 'rbac:role_permissions:write', 'GRANT', 'ALL'),
|
|
('super_admin', 'rbac:role_routes:write', 'GRANT', 'ALL'),
|
|
|
|
('provincial_admin', 'auth:me:read', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'documents:upload:write', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'documents:list:read', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'documents:detail:read', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'documents:history:read', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'documents:delete:delete', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'audit:run:execute', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'audit:status:read', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'audit:result:read', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'rules:list:read', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'rules:create:write', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'rules:version_list:read', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'rules:content:read', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'rules:validate:execute', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'rules:version_create:write', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'rules:publish:write', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'rules:rollback:write', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'rules:binding_list:read', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'rules:binding_create:write', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'rules:binding_update:write', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'rules:binding_delete:delete', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'evaluation_point:list:read', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'evaluation_point:detail:read', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'evaluation_point:create:write', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'evaluation_point:update:write', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'evaluation_point:delete:delete', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'users:list:read', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'users:create:write', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'users:update:write', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'users:disable:write', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'users:roles_assign:write', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'rbac:roles:read', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'rbac:roles:update', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'rbac:permissions:read', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'rbac:role_permissions:write', 'GRANT', 'ALL'),
|
|
('provincial_admin', 'rbac:role_routes:write', 'GRANT', 'ALL'),
|
|
|
|
('admin', 'auth:me:read', 'GRANT', 'DEPT'),
|
|
('admin', 'documents:upload:write', 'GRANT', 'DEPT'),
|
|
('admin', 'documents:list:read', 'GRANT', 'DEPT'),
|
|
('admin', 'documents:detail:read', 'GRANT', 'DEPT'),
|
|
('admin', 'documents:history:read', 'GRANT', 'DEPT'),
|
|
('admin', 'documents:delete:delete', 'GRANT', 'DEPT'),
|
|
('admin', 'audit:run:execute', 'GRANT', 'DEPT'),
|
|
('admin', 'audit:status:read', 'GRANT', 'DEPT'),
|
|
('admin', 'audit:result:read', 'GRANT', 'DEPT'),
|
|
('admin', 'rules:list:read', 'GRANT', 'DEPT'),
|
|
('admin', 'rules:create:write', 'GRANT', 'DEPT'),
|
|
('admin', 'rules:version_list:read', 'GRANT', 'DEPT'),
|
|
('admin', 'rules:content:read', 'GRANT', 'DEPT'),
|
|
('admin', 'rules:validate:execute', 'GRANT', 'DEPT'),
|
|
('admin', 'rules:binding_list:read', 'GRANT', 'DEPT'),
|
|
('admin', 'rules:binding_create:write', 'GRANT', 'DEPT'),
|
|
('admin', 'rules:binding_update:write', 'GRANT', 'DEPT'),
|
|
('admin', 'evaluation_point:list:read', 'GRANT', 'DEPT'),
|
|
('admin', 'evaluation_point:detail:read', 'GRANT', 'DEPT'),
|
|
('admin', 'evaluation_point:create:write', 'GRANT', 'DEPT'),
|
|
('admin', 'evaluation_point:update:write', 'GRANT', 'DEPT'),
|
|
('admin', 'evaluation_point:delete:delete', 'GRANT', 'DEPT'),
|
|
('admin', 'users:list:read', 'GRANT', 'DEPT'),
|
|
('admin', 'users:update:write', 'GRANT', 'DEPT'),
|
|
|
|
('common', 'auth:me:read', 'GRANT', 'SELF'),
|
|
('common', 'documents:upload:write', 'GRANT', 'SELF'),
|
|
('common', 'documents:list:read', 'GRANT', 'SELF'),
|
|
('common', 'documents:detail:read', 'GRANT', 'SELF'),
|
|
('common', 'documents:history:read', 'GRANT', 'SELF'),
|
|
('common', 'audit:run:execute', 'GRANT', 'SELF'),
|
|
('common', 'audit:status:read', 'GRANT', 'SELF'),
|
|
('common', 'audit:result:read', 'GRANT', 'SELF'),
|
|
('common', 'rules:list:read', 'GRANT', 'DEPT'),
|
|
('common', 'rules:version_list:read', 'GRANT', 'DEPT'),
|
|
('common', 'rules:content:read', 'GRANT', 'DEPT'),
|
|
('common', 'rules:binding_list:read', 'GRANT', 'DEPT')
|
|
)
|
|
INSERT INTO role_permissions (role_id, permission_id, grant_type, data_scope, created_at, updated_at)
|
|
SELECT rm.id, pm.id, s.grant_type, s.data_scope, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP
|
|
FROM seed s
|
|
JOIN role_map rm ON rm.role_key = s.role_key
|
|
JOIN perm_map pm ON pm.permission_key = s.permission_key
|
|
ON CONFLICT (role_id, permission_id) DO UPDATE SET
|
|
grant_type = EXCLUDED.grant_type,
|
|
data_scope = EXCLUDED.data_scope,
|
|
updated_at = CURRENT_TIMESTAMP;
|
|
|
|
COMMIT;
|