ether-docs/_archive/08-DATABASE/permission-upgrade-v3-rollb...

162 lines
6.0 KiB
PL/PgSQL
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

-- ============================================================
-- Ether 权限体系升级回滚脚本 V3
-- 创建日期: 2026-02-27
-- 说明: 回滚权限系统升级,删除新增角色、恢复更新角色、删除新增权限
-- ============================================================
BEGIN;
-- ============================================================
-- 第一部分:删除角色权限关联
-- ============================================================
-- 1.1 删除超级管理员的新增权限关联
DELETE FROM auth_role_permission
WHERE permission_id IN (
SELECT id FROM auth_permission
WHERE permission_code LIKE 'ops:work_order:%'
OR permission_code LIKE 'ops:inspection:%'
OR permission_code LIKE 'mdm:equipment:%'
OR permission_code LIKE 'ops:visitor:%'
OR permission_code LIKE 'finance:bill:%'
);
-- ============================================================
-- 第二部分:删除新增权限
-- ============================================================
-- 2.1 删除工单操作权限
DELETE FROM auth_permission
WHERE permission_code LIKE 'ops:work_order:%'
AND permission_type = 'BUTTON';
-- 2.2 删除巡检操作权限
DELETE FROM auth_permission
WHERE permission_code LIKE 'ops:inspection:%'
AND permission_type = 'BUTTON';
-- 2.3 删除设备操作权限
DELETE FROM auth_permission
WHERE permission_code LIKE 'mdm:equipment:%'
AND permission_type = 'BUTTON';
-- 2.4 删除访客操作权限
DELETE FROM auth_permission
WHERE permission_code LIKE 'ops:visitor:%'
AND permission_type = 'BUTTON';
-- 2.5 删除财务操作权限
DELETE FROM auth_permission
WHERE permission_code LIKE 'finance:bill:%'
AND permission_type = 'BUTTON';
-- ============================================================
-- 第三部分:恢复更新的角色
-- ============================================================
-- 3.1 恢复 CUSTOMER_SERVICE 角色
UPDATE auth_role
SET role_code = 'CUSTOMER_SERVICE',
role_name = '客服人员',
data_scope = 'DEPARTMENT',
description = '客服人员',
updated_at = NOW()
WHERE role_code = 'CS_STAFF' AND project_id IS NULL;
-- ============================================================
-- 第四部分:删除新增角色
-- ============================================================
-- 4.1 删除新增的系统角色
-- 注意:如果角色已分配给用户,需要先删除用户角色关联
DELETE FROM auth_user_role
WHERE role_id IN (
SELECT id FROM auth_role
WHERE role_code IN ('SYS_ADMIN', 'ENGINEERING_LEAD', 'SECURITY_LEAD', 'CLEANING_LEAD', 'FINANCE_LEAD', 'CLEANING_STAFF', 'OWNER')
AND project_id IS NULL
);
DELETE FROM auth_role
WHERE role_code IN ('SYS_ADMIN', 'ENGINEERING_LEAD', 'SECURITY_LEAD', 'CLEANING_LEAD', 'FINANCE_LEAD', 'CLEANING_STAFF', 'OWNER')
AND project_id IS NULL;
-- ============================================================
-- 第五部分:恢复约束(可选,根据需要执行)
-- ============================================================
-- 5.1 恢复 data_scope 约束(移除 PROJECT 值)
-- 注意:如果有角色使用了 PROJECT 值,需要先更新这些角色
-- ALTER TABLE auth_role DROP CONSTRAINT IF EXISTS auth_role_data_scope_check;
-- ALTER TABLE auth_role ADD CONSTRAINT auth_role_data_scope_check
-- CHECK (data_scope::text = ANY (ARRAY['ALL'::character varying, 'DEPARTMENT'::character varying, 'SELF'::character varying]::text[]));
-- 5.2 恢复 action 约束(移除新增的操作类型)
-- 注意:如果有权限使用了新的 action 值,需要先删除这些权限
-- ALTER TABLE auth_permission DROP CONSTRAINT IF EXISTS auth_permission_action_check;
-- ALTER TABLE auth_permission ADD CONSTRAINT auth_permission_action_check
-- CHECK (action::text = ANY (ARRAY['VIEW'::character varying, 'CREATE'::character varying, 'EDIT'::character varying, 'DELETE'::character varying, 'EXPORT'::character varying, 'IMPORT_DATA'::character varying, 'APPROVE'::character varying, 'ASSIGN'::character varying]::text[]));
-- ============================================================
-- 第六部分:验证回滚结果
-- ============================================================
-- 验证角色已删除
DO $$
DECLARE
role_count INTEGER;
BEGIN
SELECT COUNT(*) INTO role_count FROM auth_role
WHERE role_code IN ('SYS_ADMIN', 'ENGINEERING_LEAD', 'SECURITY_LEAD', 'CLEANING_LEAD', 'FINANCE_LEAD', 'CLEANING_STAFF', 'OWNER')
AND project_id IS NULL;
IF role_count > 0 THEN
RAISE NOTICE '警告: 仍有%个新增角色未删除', role_count;
ELSE
RAISE NOTICE '成功: 所有新增角色已删除';
END IF;
END $$;
-- 验证 CUSTOMER_SERVICE 已恢复
DO $$
DECLARE
cs_exists INTEGER;
BEGIN
SELECT COUNT(*) INTO cs_exists FROM auth_role
WHERE role_code = 'CUSTOMER_SERVICE' AND project_id IS NULL;
IF cs_exists = 0 THEN
RAISE NOTICE '注意: CUSTOMER_SERVICE角色不存在可能原本就不存在';
ELSE
RAISE NOTICE '成功: CUSTOMER_SERVICE角色已恢复';
END IF;
END $$;
-- 验证权限已删除
DO $$
DECLARE
permission_count INTEGER;
BEGIN
SELECT COUNT(*) INTO permission_count FROM auth_permission
WHERE (permission_code LIKE 'ops:work_order:%'
OR permission_code LIKE 'ops:inspection:%'
OR permission_code LIKE 'mdm:equipment:%'
OR permission_code LIKE 'ops:visitor:%'
OR permission_code LIKE 'finance:bill:%')
AND permission_type = 'BUTTON';
IF permission_count > 0 THEN
RAISE NOTICE '警告: 仍有%个新增权限未删除', permission_count;
ELSE
RAISE NOTICE '成功: 所有新增权限已删除';
END IF;
END $$;
COMMIT;
-- ============================================================
-- 执行完成提示
-- ============================================================
-- 回滚完成后请运行以下命令验证:
-- SELECT role_code, role_name, data_scope FROM auth_role WHERE project_id IS NULL ORDER BY sort_order;
-- SELECT COUNT(*) FROM auth_permission WHERE permission_type = 'BUTTON';