341 lines
27 KiB
PL/PgSQL
341 lines
27 KiB
PL/PgSQL
-- ============================================================
|
||
-- Ether 权限体系升级脚本 V3
|
||
-- 创建日期: 2026-02-27
|
||
-- 说明: 升级权限系统,新增7个角色、更新1个角色、新增39个按钮级权限
|
||
-- ============================================================
|
||
|
||
BEGIN;
|
||
|
||
-- ============================================================
|
||
-- 第零部分:扩展约束(添加新的枚举值支持)
|
||
-- ============================================================
|
||
|
||
-- 0.1 扩展 data_scope 约束,添加 PROJECT 值
|
||
ALTER TABLE auth_role DROP CONSTRAINT IF EXISTS auth_role_data_scope_check;
|
||
ALTER TABLE auth_role ADD CONSTRAINT auth_role_data_scope_check
|
||
CHECK (data_scope::text = ANY (ARRAY['ALL'::character varying, 'PROJECT'::character varying, 'DEPARTMENT'::character varying, 'SELF'::character varying]::text[]));
|
||
|
||
-- 0.2 扩展 action 约束,添加新的操作类型
|
||
ALTER TABLE auth_permission DROP CONSTRAINT IF EXISTS auth_permission_action_check;
|
||
ALTER TABLE auth_permission ADD CONSTRAINT auth_permission_action_check
|
||
CHECK (action::text = ANY (ARRAY[
|
||
'VIEW'::character varying, 'CREATE'::character varying, 'EDIT'::character varying,
|
||
'DELETE'::character varying, 'EXPORT'::character varying, 'IMPORT_DATA'::character varying,
|
||
'APPROVE'::character varying, 'ASSIGN'::character varying,
|
||
'ACCEPT'::character varying, 'START'::character varying, 'COMPLETE'::character varying,
|
||
'TRANSFER'::character varying, 'CLOSE'::character varying, 'REPORT_FEE'::character varying,
|
||
'AUDIT_FEE'::character varying, 'AUDIT_QUALITY'::character varying, 'SCAN'::character varying,
|
||
'REPORT'::character varying, 'PLAN'::character varying, 'FORCE_CLOSE'::character varying,
|
||
'MAINTAIN'::character varying, 'REGISTER'::character varying, 'VERIFY'::character varying,
|
||
'RELEASE'::character varying, 'ADJUST'::character varying, 'COLLECT'::character varying,
|
||
'PAY'::character varying, 'AUDIT'::character varying, 'REDUCE'::character varying
|
||
]::text[]));
|
||
|
||
-- ============================================================
|
||
-- 第一部分:角色升级
|
||
-- ============================================================
|
||
|
||
-- 1.1 新增系统角色
|
||
-- 使用固定UUID便于回滚和引用
|
||
INSERT INTO auth_role (id, project_id, role_code, role_name, description, role_type, data_scope, enabled, sort_order, created_at, updated_at)
|
||
SELECT 'd0000000-0000-0000-0000-000000000001', NULL, 'SYS_ADMIN', '系统管理员', '系统级管理,负责系统配置和运维', 'SYSTEM', 'ALL', true, 2, NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_role WHERE role_code = 'SYS_ADMIN' AND project_id IS NULL);
|
||
|
||
INSERT INTO auth_role (id, project_id, role_code, role_name, description, role_type, data_scope, enabled, sort_order, created_at, updated_at)
|
||
SELECT 'd0000000-0000-0000-0000-000000000002', NULL, 'ENGINEERING_LEAD', '工程主管', '工程部管理,负责设备维护和工单调度', 'SYSTEM', 'DEPARTMENT', true, 11, NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_role WHERE role_code = 'ENGINEERING_LEAD' AND project_id IS NULL);
|
||
|
||
INSERT INTO auth_role (id, project_id, role_code, role_name, description, role_type, data_scope, enabled, sort_order, created_at, updated_at)
|
||
SELECT 'd0000000-0000-0000-0000-000000000003', NULL, 'SECURITY_LEAD', '安保主管', '安保部管理,负责安保巡检和访客管理', 'SYSTEM', 'DEPARTMENT', true, 12, NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_role WHERE role_code = 'SECURITY_LEAD' AND project_id IS NULL);
|
||
|
||
INSERT INTO auth_role (id, project_id, role_code, role_name, description, role_type, data_scope, enabled, sort_order, created_at, updated_at)
|
||
SELECT 'd0000000-0000-0000-0000-000000000004', NULL, 'CLEANING_LEAD', '保洁主管', '保洁部管理,负责保洁任务分配和品质检查', 'SYSTEM', 'DEPARTMENT', true, 13, NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_role WHERE role_code = 'CLEANING_LEAD' AND project_id IS NULL);
|
||
|
||
INSERT INTO auth_role (id, project_id, role_code, role_name, description, role_type, data_scope, enabled, sort_order, created_at, updated_at)
|
||
SELECT 'd0000000-0000-0000-0000-000000000005', NULL, 'FINANCE_LEAD', '财务主管', '财务部管理,负责收费和账单管理', 'SYSTEM', 'DEPARTMENT', true, 14, NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_role WHERE role_code = 'FINANCE_LEAD' AND project_id IS NULL);
|
||
|
||
INSERT INTO auth_role (id, project_id, role_code, role_name, description, role_type, data_scope, enabled, sort_order, created_at, updated_at)
|
||
SELECT 'd0000000-0000-0000-0000-000000000006', NULL, 'CLEANING_STAFF', '保洁人员', '保洁执行、品质检查', 'SYSTEM', 'SELF', true, 23, NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_role WHERE role_code = 'CLEANING_STAFF' AND project_id IS NULL);
|
||
|
||
INSERT INTO auth_role (id, project_id, role_code, role_name, description, role_type, data_scope, enabled, sort_order, created_at, updated_at)
|
||
SELECT 'd0000000-0000-0000-0000-000000000007', NULL, 'OWNER', '业主', '业主用户,可查看个人账单和报修', 'SYSTEM', 'SELF', true, 30, NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_role WHERE role_code = 'OWNER' AND project_id IS NULL);
|
||
|
||
-- 1.2 更新现有角色:CUSTOMER_SERVICE -> CS_STAFF
|
||
-- 更新角色编码和数据范围
|
||
UPDATE auth_role
|
||
SET role_code = 'CS_STAFF',
|
||
role_name = '客服人员',
|
||
data_scope = 'PROJECT',
|
||
description = '业主服务、访客核验',
|
||
updated_at = NOW()
|
||
WHERE role_code = 'CUSTOMER_SERVICE' AND project_id IS NULL;
|
||
|
||
-- ============================================================
|
||
-- 第二部分:按钮级权限新增
|
||
-- ============================================================
|
||
|
||
-- 2.1 工单操作权限(12个)
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0001-000000000001', 'ops:work_order:view', '查看工单', 'ops', 'work_order', 'VIEW', 'BUTTON', NULL, 1, true, '查看工单详情', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:work_order:view');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0001-000000000002', 'ops:work_order:create', '创建工单', 'ops', 'work_order', 'CREATE', 'BUTTON', NULL, 2, true, '创建新工单', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:work_order:create');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0001-000000000003', 'ops:work_order:assign', '分配工单', 'ops', 'work_order', 'ASSIGN', 'BUTTON', NULL, 3, true, '分配工单给处理人', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:work_order:assign');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0001-000000000004', 'ops:work_order:accept', '接单', 'ops', 'work_order', 'ACCEPT', 'BUTTON', NULL, 4, true, '接受工单任务', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:work_order:accept');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0001-000000000005', 'ops:work_order:start', '开始处理', 'ops', 'work_order', 'START', 'BUTTON', NULL, 5, true, '开始处理工单', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:work_order:start');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0001-000000000006', 'ops:work_order:complete', '完成工单', 'ops', 'work_order', 'COMPLETE', 'BUTTON', NULL, 6, true, '标记工单完成', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:work_order:complete');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0001-000000000007', 'ops:work_order:transfer', '转单', 'ops', 'work_order', 'TRANSFER', 'BUTTON', NULL, 7, true, '转派工单给他人', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:work_order:transfer');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0001-000000000008', 'ops:work_order:close', '关闭工单', 'ops', 'work_order', 'CLOSE', 'BUTTON', NULL, 8, true, '关闭工单', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:work_order:close');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0001-000000000009', 'ops:work_order:report_fee', '填报费用', 'ops', 'work_order', 'REPORT_FEE', 'BUTTON', NULL, 9, true, '填报工单费用', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:work_order:report_fee');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0001-000000000010', 'ops:work_order:audit_fee', '费用审核', 'ops', 'work_order', 'AUDIT_FEE', 'BUTTON', NULL, 10, true, '审核工单费用', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:work_order:audit_fee');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0001-000000000011', 'ops:work_order:audit_quality', '质量审核', 'ops', 'work_order', 'AUDIT_QUALITY', 'BUTTON', NULL, 11, true, '审核工单质量', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:work_order:audit_quality');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0001-000000000012', 'ops:work_order:delete', '删除工单', 'ops', 'work_order', 'DELETE', 'BUTTON', NULL, 12, true, '删除工单', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:work_order:delete');
|
||
|
||
-- 2.2 巡检操作权限(8个)
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0002-000000000001', 'ops:inspection:view', '查看巡检', 'ops', 'inspection', 'VIEW', 'BUTTON', NULL, 1, true, '查看巡检记录', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:inspection:view');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0002-000000000002', 'ops:inspection:start', '开始巡检', 'ops', 'inspection', 'START', 'BUTTON', NULL, 2, true, '开始巡检任务', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:inspection:start');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0002-000000000003', 'ops:inspection:scan', '扫码签到', 'ops', 'inspection', 'SCAN', 'BUTTON', NULL, 3, true, '扫码签到巡检点', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:inspection:scan');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0002-000000000004', 'ops:inspection:report', '异常上报', 'ops', 'inspection', 'REPORT', 'BUTTON', NULL, 4, true, '上报巡检异常', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:inspection:report');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0002-000000000005', 'ops:inspection:complete', '完成巡检', 'ops', 'inspection', 'COMPLETE', 'BUTTON', NULL, 5, true, '完成巡检任务', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:inspection:complete');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0002-000000000006', 'ops:inspection:plan', '制定计划', 'ops', 'inspection', 'PLAN', 'BUTTON', NULL, 6, true, '制定巡检计划', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:inspection:plan');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0002-000000000007', 'ops:inspection:assign', '指派任务', 'ops', 'inspection', 'ASSIGN', 'BUTTON', NULL, 7, true, '指派巡检任务', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:inspection:assign');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0002-000000000008', 'ops:inspection:force_close', '强制闭环', 'ops', 'inspection', 'FORCE_CLOSE', 'BUTTON', NULL, 8, true, '强制关闭巡检异常', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:inspection:force_close');
|
||
|
||
-- 2.3 设备操作权限(6个)
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0003-000000000001', 'mdm:equipment:view', '查看设备', 'mdm', 'equipment', 'VIEW', 'BUTTON', NULL, 1, true, '查看设备详情', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'mdm:equipment:view');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0003-000000000002', 'mdm:equipment:scan', '扫码巡检', 'mdm', 'equipment', 'SCAN', 'BUTTON', NULL, 2, true, '扫码查看设备信息', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'mdm:equipment:scan');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0003-000000000003', 'mdm:equipment:maintain', '维护记录', 'mdm', 'equipment', 'MAINTAIN', 'BUTTON', NULL, 3, true, '记录设备维护', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'mdm:equipment:maintain');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0003-000000000004', 'mdm:equipment:edit', '编辑设备', 'mdm', 'equipment', 'EDIT', 'BUTTON', NULL, 4, true, '编辑设备信息', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'mdm:equipment:edit');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0003-000000000005', 'mdm:equipment:create', '新增设备', 'mdm', 'equipment', 'CREATE', 'BUTTON', NULL, 5, true, '新增设备', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'mdm:equipment:create');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0003-000000000006', 'mdm:equipment:delete', '删除设备', 'mdm', 'equipment', 'DELETE', 'BUTTON', NULL, 6, true, '删除设备', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'mdm:equipment:delete');
|
||
|
||
-- 2.4 访客操作权限(5个)
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0004-000000000001', 'ops:visitor:view', '查看访客', 'ops', 'visitor', 'VIEW', 'BUTTON', NULL, 1, true, '查看访客记录', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:visitor:view');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0004-000000000002', 'ops:visitor:register', '访客登记', 'ops', 'visitor', 'REGISTER', 'BUTTON', NULL, 2, true, '登记访客信息', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:visitor:register');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0004-000000000003', 'ops:visitor:verify', '访客核验', 'ops', 'visitor', 'VERIFY', 'BUTTON', NULL, 3, true, '核验访客身份', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:visitor:verify');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0004-000000000004', 'ops:visitor:release', '访客放行', 'ops', 'visitor', 'RELEASE', 'BUTTON', NULL, 4, true, '放行访客', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:visitor:release');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0004-000000000005', 'ops:visitor:export', '导出记录', 'ops', 'visitor', 'EXPORT', 'BUTTON', NULL, 5, true, '导出访客记录', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'ops:visitor:export');
|
||
|
||
-- 2.5 财务操作权限(8个)
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0005-000000000001', 'finance:bill:view', '查看账单', 'finance', 'bill', 'VIEW', 'BUTTON', NULL, 1, true, '查看账单详情', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'finance:bill:view');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0005-000000000002', 'finance:bill:create', '生成账单', 'finance', 'bill', 'CREATE', 'BUTTON', NULL, 2, true, '生成新账单', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'finance:bill:create');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0005-000000000003', 'finance:bill:adjust', '调整账单', 'finance', 'bill', 'ADJUST', 'BUTTON', NULL, 3, true, '调整账单金额', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'finance:bill:adjust');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0005-000000000004', 'finance:bill:collect', '收费登记', 'finance', 'bill', 'COLLECT', 'BUTTON', NULL, 4, true, '登记收费记录', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'finance:bill:collect');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0005-000000000005', 'finance:bill:pay', '在线缴费', 'finance', 'bill', 'PAY', 'BUTTON', NULL, 5, true, '在线支付缴费', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'finance:bill:pay');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0005-000000000006', 'finance:bill:audit', '收费审核', 'finance', 'bill', 'AUDIT', 'BUTTON', NULL, 6, true, '审核收费记录', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'finance:bill:audit');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0005-000000000007', 'finance:bill:reduce', '减免审批', 'finance', 'bill', 'REDUCE', 'BUTTON', NULL, 7, true, '审批费用减免', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'finance:bill:reduce');
|
||
|
||
INSERT INTO auth_permission (id, permission_code, permission_name, module, resource_type, action, permission_type, parent_id, sort_order, enabled, description, created_at, updated_at)
|
||
SELECT 'e0000000-0000-0000-0005-000000000008', 'finance:bill:export', '导出报表', 'finance', 'bill', 'EXPORT', 'BUTTON', NULL, 8, true, '导出财务报表', NOW(), NOW()
|
||
WHERE NOT EXISTS (SELECT 1 FROM auth_permission WHERE permission_code = 'finance:bill:export');
|
||
|
||
-- ============================================================
|
||
-- 第三部分:为超级管理员分配所有新权限
|
||
-- ============================================================
|
||
|
||
-- 3.1 为 SUPER_ADMIN 分配所有新增按钮权限
|
||
INSERT INTO auth_role_permission (id, role_id, permission_id, created_at)
|
||
SELECT gen_random_uuid(), r.id, p.id, NOW()
|
||
FROM auth_role r
|
||
CROSS JOIN auth_permission p
|
||
WHERE r.role_code = 'SUPER_ADMIN'
|
||
AND r.project_id IS NULL
|
||
AND p.permission_code IN (
|
||
-- 工单权限
|
||
'ops:work_order:view', 'ops:work_order:create', 'ops:work_order:assign',
|
||
'ops:work_order:accept', 'ops:work_order:start', 'ops:work_order:complete',
|
||
'ops:work_order:transfer', 'ops:work_order:close', 'ops:work_order:report_fee',
|
||
'ops:work_order:audit_fee', 'ops:work_order:audit_quality', 'ops:work_order:delete',
|
||
-- 巡检权限
|
||
'ops:inspection:view', 'ops:inspection:start', 'ops:inspection:scan',
|
||
'ops:inspection:report', 'ops:inspection:complete', 'ops:inspection:plan',
|
||
'ops:inspection:assign', 'ops:inspection:force_close',
|
||
-- 设备权限
|
||
'mdm:equipment:view', 'mdm:equipment:scan', 'mdm:equipment:maintain',
|
||
'mdm:equipment:edit', 'mdm:equipment:create', 'mdm:equipment:delete',
|
||
-- 访客权限
|
||
'ops:visitor:view', 'ops:visitor:register', 'ops:visitor:verify',
|
||
'ops:visitor:release', 'ops:visitor:export',
|
||
-- 财务权限
|
||
'finance:bill:view', 'finance:bill:create', 'finance:bill:adjust',
|
||
'finance:bill:collect', 'finance:bill:pay', 'finance:bill:audit',
|
||
'finance:bill:reduce', 'finance:bill:export'
|
||
)
|
||
AND NOT EXISTS (
|
||
SELECT 1 FROM auth_role_permission rp WHERE rp.role_id = r.id AND rp.permission_id = p.id
|
||
);
|
||
|
||
-- ============================================================
|
||
-- 第四部分:验证数据
|
||
-- ============================================================
|
||
|
||
-- 验证新增角色
|
||
DO $$
|
||
DECLARE
|
||
role_count INTEGER;
|
||
BEGIN
|
||
SELECT COUNT(*) INTO role_count FROM auth_role
|
||
WHERE role_code IN ('SYS_ADMIN', 'ENGINEERING_LEAD', 'SECURITY_LEAD', 'CLEANING_LEAD', 'FINANCE_LEAD', 'CLEANING_STAFF', 'OWNER')
|
||
AND project_id IS NULL;
|
||
|
||
IF role_count < 7 THEN
|
||
RAISE NOTICE '警告: 新增角色数量不足,预期7个,实际%', role_count;
|
||
ELSE
|
||
RAISE NOTICE '成功: 新增7个角色';
|
||
END IF;
|
||
END $$;
|
||
|
||
-- 验证更新角色
|
||
DO $$
|
||
DECLARE
|
||
cs_staff_exists INTEGER;
|
||
BEGIN
|
||
SELECT COUNT(*) INTO cs_staff_exists FROM auth_role
|
||
WHERE role_code = 'CS_STAFF' AND project_id IS NULL;
|
||
|
||
IF cs_staff_exists = 0 THEN
|
||
RAISE NOTICE '注意: CS_STAFF角色不存在(CUSTOMER_SERVICE角色原本可能不存在)';
|
||
ELSE
|
||
RAISE NOTICE '成功: CUSTOMER_SERVICE已更新为CS_STAFF';
|
||
END IF;
|
||
END $$;
|
||
|
||
-- 验证新增权限
|
||
DO $$
|
||
DECLARE
|
||
permission_count INTEGER;
|
||
BEGIN
|
||
SELECT COUNT(*) INTO permission_count FROM auth_permission
|
||
WHERE permission_code LIKE 'ops:work_order:%'
|
||
OR permission_code LIKE 'ops:inspection:%'
|
||
OR permission_code LIKE 'mdm:equipment:%'
|
||
OR permission_code LIKE 'ops:visitor:%'
|
||
OR permission_code LIKE 'finance:bill:%';
|
||
|
||
IF permission_count < 39 THEN
|
||
RAISE NOTICE '警告: 新增权限数量不足,预期39个,实际%', permission_count;
|
||
ELSE
|
||
RAISE NOTICE '成功: 新增39个按钮级权限';
|
||
END IF;
|
||
END $$;
|
||
|
||
COMMIT;
|
||
|
||
-- ============================================================
|
||
-- 执行完成提示
|
||
-- ============================================================
|
||
-- 执行完成后请运行以下命令验证:
|
||
-- SELECT role_code, role_name, data_scope FROM auth_role WHERE project_id IS NULL ORDER BY sort_order;
|
||
-- SELECT permission_code, permission_name, module FROM auth_permission WHERE permission_type = 'BUTTON' ORDER BY module, permission_code;
|