-- ============================================================ -- Ether 权限角色初始化脚本 V2 -- 创建日期: 2026-03-28 -- 说明: 初始化系统角色、权限和默认用户 -- API路径已修正为 /api/auth/* 格式 -- ============================================================ BEGIN; -- ============================================================ -- 第一部分:清理旧数据 -- ============================================================ DELETE FROM auth_role_permission; DELETE FROM auth_user_role; DELETE FROM auth_permission; DELETE FROM auth_role; DELETE FROM auth_user; -- ============================================================ -- 第二部分:初始化默认用户 -- ============================================================ -- 管理员用户 -- 密码: Admin@123 (BCrypt加密) INSERT INTO auth_user (username, password, real_name, status) VALUES ('admin', '$2a$10$cgqoZgzRAM1kvtp59z/UYOMQW8/Cd0eE5MBCgwN5bgvAJ9kgQxZXO', '系统管理员', 'ACTIVE'); -- 业主用户(用于测试) -- 密码: Admin@123 (BCrypt加密) INSERT INTO auth_user (username, password, real_name, status) VALUES ('owner1', '$2a$10$cgqoZgzRAM1kvtp59z/UYOMQW8/Cd0eE5MBCgwN5bgvAJ9kgQxZXO', '测试业主', 'ACTIVE'); -- 员工用户(用于测试) -- 密码: Admin@123 (BCrypt加密) INSERT INTO auth_user (username, password, real_name, status) VALUES ('employee1', '$2a$10$cgqoZgzRAM1kvtp59z/UYOMQW8/Cd0eE5MBCgwN5bgvAJ9kgQxZXO', '测试员工', 'ACTIVE'); -- ============================================================ -- 第三部分:初始化角色 -- ============================================================ -- 系统管理员角色 INSERT INTO auth_role (code, name, description, type, data_scope, status, sort_order) VALUES ('SYS_ADMIN', '系统管理员', '系统级管理,负责系统配置、用户管理、角色权限管理', 'SYSTEM', 'ALL', 'ENABLED', 1); -- 项目管理员角色 INSERT INTO auth_role (code, name, description, type, data_scope, status, sort_order) VALUES ('PROJECT_ADMIN', '项目管理员', '项目级管理,负责本项目内的所有操作', 'PROJECT', 'PROJECT', 'ENABLED', 10); -- 工程主管角色 INSERT INTO auth_role (code, name, description, type, data_scope, status, sort_order) VALUES ('ENGINEERING_LEAD', '工程主管', '工程部管理,负责设备维护和工单调度', 'DEPARTMENT', 'DEPARTMENT', 'ENABLED', 11); -- 安保主管角色 INSERT INTO auth_role (code, name, description, type, data_scope, status, sort_order) VALUES ('SECURITY_LEAD', '安保主管', '安保部管理,负责安保巡检和访客管理', 'DEPARTMENT', 'DEPARTMENT', 'ENABLED', 12); -- 客服人员角色 INSERT INTO auth_role (code, name, description, type, data_scope, status, sort_order) VALUES ('CS_STAFF', '客服人员', '业主服务、访客核验', 'PROJECT', 'PROJECT', 'ENABLED', 20); -- 保洁人员角色 INSERT INTO auth_role (code, name, description, type, data_scope, status, sort_order) VALUES ('CLEANING_STAFF', '保洁人员', '保洁执行、品质检查', 'SYSTEM', 'SELF', 'ENABLED', 23); -- 业主角色 INSERT INTO auth_role (code, name, description, type, data_scope, status, sort_order) VALUES ('OWNER', '业主', '业主用户,可查看个人账单和报修', 'SYSTEM', 'SELF', 'ENABLED', 30); -- ============================================================ -- 第四部分:初始化权限 -- ============================================================ -- 4.1 系统管理模块权限 -- 用户管理权限 INSERT INTO auth_permission (code, name, type, resource, method, action, module, description, sort_order) VALUES ('system:user:menu', '用户管理菜单', 'MENU', '/system/users', 'GET', 'VIEW', 'system', '用户管理菜单', 101), ('system:user:list', '用户列表', 'API', '/api/auth/users', 'GET', 'VIEW', 'system', '查看用户列表', 102), ('system:user:create', '创建用户', 'API', '/api/auth/users', 'POST', 'CREATE', 'system', '创建新用户', 103), ('system:user:update', '更新用户', 'API', '/api/auth/users/*', 'PUT', 'EDIT', 'system', '更新用户信息', 104), ('system:user:delete', '删除用户', 'API', '/api/auth/users/*', 'DELETE', 'DELETE', 'system', '删除用户', 105), ('system:user:assignRole', '分配角色', 'API', '/api/auth/users/*/roles', 'POST', 'ASSIGN', 'system', '为用户分配角色', 106), ('system:user:resetPassword', '重置密码', 'API', '/api/auth/users/*/password', 'PUT', 'EDIT', 'system', '重置用户密码', 107); -- 角色管理权限 INSERT INTO auth_permission (code, name, type, resource, method, action, module, description, sort_order) VALUES ('system:role:menu', '角色管理菜单', 'MENU', '/system/roles', 'GET', 'VIEW', 'system', '角色管理菜单', 201), ('system:role:list', '角色列表', 'API', '/api/auth/roles', 'GET', 'VIEW', 'system', '查看角色列表', 202), ('system:role:create', '创建角色', 'API', '/api/auth/roles', 'POST', 'CREATE', 'system', '创建新角色', 203), ('system:role:update', '更新角色', 'API', '/api/auth/roles/*', 'PUT', 'EDIT', 'system', '更新角色信息', 204), ('system:role:delete', '删除角色', 'API', '/api/auth/roles/*', 'DELETE', 'DELETE', 'system', '删除角色', 205), ('system:role:assignPermission', '分配权限', 'API', '/api/auth/roles/*/permissions', 'POST', 'ASSIGN', 'system', '为角色分配权限', 206); -- 权限管理权限 INSERT INTO auth_permission (code, name, type, resource, method, action, module, description, sort_order) VALUES ('system:permission:menu', '权限管理菜单', 'MENU', '/system/permissions', 'GET', 'VIEW', 'system', '权限管理菜单', 301), ('system:permission:list', '权限列表', 'API', '/api/auth/permissions', 'GET', 'VIEW', 'system', '查看权限列表', 302), ('system:permission:create', '创建权限', 'API', '/api/auth/permissions', 'POST', 'CREATE', 'system', '创建新权限', 303), ('system:permission:update', '更新权限', 'API', '/api/auth/permissions/*', 'PUT', 'EDIT', 'system', '更新权限信息', 304), ('system:permission:delete', '删除权限', 'API', '/api/auth/permissions/*', 'DELETE', 'DELETE', 'system', '删除权限', 305); -- 系统设置权限 INSERT INTO auth_permission (code, name, type, resource, method, action, module, description, sort_order) VALUES ('system:config:menu', '系统设置菜单', 'MENU', '/system/settings', 'GET', 'VIEW', 'system', '系统设置菜单', 401), ('system:config:view', '查看系统设置', 'API', '/api/auth/config', 'GET', 'VIEW', 'system', '查看系统设置', 402), ('system:config:update', '更新系统设置', 'API', '/api/auth/config/*', 'PUT', 'EDIT', 'system', '更新系统设置', 403); -- 审计日志权限 INSERT INTO auth_permission (code, name, type, resource, method, action, module, description, sort_order) VALUES ('system:audit:menu', '审计日志菜单', 'MENU', '/system/audit', 'GET', 'VIEW', 'system', '审计日志菜单', 501), ('system:audit:list', '审计日志列表', 'API', '/api/auth/audit', 'GET', 'VIEW', 'system', '查看审计日志', 502), ('system:audit:export', '导出审计日志', 'API', '/api/auth/audit/export', 'GET', 'EXPORT', 'system', '导出审计日志', 503); -- 4.2 项目管理模块权限 INSERT INTO auth_permission (code, name, type, resource, method, action, module, description, sort_order) VALUES ('project:menu', '项目管理菜单', 'MENU', '/project/list', 'GET', 'VIEW', 'project', '项目管理菜单', 601), ('project:list', '项目列表', 'API', '/api/project/projects', 'GET', 'VIEW', 'project', '查看项目列表', 602), ('project:create', '创建项目', 'API', '/api/project/projects', 'POST', 'CREATE', 'project', '创建新项目', 603), ('project:update', '更新项目', 'API', '/api/project/projects/*', 'PUT', 'EDIT', 'project', '更新项目信息', 604), ('project:delete', '删除项目', 'API', '/api/project/projects/*', 'DELETE', 'DELETE', 'project', '删除项目', 605); -- 4.3 空间管理模块权限 INSERT INTO auth_permission (code, name, type, resource, method, action, module, description, sort_order) VALUES ('space:menu', '空间管理菜单', 'MENU', '/project/*/space', 'GET', 'VIEW', 'space', '空间管理菜单', 701), ('space:list', '空间列表', 'API', '/api/project/spaces', 'GET', 'VIEW', 'space', '查看空间列表', 702), ('space:create', '创建空间', 'API', '/api/project/spaces', 'POST', 'CREATE', 'space', '创建新空间', 703), ('space:update', '更新空间', 'API', '/api/project/spaces/*', 'PUT', 'EDIT', 'space', '更新空间信息', 704), ('space:delete', '删除空间', 'API', '/api/project/spaces/*', 'DELETE', 'DELETE', 'space', '删除空间', 705); -- 4.4 设备管理模块权限 INSERT INTO auth_permission (code, name, type, resource, method, action, module, description, sort_order) VALUES ('equipment:menu', '设备管理菜单', 'MENU', '/equipment/list', 'GET', 'VIEW', 'equipment', '设备管理菜单', 801), ('equipment:list', '设备列表', 'API', '/api/mdm/equipments', 'GET', 'VIEW', 'equipment', '查看设备列表', 802), ('equipment:create', '创建设备', 'API', '/api/mdm/equipments', 'POST', 'CREATE', 'equipment', '创建新设备', 803), ('equipment:update', '更新设备', 'API', '/api/mdm/equipments/*', 'PUT', 'EDIT', 'equipment', '更新设备信息', 804), ('equipment:delete', '删除设备', 'API', '/api/mdm/equipments/*', 'DELETE', 'DELETE', 'equipment', '删除设备', 805); -- 4.5 能耗管理模块权限 INSERT INTO auth_permission (code, name, type, resource, method, action, module, description, sort_order) VALUES ('energy:menu', '能耗管理菜单', 'MENU', '/energy/meters', 'GET', 'VIEW', 'energy', '能耗管理菜单', 901), ('energy:meter:list', '计量点列表', 'API', '/api/mdm/meters', 'GET', 'VIEW', 'energy', '查看计量点列表', 902), ('energy:consumption:record', '能耗录入', 'API', '/api/mdm/consumptions', 'POST', 'CREATE', 'energy', '录入能耗数据', 903), ('energy:consumption:view', '查看能耗', 'API', '/api/mdm/consumptions', 'GET', 'VIEW', 'energy', '查看能耗数据', 904), ('energy:statistics:view', '能耗统计', 'API', '/api/mdm/consumptions/statistics', 'GET', 'VIEW', 'energy', '查看能耗统计', 905); -- 4.6 工单运维模块权限 INSERT INTO auth_permission (code, name, type, resource, method, action, module, description, sort_order) VALUES ('ops:workOrder:menu', '工单管理菜单', 'MENU', '/operation/work-orders', 'GET', 'VIEW', 'ops', '工单管理菜单', 1001), ('ops:workOrder:list', '工单列表', 'API', '/api/ops/work-orders', 'GET', 'VIEW', 'ops', '查看工单列表', 1002), ('ops:workOrder:create', '创建工单', 'API', '/api/ops/work-orders', 'POST', 'CREATE', 'ops', '创建新工单', 1003), ('ops:workOrder:update', '更新工单', 'API', '/api/ops/work-orders/*', 'PUT', 'EDIT', 'ops', '更新工单信息', 1004), ('ops:workOrder:assign', '分配工单', 'API', '/api/ops/work-orders/*/assign', 'POST', 'ASSIGN', 'ops', '分配工单给处理人', 1005), ('ops:workOrder:close', '关闭工单', 'API', '/api/ops/work-orders/*/close', 'POST', 'EDIT', 'ops', '关闭工单', 1006); -- 4.7 巡检模块权限 INSERT INTO auth_permission (code, name, type, resource, method, action, module, description, sort_order) VALUES ('ops:inspection:menu', '巡检管理菜单', 'MENU', '/operation/inspections', 'GET', 'VIEW', 'ops', '巡检管理菜单', 1101), ('ops:inspection:list', '巡检列表', 'API', '/api/ops/inspections', 'GET', 'VIEW', 'ops', '查看巡检列表', 1102), ('ops:inspection:create', '创建巡检', 'API', '/api/ops/inspections', 'POST', 'CREATE', 'ops', '创建新巡检', 1103), ('ops:inspection:execute', '执行巡检', 'API', '/api/ops/inspections/*/execute', 'POST', 'EDIT', 'ops', '执行巡检任务', 1104); -- ============================================================ -- 第五部分:角色权限关联 -- ============================================================ -- 系统管理员拥有所有权限 INSERT INTO auth_role_permission (role_id, permission_id) SELECT r.id, p.id FROM auth_role r, auth_permission p WHERE r.code = 'SYS_ADMIN'; -- 项目管理员拥有项目、空间、设备、工单、巡检相关权限 INSERT INTO auth_role_permission (role_id, permission_id) SELECT r.id, p.id FROM auth_role r, auth_permission p WHERE r.code = 'PROJECT_ADMIN' AND p.module IN ('project', 'space', 'equipment', 'energy', 'ops'); -- 工程主管拥有设备、工单相关权限 INSERT INTO auth_role_permission (role_id, permission_id) SELECT r.id, p.id FROM auth_role r, auth_permission p WHERE r.code = 'ENGINEERING_LEAD' AND p.module IN ('equipment', 'ops'); -- 安保主管拥有巡检、工单相关权限 INSERT INTO auth_role_permission (role_id, permission_id) SELECT r.id, p.id FROM auth_role r, auth_permission p WHERE r.code = 'SECURITY_LEAD' AND p.module IN ('ops'); -- 客服人员拥有工单相关权限 INSERT INTO auth_role_permission (role_id, permission_id) SELECT r.id, p.id FROM auth_role r, auth_permission p WHERE r.code = 'CS_STAFF' AND p.code LIKE 'ops:workOrder:%'; -- 保洁人员拥有巡检相关权限 INSERT INTO auth_role_permission (role_id, permission_id) SELECT r.id, p.id FROM auth_role r, auth_permission p WHERE r.code = 'CLEANING_STAFF' AND p.code LIKE 'ops:inspection:%'; -- ============================================================ -- 第六部分:用户角色关联 -- ============================================================ -- admin用户 -> 系统管理员 INSERT INTO auth_user_role (user_id, role_id) SELECT u.id, r.id FROM auth_user u, auth_role r WHERE u.username = 'admin' AND r.code = 'SYS_ADMIN'; -- owner1用户 -> 业主 INSERT INTO auth_user_role (user_id, role_id) SELECT u.id, r.id FROM auth_user u, auth_role r WHERE u.username = 'owner1' AND r.code = 'OWNER'; -- employee1用户 -> 客服人员 INSERT INTO auth_user_role (user_id, role_id) SELECT u.id, r.id FROM auth_user u, auth_role r WHERE u.username = 'employee1' AND r.code = 'CS_STAFF'; -- ============================================================ -- 第七部分:系统配置初始化 -- ============================================================ INSERT INTO auth_sys_config (config_key, config_value, description) VALUES ('property_company_name', '示例物业有限公司', '物业企业名称'), ('system.version', '1.0.0', '系统版本'), ('audit.retention_days', '30', '审计日志保留天数') ON CONFLICT (config_key) DO UPDATE SET config_value = EXCLUDED.config_value, description = EXCLUDED.description; COMMIT;