ether-pms/sql/V2__permission_init.sql

255 lines
14 KiB
PL/PgSQL

-- ============================================================
-- Ether 权限角色初始化脚本 V2
-- 创建日期: 2026-03-28
-- 说明: 初始化系统角色、权限和默认用户
-- API路径已修正为 /api/auth/* 格式
-- ============================================================
BEGIN;
-- ============================================================
-- 第一部分:清理旧数据
-- ============================================================
DELETE FROM auth_role_permission;
DELETE FROM auth_user_role;
DELETE FROM auth_permission;
DELETE FROM auth_role;
DELETE FROM auth_user;
-- ============================================================
-- 第二部分:初始化默认用户
-- ============================================================
-- 管理员用户
-- 密码: Admin@123 (BCrypt加密)
INSERT INTO auth_user (username, password, real_name, status)
VALUES ('admin', '$2a$10$cgqoZgzRAM1kvtp59z/UYOMQW8/Cd0eE5MBCgwN5bgvAJ9kgQxZXO', '系统管理员', 'ACTIVE');
-- 业主用户(用于测试)
-- 密码: Admin@123 (BCrypt加密)
INSERT INTO auth_user (username, password, real_name, status)
VALUES ('owner1', '$2a$10$cgqoZgzRAM1kvtp59z/UYOMQW8/Cd0eE5MBCgwN5bgvAJ9kgQxZXO', '测试业主', 'ACTIVE');
-- 员工用户(用于测试)
-- 密码: Admin@123 (BCrypt加密)
INSERT INTO auth_user (username, password, real_name, status)
VALUES ('employee1', '$2a$10$cgqoZgzRAM1kvtp59z/UYOMQW8/Cd0eE5MBCgwN5bgvAJ9kgQxZXO', '测试员工', 'ACTIVE');
-- ============================================================
-- 第三部分:初始化角色
-- ============================================================
-- 系统管理员角色
INSERT INTO auth_role (code, name, description, type, data_scope, status, sort_order)
VALUES ('SYS_ADMIN', '系统管理员', '系统级管理,负责系统配置、用户管理、角色权限管理', 'SYSTEM', 'ALL', 'ENABLED', 1);
-- 项目管理员角色
INSERT INTO auth_role (code, name, description, type, data_scope, status, sort_order)
VALUES ('PROJECT_ADMIN', '项目管理员', '项目级管理,负责本项目内的所有操作', 'PROJECT', 'PROJECT', 'ENABLED', 10);
-- 工程主管角色
INSERT INTO auth_role (code, name, description, type, data_scope, status, sort_order)
VALUES ('ENGINEERING_LEAD', '工程主管', '工程部管理,负责设备维护和工单调度', 'DEPARTMENT', 'DEPARTMENT', 'ENABLED', 11);
-- 安保主管角色
INSERT INTO auth_role (code, name, description, type, data_scope, status, sort_order)
VALUES ('SECURITY_LEAD', '安保主管', '安保部管理,负责安保巡检和访客管理', 'DEPARTMENT', 'DEPARTMENT', 'ENABLED', 12);
-- 客服人员角色
INSERT INTO auth_role (code, name, description, type, data_scope, status, sort_order)
VALUES ('CS_STAFF', '客服人员', '业主服务、访客核验', 'PROJECT', 'PROJECT', 'ENABLED', 20);
-- 保洁人员角色
INSERT INTO auth_role (code, name, description, type, data_scope, status, sort_order)
VALUES ('CLEANING_STAFF', '保洁人员', '保洁执行、品质检查', 'SYSTEM', 'SELF', 'ENABLED', 23);
-- 业主角色
INSERT INTO auth_role (code, name, description, type, data_scope, status, sort_order)
VALUES ('OWNER', '业主', '业主用户,可查看个人账单和报修', 'SYSTEM', 'SELF', 'ENABLED', 30);
-- ============================================================
-- 第四部分:初始化权限
-- ============================================================
-- 4.1 系统管理模块权限
-- 用户管理权限
INSERT INTO auth_permission (code, name, type, resource, method, action, module, description, sort_order)
VALUES
('system:user:menu', '用户管理菜单', 'MENU', '/system/users', 'GET', 'VIEW', 'system', '用户管理菜单', 101),
('system:user:list', '用户列表', 'API', '/api/auth/users', 'GET', 'VIEW', 'system', '查看用户列表', 102),
('system:user:create', '创建用户', 'API', '/api/auth/users', 'POST', 'CREATE', 'system', '创建新用户', 103),
('system:user:update', '更新用户', 'API', '/api/auth/users/*', 'PUT', 'EDIT', 'system', '更新用户信息', 104),
('system:user:delete', '删除用户', 'API', '/api/auth/users/*', 'DELETE', 'DELETE', 'system', '删除用户', 105),
('system:user:assignRole', '分配角色', 'API', '/api/auth/users/*/roles', 'POST', 'ASSIGN', 'system', '为用户分配角色', 106),
('system:user:resetPassword', '重置密码', 'API', '/api/auth/users/*/password', 'PUT', 'EDIT', 'system', '重置用户密码', 107);
-- 角色管理权限
INSERT INTO auth_permission (code, name, type, resource, method, action, module, description, sort_order)
VALUES
('system:role:menu', '角色管理菜单', 'MENU', '/system/roles', 'GET', 'VIEW', 'system', '角色管理菜单', 201),
('system:role:list', '角色列表', 'API', '/api/auth/roles', 'GET', 'VIEW', 'system', '查看角色列表', 202),
('system:role:create', '创建角色', 'API', '/api/auth/roles', 'POST', 'CREATE', 'system', '创建新角色', 203),
('system:role:update', '更新角色', 'API', '/api/auth/roles/*', 'PUT', 'EDIT', 'system', '更新角色信息', 204),
('system:role:delete', '删除角色', 'API', '/api/auth/roles/*', 'DELETE', 'DELETE', 'system', '删除角色', 205),
('system:role:assignPermission', '分配权限', 'API', '/api/auth/roles/*/permissions', 'POST', 'ASSIGN', 'system', '为角色分配权限', 206);
-- 权限管理权限
INSERT INTO auth_permission (code, name, type, resource, method, action, module, description, sort_order)
VALUES
('system:permission:menu', '权限管理菜单', 'MENU', '/system/permissions', 'GET', 'VIEW', 'system', '权限管理菜单', 301),
('system:permission:list', '权限列表', 'API', '/api/auth/permissions', 'GET', 'VIEW', 'system', '查看权限列表', 302),
('system:permission:create', '创建权限', 'API', '/api/auth/permissions', 'POST', 'CREATE', 'system', '创建新权限', 303),
('system:permission:update', '更新权限', 'API', '/api/auth/permissions/*', 'PUT', 'EDIT', 'system', '更新权限信息', 304),
('system:permission:delete', '删除权限', 'API', '/api/auth/permissions/*', 'DELETE', 'DELETE', 'system', '删除权限', 305);
-- 系统设置权限
INSERT INTO auth_permission (code, name, type, resource, method, action, module, description, sort_order)
VALUES
('system:config:menu', '系统设置菜单', 'MENU', '/system/settings', 'GET', 'VIEW', 'system', '系统设置菜单', 401),
('system:config:view', '查看系统设置', 'API', '/api/auth/config', 'GET', 'VIEW', 'system', '查看系统设置', 402),
('system:config:update', '更新系统设置', 'API', '/api/auth/config/*', 'PUT', 'EDIT', 'system', '更新系统设置', 403);
-- 审计日志权限
INSERT INTO auth_permission (code, name, type, resource, method, action, module, description, sort_order)
VALUES
('system:audit:menu', '审计日志菜单', 'MENU', '/system/audit', 'GET', 'VIEW', 'system', '审计日志菜单', 501),
('system:audit:list', '审计日志列表', 'API', '/api/auth/audit', 'GET', 'VIEW', 'system', '查看审计日志', 502),
('system:audit:export', '导出审计日志', 'API', '/api/auth/audit/export', 'GET', 'EXPORT', 'system', '导出审计日志', 503);
-- 4.2 项目管理模块权限
INSERT INTO auth_permission (code, name, type, resource, method, action, module, description, sort_order)
VALUES
('project:menu', '项目管理菜单', 'MENU', '/project/list', 'GET', 'VIEW', 'project', '项目管理菜单', 601),
('project:list', '项目列表', 'API', '/api/project/projects', 'GET', 'VIEW', 'project', '查看项目列表', 602),
('project:create', '创建项目', 'API', '/api/project/projects', 'POST', 'CREATE', 'project', '创建新项目', 603),
('project:update', '更新项目', 'API', '/api/project/projects/*', 'PUT', 'EDIT', 'project', '更新项目信息', 604),
('project:delete', '删除项目', 'API', '/api/project/projects/*', 'DELETE', 'DELETE', 'project', '删除项目', 605);
-- 4.3 空间管理模块权限
INSERT INTO auth_permission (code, name, type, resource, method, action, module, description, sort_order)
VALUES
('space:menu', '空间管理菜单', 'MENU', '/project/*/space', 'GET', 'VIEW', 'space', '空间管理菜单', 701),
('space:list', '空间列表', 'API', '/api/project/spaces', 'GET', 'VIEW', 'space', '查看空间列表', 702),
('space:create', '创建空间', 'API', '/api/project/spaces', 'POST', 'CREATE', 'space', '创建新空间', 703),
('space:update', '更新空间', 'API', '/api/project/spaces/*', 'PUT', 'EDIT', 'space', '更新空间信息', 704),
('space:delete', '删除空间', 'API', '/api/project/spaces/*', 'DELETE', 'DELETE', 'space', '删除空间', 705);
-- 4.4 设备管理模块权限
INSERT INTO auth_permission (code, name, type, resource, method, action, module, description, sort_order)
VALUES
('equipment:menu', '设备管理菜单', 'MENU', '/equipment/list', 'GET', 'VIEW', 'equipment', '设备管理菜单', 801),
('equipment:list', '设备列表', 'API', '/api/mdm/equipments', 'GET', 'VIEW', 'equipment', '查看设备列表', 802),
('equipment:create', '创建设备', 'API', '/api/mdm/equipments', 'POST', 'CREATE', 'equipment', '创建新设备', 803),
('equipment:update', '更新设备', 'API', '/api/mdm/equipments/*', 'PUT', 'EDIT', 'equipment', '更新设备信息', 804),
('equipment:delete', '删除设备', 'API', '/api/mdm/equipments/*', 'DELETE', 'DELETE', 'equipment', '删除设备', 805);
-- 4.5 能耗管理模块权限
INSERT INTO auth_permission (code, name, type, resource, method, action, module, description, sort_order)
VALUES
('energy:menu', '能耗管理菜单', 'MENU', '/energy/meters', 'GET', 'VIEW', 'energy', '能耗管理菜单', 901),
('energy:meter:list', '计量点列表', 'API', '/api/mdm/meters', 'GET', 'VIEW', 'energy', '查看计量点列表', 902),
('energy:consumption:record', '能耗录入', 'API', '/api/mdm/consumptions', 'POST', 'CREATE', 'energy', '录入能耗数据', 903),
('energy:consumption:view', '查看能耗', 'API', '/api/mdm/consumptions', 'GET', 'VIEW', 'energy', '查看能耗数据', 904),
('energy:statistics:view', '能耗统计', 'API', '/api/mdm/consumptions/statistics', 'GET', 'VIEW', 'energy', '查看能耗统计', 905);
-- 4.6 工单运维模块权限
INSERT INTO auth_permission (code, name, type, resource, method, action, module, description, sort_order)
VALUES
('ops:workOrder:menu', '工单管理菜单', 'MENU', '/operation/work-orders', 'GET', 'VIEW', 'ops', '工单管理菜单', 1001),
('ops:workOrder:list', '工单列表', 'API', '/api/ops/work-orders', 'GET', 'VIEW', 'ops', '查看工单列表', 1002),
('ops:workOrder:create', '创建工单', 'API', '/api/ops/work-orders', 'POST', 'CREATE', 'ops', '创建新工单', 1003),
('ops:workOrder:update', '更新工单', 'API', '/api/ops/work-orders/*', 'PUT', 'EDIT', 'ops', '更新工单信息', 1004),
('ops:workOrder:assign', '分配工单', 'API', '/api/ops/work-orders/*/assign', 'POST', 'ASSIGN', 'ops', '分配工单给处理人', 1005),
('ops:workOrder:close', '关闭工单', 'API', '/api/ops/work-orders/*/close', 'POST', 'EDIT', 'ops', '关闭工单', 1006);
-- 4.7 巡检模块权限
INSERT INTO auth_permission (code, name, type, resource, method, action, module, description, sort_order)
VALUES
('ops:inspection:menu', '巡检管理菜单', 'MENU', '/operation/inspections', 'GET', 'VIEW', 'ops', '巡检管理菜单', 1101),
('ops:inspection:list', '巡检列表', 'API', '/api/ops/inspections', 'GET', 'VIEW', 'ops', '查看巡检列表', 1102),
('ops:inspection:create', '创建巡检', 'API', '/api/ops/inspections', 'POST', 'CREATE', 'ops', '创建新巡检', 1103),
('ops:inspection:execute', '执行巡检', 'API', '/api/ops/inspections/*/execute', 'POST', 'EDIT', 'ops', '执行巡检任务', 1104);
-- ============================================================
-- 第五部分:角色权限关联
-- ============================================================
-- 系统管理员拥有所有权限
INSERT INTO auth_role_permission (role_id, permission_id)
SELECT r.id, p.id
FROM auth_role r, auth_permission p
WHERE r.code = 'SYS_ADMIN';
-- 项目管理员拥有项目、空间、设备、工单、巡检相关权限
INSERT INTO auth_role_permission (role_id, permission_id)
SELECT r.id, p.id
FROM auth_role r, auth_permission p
WHERE r.code = 'PROJECT_ADMIN'
AND p.module IN ('project', 'space', 'equipment', 'energy', 'ops');
-- 工程主管拥有设备、工单相关权限
INSERT INTO auth_role_permission (role_id, permission_id)
SELECT r.id, p.id
FROM auth_role r, auth_permission p
WHERE r.code = 'ENGINEERING_LEAD'
AND p.module IN ('equipment', 'ops');
-- 安保主管拥有巡检、工单相关权限
INSERT INTO auth_role_permission (role_id, permission_id)
SELECT r.id, p.id
FROM auth_role r, auth_permission p
WHERE r.code = 'SECURITY_LEAD'
AND p.module IN ('ops');
-- 客服人员拥有工单相关权限
INSERT INTO auth_role_permission (role_id, permission_id)
SELECT r.id, p.id
FROM auth_role r, auth_permission p
WHERE r.code = 'CS_STAFF'
AND p.code LIKE 'ops:workOrder:%';
-- 保洁人员拥有巡检相关权限
INSERT INTO auth_role_permission (role_id, permission_id)
SELECT r.id, p.id
FROM auth_role r, auth_permission p
WHERE r.code = 'CLEANING_STAFF'
AND p.code LIKE 'ops:inspection:%';
-- ============================================================
-- 第六部分:用户角色关联
-- ============================================================
-- admin用户 -> 系统管理员
INSERT INTO auth_user_role (user_id, role_id)
SELECT u.id, r.id
FROM auth_user u, auth_role r
WHERE u.username = 'admin' AND r.code = 'SYS_ADMIN';
-- owner1用户 -> 业主
INSERT INTO auth_user_role (user_id, role_id)
SELECT u.id, r.id
FROM auth_user u, auth_role r
WHERE u.username = 'owner1' AND r.code = 'OWNER';
-- employee1用户 -> 客服人员
INSERT INTO auth_user_role (user_id, role_id)
SELECT u.id, r.id
FROM auth_user u, auth_role r
WHERE u.username = 'employee1' AND r.code = 'CS_STAFF';
-- ============================================================
-- 第七部分:系统配置初始化
-- ============================================================
INSERT INTO auth_sys_config (config_key, config_value, description)
VALUES
('property_company_name', '示例物业有限公司', '物业企业名称'),
('system.version', '1.0.0', '系统版本'),
('audit.retention_days', '30', '审计日志保留天数')
ON CONFLICT (config_key) DO UPDATE SET
config_value = EXCLUDED.config_value,
description = EXCLUDED.description;
COMMIT;