新增指定用户查询接口 & 接口权限细分

scripts/sql/fill.sql

@@ -9,13 +9,145 @@ insert into product (code, name, description) values ('short', '短效动态', '
 insert into product (code, name, description) values ('long', '长效动态', '长效动态');
 insert into product (code, name, description) values ('static', '长效静态', '长效静态');
 
+-- ====================
+-- region 权限
+-- ====================
+
 delete from permission where true;
-insert into permission
-    (name, description)
-values
-    ('permission:read', '读取权限列表'),
-    ('permission:write', '写入权限'),
-    ('admin-role:read', '读取管理员角色列表'),
-    ('admin-role:write', '写入管理员角色')
-;
+
+-- --------------------------
+-- level 1
+-- --------------------------
+insert into permission (name, description, sort) values
+    ('permission',  '权限',      1),
+    ('admin_role',  '管理员角色', 2),
+    ('admin',       '管理员',    3),
+    ('product',     '产品',      4),
+    ('product_sku', '产品套餐',  5),
+    ('discount',    '折扣',      6),
+    ('resource',    '用户套餐',  7),
+    ('user',        '用户',      8),
+    ('coupon',      '优惠券',    9),
+    ('batch',       '批次',      10),
+    ('channel',     'IP',        11),
+    ('trade',       '交易',      12),
+    ('bill',        '账单',      13);
+
+-- --------------------------
+-- level 2
+-- --------------------------
+
+-- permission 子权限
+insert into permission (parent_id, name, description, sort) values
+    ((select id from permission where name = 'permission'  and deleted_at is null), 'permission:read',  '读取权限列表', 1),
+    ((select id from permission where name = 'permission'  and deleted_at is null), 'permission:write', '写入权限',     2);
+
+-- admin_role 子权限
+insert into permission (parent_id, name, description, sort) values
+    ((select id from permission where name = 'admin_role'  and deleted_at is null), 'admin_role:read',  '读取管理员角色列表', 1),
+    ((select id from permission where name = 'admin_role'  and deleted_at is null), 'admin_role:write', '写入管理员角色',     2);
+
+-- admin 子权限
+insert into permission (parent_id, name, description, sort) values
+    ((select id from permission where name = 'admin'       and deleted_at is null), 'admin:read',       '读取管理员列表', 1),
+    ((select id from permission where name = 'admin'       and deleted_at is null), 'admin:write',      '写入管理员',     2);
+
+-- product 子权限
+insert into permission (parent_id, name, description, sort) values
+    ((select id from permission where name = 'product'     and deleted_at is null), 'product:read',     '读取产品列表', 1),
+    ((select id from permission where name = 'product'     and deleted_at is null), 'product:write',    '写入产品',     2);
+
+-- product_sku 子权限
+insert into permission (parent_id, name, description, sort) values
+    ((select id from permission where name = 'product_sku' and deleted_at is null), 'product_sku:read',  '读取产品套餐列表', 1),
+    ((select id from permission where name = 'product_sku' and deleted_at is null), 'product_sku:write', '写入产品套餐',     2);
+
+-- discount 子权限
+insert into permission (parent_id, name, description, sort) values
+    ((select id from permission where name = 'discount'    and deleted_at is null), 'discount:read',    '读取折扣列表', 1),
+    ((select id from permission where name = 'discount'    and deleted_at is null), 'discount:write',   '写入折扣',     2);
+
+-- resource 子权限
+insert into permission (parent_id, name, description, sort) values
+    ((select id from permission where name = 'resource'    and deleted_at is null), 'resource:read',    '读取用户套餐列表', 1),
+    ((select id from permission where name = 'resource'    and deleted_at is null), 'resource:write',   '写入用户套餐',     2);
+
+-- user 子权限
+insert into permission (parent_id, name, description, sort) values
+    ((select id from permission where name = 'user'        and deleted_at is null), 'user:read',        '读取用户列表', 1),
+    ((select id from permission where name = 'user'        and deleted_at is null), 'user:write',       '写入用户',     2);
+
+-- coupon 子权限
+insert into permission (parent_id, name, description, sort) values
+    ((select id from permission where name = 'coupon'      and deleted_at is null), 'coupon:read',      '读取优惠券列表', 1),
+    ((select id from permission where name = 'coupon'      and deleted_at is null), 'coupon:write',     '写入优惠券',     2);
+
+-- batch 子权限
+insert into permission (parent_id, name, description, sort) values
+    ((select id from permission where name = 'batch'       and deleted_at is null), 'batch:read',       '读取批次列表', 1),
+    ((select id from permission where name = 'batch'       and deleted_at is null), 'batch:write',      '写入批次',     2);
+
+-- channel 子权限
+insert into permission (parent_id, name, description, sort) values
+    ((select id from permission where name = 'channel'     and deleted_at is null), 'channel:read',     '读取 IP 列表', 1),
+    ((select id from permission where name = 'channel'     and deleted_at is null), 'channel:write',    '写入 IP',      2);
+
+-- trade 子权限
+insert into permission (parent_id, name, description, sort) values
+    ((select id from permission where name = 'trade'       and deleted_at is null), 'trade:read',       '读取交易列表', 1),
+    ((select id from permission where name = 'trade'       and deleted_at is null), 'trade:write',      '写入交易',     2);
+
+-- bill 子权限
+insert into permission (parent_id, name, description, sort) values
+    ((select id from permission where name = 'bill'        and deleted_at is null), 'bill:read',        '读取账单列表', 1),
+    ((select id from permission where name = 'bill'        and deleted_at is null), 'bill:write',       '写入账单',     2);
+
+-- --------------------------
+-- level 3
+-- --------------------------
+
+-- product_sku:write 子权限
+insert into permission (parent_id, name, description, sort) values
+    ((select id from permission where name = 'product_sku:write' and deleted_at is null), 'product_sku:write:status', '更改产品套餐状态', 1);
+
+-- resource:read 子权限
+insert into permission (parent_id, name, description, sort) values
+    ((select id from permission where name = 'resource:read'     and deleted_at is null), 'resource:read:short:of-user', '读取指定用户的短效套餐列表', 1),
+    ((select id from permission where name = 'resource:read'     and deleted_at is null), 'resource:read:long:of-user',  '读取指定用户的长效套餐列表', 2);
+
+-- user:read 子权限
+insert into permission (parent_id, name, description, sort) values
+    ((select id from permission where name = 'user:read'         and deleted_at is null), 'user:read:one',      '读取单个用户',               1),
+    ((select id from permission where name = 'user:read'         and deleted_at is null), 'user:read:not-bind', '读取未绑定管理员的用户列表', 2);
+
+-- user:write 子权限
+insert into permission (parent_id, name, description, sort) values
+    ((select id from permission where name = 'user:write'        and deleted_at is null), 'user:write:balance', '写入用户余额', 1),
+    ((select id from permission where name = 'user:write'        and deleted_at is null), 'user:write:bind',    '用户认领',     2);
+
+-- batch:read 子权限
+insert into permission (parent_id, name, description, sort) values
+    ((select id from permission where name = 'batch:read'        and deleted_at is null), 'batch:read:of-user',   '读取指定用户的批次列表', 1);
+
+-- channel:read 子权限
+insert into permission (parent_id, name, description, sort) values
+    ((select id from permission where name = 'channel:read'      and deleted_at is null), 'channel:read:of-user', '读取指定用户的 IP 列表', 1);
+
+-- trade:read 子权限
+insert into permission (parent_id, name, description, sort) values
+    ((select id from permission where name = 'trade:read'        and deleted_at is null), 'trade:read:of-user',   '读取指定用户的交易列表', 1);
+
+-- bill:read 子权限
+insert into permission (parent_id, name, description, sort) values
+    ((select id from permission where name = 'bill:read'         and deleted_at is null), 'bill:read:of-user',    '读取指定用户的账单列表', 1);
+
+-- --------------------------
+-- level 4
+-- --------------------------
+
+-- user:write:balance 子权限
+insert into permission (parent_id, name, description, sort) values
+    ((select id from permission where name = 'user:write:balance' and deleted_at is null), 'user:write:balance:inc', '增加用户余额', 1),
+    ((select id from permission where name = 'user:write:balance' and deleted_at is null), 'user:write:balance:dec', '减少用户余额', 2);
+
 -- endregion

scripts/sql/init.sql

@@ -196,6 +196,7 @@ create table admin (
     last_login    timestamptz,
     last_login_ip inet,
     last_login_ua text,
+    lock          bool not null default false,
     created_at    timestamptz default current_timestamp,
     updated_at    timestamptz default current_timestamp,
     deleted_at    timestamptz
@@ -217,6 +218,7 @@ comment on column admin.status is '状态：0-禁用，1-正常';
 comment on column admin.last_login is '最后登录时间';
 comment on column admin.last_login_ip is '最后登录地址';
 comment on column admin.last_login_ua is '最后登录代理';
+comment on column admin.lock is '是否锁定编辑';
 comment on column admin.created_at is '创建时间';
 comment on column admin.updated_at is '更新时间';
 comment on column admin.deleted_at is '删除时间';
@@ -775,7 +777,6 @@ comment on column product_sku.discount_id is '折扣ID';
 comment on column product_sku.code is 'SKU 代码：格式为 key=value,key=value,...，其中，key:value 是 SKU 的属性，多个属性用逗号分隔';
 comment on column product_sku.name is 'SKU 可读名称';
 comment on column product_sku.price_min is '最低价格';
-comment on column product_sku.min is '最小购买量';
 comment on column product_sku.status is 'SKU状态：0-禁用，1-正常';
 comment on column product_sku.created_at is '创建时间';
 comment on column product_sku.updated_at is '更新时间';