feat(admin): add user-level direct permission system and enhance activity tracking
Features: - Add user_permissions table for direct user-to-permission grants (ops:user-ops) - Merge role_permissions + user_permissions in auth chain (login, middleware, getCurrentUser) - Add getUserQueryScope support for USER role with ops:user-ops (cross-tenant access) - Unify cross-tenant operation checks via getUserQueryScope (remove hardcoded SUPER_ADMIN checks) - Add 3 new API endpoints: GET/PUT /:id/permissions, GET /options/permissions - Support ops:user-ops as alternative permission on all user/tenant management routes - Frontend: add user-ops permission toggle on UserFormPage and UserDetailPage - Enhance DC module activity tracking (StreamAIController, SessionController, QuickActionController) - Fix DC AIController user ID extraction and feature name consistency - Add verify-activity-tracking.ts validation script - Update deployment checklist and admin module documentation DB Migration: 20260309_add_user_permissions_table Made-with: Cursor
This commit is contained in:
@@ -0,0 +1,21 @@
|
||||
-- CreateTable: 用户直授权限表(不依赖角色,单独给用户授予权限,如 ops:user-ops)
|
||||
CREATE TABLE "platform_schema"."user_permissions" (
|
||||
"id" SERIAL NOT NULL,
|
||||
"user_id" TEXT NOT NULL,
|
||||
"permission_id" INTEGER NOT NULL,
|
||||
"created_at" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
||||
|
||||
CONSTRAINT "user_permissions_pkey" PRIMARY KEY ("id")
|
||||
);
|
||||
|
||||
-- CreateIndex
|
||||
CREATE INDEX "user_permissions_user_id_idx" ON "platform_schema"."user_permissions"("user_id");
|
||||
|
||||
-- CreateIndex: 唯一约束,同一用户不重复授同一权限
|
||||
CREATE UNIQUE INDEX "user_permissions_user_id_permission_id_key" ON "platform_schema"."user_permissions"("user_id", "permission_id");
|
||||
|
||||
-- AddForeignKey
|
||||
ALTER TABLE "platform_schema"."user_permissions" ADD CONSTRAINT "user_permissions_user_id_fkey" FOREIGN KEY ("user_id") REFERENCES "platform_schema"."users"("id") ON DELETE CASCADE ON UPDATE CASCADE;
|
||||
|
||||
-- AddForeignKey
|
||||
ALTER TABLE "platform_schema"."user_permissions" ADD CONSTRAINT "user_permissions_permission_id_fkey" FOREIGN KEY ("permission_id") REFERENCES "platform_schema"."permissions"("id") ON DELETE CASCADE ON UPDATE CASCADE;
|
||||
@@ -47,6 +47,7 @@ model User {
|
||||
updatedAt DateTime @updatedAt @map("updated_at")
|
||||
tenant_members tenant_members[]
|
||||
user_modules user_modules[]
|
||||
user_permissions user_permissions[]
|
||||
iitUserMappings IitUserMapping[]
|
||||
departments departments? @relation(fields: [department_id], references: [id])
|
||||
tenants tenants @relation(fields: [tenant_id], references: [id])
|
||||
@@ -1775,6 +1776,7 @@ model permissions {
|
||||
module String?
|
||||
created_at DateTime @default(now())
|
||||
role_permissions role_permissions[]
|
||||
user_permissions user_permissions[]
|
||||
|
||||
@@schema("platform_schema")
|
||||
}
|
||||
@@ -1790,6 +1792,20 @@ model role_permissions {
|
||||
@@schema("platform_schema")
|
||||
}
|
||||
|
||||
/// 用户直授权限表(不依赖角色,单独给用户授予权限)
|
||||
model user_permissions {
|
||||
id Int @id @default(autoincrement())
|
||||
user_id String
|
||||
permission_id Int
|
||||
created_at DateTime @default(now())
|
||||
user User @relation(fields: [user_id], references: [id], onDelete: Cascade)
|
||||
permissions permissions @relation(fields: [permission_id], references: [id], onDelete: Cascade)
|
||||
|
||||
@@unique([user_id, permission_id])
|
||||
@@index([user_id])
|
||||
@@schema("platform_schema")
|
||||
}
|
||||
|
||||
model tenant_members {
|
||||
id String @id
|
||||
tenant_id String
|
||||
|
||||
Reference in New Issue
Block a user