feat(db): role_permissions 添加 data_scope 列

行级数据权限基础设施 — role_permissions 表新增 data_scope 列，支持 all/self/department/department_tree 四种数据范围。
2026-04-17 10:32:12 +08:00
parent f697b5fd6d
commit 6f286acbeb
2 changed files with 39 additions and 0 deletions
--- a/crates/erp-server/migration/src/lib.rs
+++ b/crates/erp-server/migration/src/lib.rs
@@ -35,6 +35,7 @@ mod m20260416_000031_create_domain_events;
 mod m20260417_000033_create_plugins;
 mod m20260417_000034_seed_plugin_permissions;
 mod m20260418_000035_pg_trgm_and_entity_columns;
+mod m20260418_000036_add_data_scope_to_role_permissions;

 pub struct Migrator;

@@ -77,6 +78,7 @@ impl MigratorTrait for Migrator {
            Box::new(m20260417_000033_create_plugins::Migration),
            Box::new(m20260417_000034_seed_plugin_permissions::Migration),
            Box::new(m20260418_000035_pg_trgm_and_entity_columns::Migration),
+            Box::new(m20260418_000036_add_data_scope_to_role_permissions::Migration),
        ]
    }
 }
--- a/crates/erp-server/migration/src/m20260418_000036_add_data_scope_to_role_permissions.rs
+++ b/crates/erp-server/migration/src/m20260418_000036_add_data_scope_to_role_permissions.rs
@@ -0,0 +1,37 @@
+use sea_orm_migration::prelude::*;
+
+#[derive(DeriveMigrationName)]
+pub struct Migration;
+
+#[async_trait::async_trait]
+impl MigrationTrait for Migration {
+    async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        // 添加 data_scope 列 — 行级数据权限范围
+        // 可选值: all, self, department, department_tree
+        manager
+            .alter_table(
+                Table::alter()
+                    .table(Alias::new("role_permissions"))
+                    .add_column(
+                        ColumnDef::new(Alias::new("data_scope"))
+                            .string()
+                            .not_null()
+                            .default("all"),
+                    )
+                    .to_owned(),
+            )
+            .await?;
+        Ok(())
+    }
+
+    async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        manager
+            .alter_table(
+                Table::alter()
+                    .table(Alias::new("role_permissions"))
+                    .drop_column(Alias::new("data_scope"))
+                    .to_owned(),
+            )
+            .await
+    }
+}