From 6f286acbeb59f98b436b83f259af10a1e86df149 Mon Sep 17 00:00:00 2001
From: iven <iven_h@qq.com>
Date: Fri, 17 Apr 2026 10:32:12 +0800
Subject: [PATCH] =?UTF-8?q?feat(db):=20role=5Fpermissions=20=E6=B7=BB?=
 =?UTF-8?q?=E5=8A=A0=20data=5Fscope=20=E5=88=97?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

行级数据权限基础设施 — role_permissions 表新增 data_scope 列，
支持 all/self/department/department_tree 四种数据范围。
---
 crates/erp-server/migration/src/lib.rs        |  2 +
 ...0036_add_data_scope_to_role_permissions.rs | 37 +++++++++++++++++++
 2 files changed, 39 insertions(+)
 create mode 100644 crates/erp-server/migration/src/m20260418_000036_add_data_scope_to_role_permissions.rs

diff --git a/crates/erp-server/migration/src/lib.rs b/crates/erp-server/migration/src/lib.rs
index 915372c..c7a9692 100644
--- a/crates/erp-server/migration/src/lib.rs
+++ b/crates/erp-server/migration/src/lib.rs
@@ -35,6 +35,7 @@ mod m20260416_000031_create_domain_events;
 mod m20260417_000033_create_plugins;
 mod m20260417_000034_seed_plugin_permissions;
 mod m20260418_000035_pg_trgm_and_entity_columns;
+mod m20260418_000036_add_data_scope_to_role_permissions;
 
 pub struct Migrator;
 
@@ -77,6 +78,7 @@ impl MigratorTrait for Migrator {
             Box::new(m20260417_000033_create_plugins::Migration),
             Box::new(m20260417_000034_seed_plugin_permissions::Migration),
             Box::new(m20260418_000035_pg_trgm_and_entity_columns::Migration),
+            Box::new(m20260418_000036_add_data_scope_to_role_permissions::Migration),
         ]
     }
 }
diff --git a/crates/erp-server/migration/src/m20260418_000036_add_data_scope_to_role_permissions.rs b/crates/erp-server/migration/src/m20260418_000036_add_data_scope_to_role_permissions.rs
new file mode 100644
index 0000000..1ab2eb1
--- /dev/null
+++ b/crates/erp-server/migration/src/m20260418_000036_add_data_scope_to_role_permissions.rs
@@ -0,0 +1,37 @@
+use sea_orm_migration::prelude::*;
+
+#[derive(DeriveMigrationName)]
+pub struct Migration;
+
+#[async_trait::async_trait]
+impl MigrationTrait for Migration {
+    async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        // 添加 data_scope 列 — 行级数据权限范围
+        // 可选值: all, self, department, department_tree
+        manager
+            .alter_table(
+                Table::alter()
+                    .table(Alias::new("role_permissions"))
+                    .add_column(
+                        ColumnDef::new(Alias::new("data_scope"))
+                            .string()
+                            .not_null()
+                            .default("all"),
+                    )
+                    .to_owned(),
+            )
+            .await?;
+        Ok(())
+    }
+
+    async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        manager
+            .alter_table(
+                Table::alter()
+                    .table(Alias::new("role_permissions"))
+                    .drop_column(Alias::new("data_scope"))
+                    .to_owned(),
+            )
+            .await
+    }
+}