feat(db): role_permissions 添加 data_scope 列

行级数据权限基础设施 — role_permissions 表新增 data_scope 列，支持 all/self/department/department_tree 四种数据范围。
2026-04-17 10:32:12 +08:00
parent f697b5fd6d
commit 6f286acbeb
2 changed files with 39 additions and 0 deletions
--- a/crates/erp-server/migration/src/lib.rs
+++ b/crates/erp-server/migration/src/lib.rs
@@ -35,6 +35,7 @@ mod m20260416_000031_create_domain_events;
 mod m20260417_000033_create_plugins;
 mod m20260417_000034_seed_plugin_permissions;
 mod m20260418_000035_pg_trgm_and_entity_columns;
 mod m20260418_000036_add_data_scope_to_role_permissions;
 pub struct Migrator;
@@ -77,6 +78,7 @@ impl MigratorTrait for Migrator {
            Box::new(m20260417_000033_create_plugins::Migration),
            Box::new(m20260417_000034_seed_plugin_permissions::Migration),
            Box::new(m20260418_000035_pg_trgm_and_entity_columns::Migration),
            Box::new(m20260418_000036_add_data_scope_to_role_permissions::Migration),
        ]
    }
 }
--- a/crates/erp-server/migration/src/m20260418_000036_add_data_scope_to_role_permissions.rs
+++ b/crates/erp-server/migration/src/m20260418_000036_add_data_scope_to_role_permissions.rs
@@ -0,0 +1,37 @@
 use sea_orm_migration::prelude::*;
 #[derive(DeriveMigrationName)]
 pub struct Migration;
 #[async_trait::async_trait]
 impl MigrationTrait for Migration {
    async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
        // 添加 data_scope 列 — 行级数据权限范围
        // 可选值: all, self, department, department_tree
        manager
            .alter_table(
                Table::alter()
                    .table(Alias::new("role_permissions"))
                    .add_column(
                        ColumnDef::new(Alias::new("data_scope"))
                            .string()
                            .not_null()
                            .default("all"),
                    )
                    .to_owned(),
            )
            .await?;
        Ok(())
    }
    async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
        manager
            .alter_table(
                Table::alter()
                    .table(Alias::new("role_permissions"))
                    .drop_column(Alias::new("data_scope"))
                    .to_owned(),
            )
            .await
    }
 }