chore: 文档与 IDE 配置整理

- .kiro/specs/ → docs/specs/（41 个历史需求 spec 迁移，移除 .config.kiro） - CLAUDE.md 三层拆分：根文件精简 + apps/backend/CLAUDE.md + .claude/commands/ - 新增 /spec-close、/pre-change 两个工作流命令 - DDL 基线刷新（从测试库重新导出 11 个文件，dws 35→38 表，biz 18→21 表） - BD_Manual → BD_manual 命名统一（48 个文件） - 修复 3 处文档与数据库不一致（auth.users.status 默认值、scheduled_tasks 字段、RLS 视图数） - 新增 BD_manual_public_rbac_tables.md（public schema 8 张 RBAC/工作流表） - 合并 biz.trigger_jobs 文档（10→12 字段，归档独立文档） - docs/database/README.md 索引更新 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-06 00:02:37 +08:00
parent 8228b3fa37
commit 70324d8542
185 changed files with 13595 additions and 1219 deletions
--- a/docs/database/ddl/zqyy_app__auth.sql
+++ b/docs/database/ddl/zqyy_app__auth.sql
@@ -1,6 +1,6 @@
 -- =============================================================================
 -- zqyy_app / auth（用户认证与权限）
-- 生成日期：2026-03-15
+-- 生成日期：2026-04-05
 -- 来源：测试库（通过脚本自动导出）
 -- =============================================================================

@@ -10,12 +10,22 @@ CREATE SCHEMA IF NOT EXISTS auth;
 CREATE SEQUENCE IF NOT EXISTS auth.permissions_id_seq AS integer;
 CREATE SEQUENCE IF NOT EXISTS auth.roles_id_seq AS integer;
 CREATE SEQUENCE IF NOT EXISTS auth.site_code_mapping_id_seq AS integer;
+CREATE SEQUENCE IF NOT EXISTS auth.tenant_admins_id_seq AS bigint;
 CREATE SEQUENCE IF NOT EXISTS auth.user_applications_id_seq AS integer;
 CREATE SEQUENCE IF NOT EXISTS auth.user_assistant_binding_id_seq AS integer;
 CREATE SEQUENCE IF NOT EXISTS auth.user_site_roles_id_seq AS integer;
 CREATE SEQUENCE IF NOT EXISTS auth.users_id_seq AS integer;

 -- 表
+CREATE TABLE auth._archived_site_code_mapping (
+    id integer DEFAULT nextval('auth.site_code_mapping_id_seq'::regclass) NOT NULL,
+    site_code character varying(10) NOT NULL,
+    site_id bigint NOT NULL,
+    site_name character varying(200),
+    tenant_id bigint,
+    created_at timestamp with time zone DEFAULT now() NOT NULL
+);
+
 CREATE TABLE auth.permissions (
    id integer DEFAULT nextval('auth.permissions_id_seq'::regclass) NOT NULL,
    code character varying(100) NOT NULL,
@@ -37,13 +47,19 @@ CREATE TABLE auth.roles (
    created_at timestamp with time zone DEFAULT now() NOT NULL
 );

-CREATE TABLE auth.site_code_mapping (
-    id integer DEFAULT nextval('auth.site_code_mapping_id_seq'::regclass) NOT NULL,
-    site_code character varying(10) NOT NULL,
-    site_id bigint NOT NULL,
-    site_name character varying(200),
-    tenant_id bigint,
-    created_at timestamp with time zone DEFAULT now() NOT NULL
+CREATE TABLE auth.tenant_admins (
+    id bigint DEFAULT nextval('auth.tenant_admins_id_seq'::regclass) NOT NULL,
+    username character varying(50) NOT NULL,
+    password_hash character varying(255) NOT NULL,
+    display_name character varying(100),
+    tenant_id bigint NOT NULL,
+    managed_site_ids _int8 NOT NULL,
+    is_active boolean DEFAULT true,
+    created_by bigint,
+    created_at timestamp with time zone DEFAULT now(),
+    last_login_at timestamp with time zone,
+    deleted_at timestamp with time zone,
+    admin_type character varying(20) DEFAULT 'tenant_admin'::character varying NOT NULL
 );

 CREATE TABLE auth.user_applications (
@@ -68,7 +84,9 @@ CREATE TABLE auth.user_assistant_binding (
    assistant_id bigint,
    staff_id bigint,
    binding_type character varying(20) NOT NULL,
-    created_at timestamp with time zone DEFAULT now() NOT NULL
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    is_removed boolean DEFAULT false NOT NULL,
+    removed_at timestamp with time zone
 );

 CREATE TABLE auth.user_site_roles (
@@ -76,7 +94,9 @@ CREATE TABLE auth.user_site_roles (
    user_id integer NOT NULL,
    site_id bigint NOT NULL,
    role_id integer NOT NULL,
-    created_at timestamp with time zone DEFAULT now() NOT NULL
+    created_at timestamp with time zone DEFAULT now() NOT NULL,
+    is_removed boolean DEFAULT false NOT NULL,
+    removed_at timestamp with time zone
 );

 CREATE TABLE auth.users (
@@ -88,10 +108,17 @@ CREATE TABLE auth.users (
    phone character varying(20),
    status character varying(20) DEFAULT 'new'::character varying NOT NULL,
    created_at timestamp with time zone DEFAULT now() NOT NULL,
-    updated_at timestamp with time zone DEFAULT now() NOT NULL
+    updated_at timestamp with time zone DEFAULT now() NOT NULL,
+    rejection_count integer DEFAULT 0 NOT NULL,
+    avatar_url character varying(500)
 );

 -- 约束（主键 / 唯一 / 外键）
+ALTER TABLE auth._archived_site_code_mapping ADD CONSTRAINT site_code_mapping_pkey PRIMARY KEY (id);
+ALTER TABLE auth._archived_site_code_mapping ADD CONSTRAINT site_code_mapping_site_code_key UNIQUE (site_code);
+ALTER TABLE auth._archived_site_code_mapping ADD CONSTRAINT site_code_mapping_site_id_key UNIQUE (site_id);
+ALTER TABLE auth._archived_site_code_mapping ADD CONSTRAINT uq_site_code_mapping_site_code UNIQUE (site_code);
+ALTER TABLE auth._archived_site_code_mapping ADD CONSTRAINT uq_site_code_mapping_site_id UNIQUE (site_id);
 ALTER TABLE auth.permissions ADD CONSTRAINT permissions_pkey PRIMARY KEY (id);
 ALTER TABLE auth.permissions ADD CONSTRAINT permissions_code_key UNIQUE (code);
 ALTER TABLE auth.permissions ADD CONSTRAINT uq_permissions_code UNIQUE (code);
@@ -103,11 +130,8 @@ ALTER TABLE auth.role_permissions ADD CONSTRAINT role_permissions_pkey PRIMARY K
 ALTER TABLE auth.roles ADD CONSTRAINT roles_pkey PRIMARY KEY (id);
 ALTER TABLE auth.roles ADD CONSTRAINT roles_code_key UNIQUE (code);
 ALTER TABLE auth.roles ADD CONSTRAINT uq_roles_code UNIQUE (code);
-ALTER TABLE auth.site_code_mapping ADD CONSTRAINT site_code_mapping_pkey PRIMARY KEY (id);
-ALTER TABLE auth.site_code_mapping ADD CONSTRAINT site_code_mapping_site_code_key UNIQUE (site_code);
-ALTER TABLE auth.site_code_mapping ADD CONSTRAINT site_code_mapping_site_id_key UNIQUE (site_id);
-ALTER TABLE auth.site_code_mapping ADD CONSTRAINT uq_site_code_mapping_site_code UNIQUE (site_code);
-ALTER TABLE auth.site_code_mapping ADD CONSTRAINT uq_site_code_mapping_site_id UNIQUE (site_id);
+ALTER TABLE auth.tenant_admins ADD CONSTRAINT tenant_admins_pkey PRIMARY KEY (id);
+ALTER TABLE auth.tenant_admins ADD CONSTRAINT tenant_admins_username_key UNIQUE (username);
 ALTER TABLE auth.user_applications ADD CONSTRAINT fk_user_applications_user_id FOREIGN KEY (user_id) REFERENCES auth.users(id) ON DELETE CASCADE;
 ALTER TABLE auth.user_applications ADD CONSTRAINT user_applications_user_id_fkey FOREIGN KEY (user_id) REFERENCES auth.users(id) ON DELETE CASCADE;
 ALTER TABLE auth.user_applications ADD CONSTRAINT user_applications_pkey PRIMARY KEY (id);
@@ -126,60 +150,14 @@ ALTER TABLE auth.users ADD CONSTRAINT uq_users_wx_openid UNIQUE (wx_openid);
 ALTER TABLE auth.users ADD CONSTRAINT users_wx_openid_key UNIQUE (wx_openid);

 -- 索引
-CREATE INDEX ix_site_code_mapping_site_code ON auth.site_code_mapping USING btree (site_code);
+CREATE INDEX ix_site_code_mapping_site_code ON auth._archived_site_code_mapping USING btree (site_code);
+CREATE INDEX idx_tenant_admin_tenant ON auth.tenant_admins USING btree (tenant_id);
+CREATE INDEX idx_tenant_admins_active_not_deleted ON auth.tenant_admins USING btree (is_active) WHERE (deleted_at IS NULL);
 CREATE INDEX ix_user_applications_status ON auth.user_applications USING btree (status);
 CREATE INDEX ix_user_applications_user_id ON auth.user_applications USING btree (user_id);
+CREATE INDEX idx_user_assistant_binding_active ON auth.user_assistant_binding USING btree (user_id, site_id) WHERE (is_removed = false);
+CREATE INDEX idx_user_site_roles_active ON auth.user_site_roles USING btree (user_id, site_id) WHERE (is_removed = false);
 CREATE INDEX ix_user_site_roles_user_site ON auth.user_site_roles USING btree (user_id, site_id);
 CREATE INDEX ix_users_status ON auth.users USING btree (status);
 CREATE INDEX ix_users_wx_openid ON auth.users USING btree (wx_openid);

-
-
-- =============================================================================
-- 种子数据：权限列表（5 条）
-- =============================================================================
-
-INSERT INTO auth.permissions (code, name, description) VALUES
-    ('view_tasks',           '查看任务',       '允许查看任务列表和任务详情'),
-    ('view_board',           '查看看板',       '允许查看数据看板概览'),
-    ('view_board_finance',   '查看财务看板',   '允许查看财务相关的数据看板'),
-    ('view_board_customer',  '查看客户看板',   '允许查看客户相关的数据看板'),
-    ('view_board_coach',     '查看助教看板',   '允许查看助教相关的数据看板')
-ON CONFLICT (code) DO NOTHING;
-
-- =============================================================================
-- 种子数据：默认角色（4 条）
-- =============================================================================
-
-INSERT INTO auth.roles (code, name, description) VALUES
-    ('coach',        '助教',       '球房助教，可查看任务和助教看板'),
-    ('staff',        '员工',       '球房员工，可查看任务和数据看板'),
-    ('site_admin',   '店铺管理员', '单店管理员，可查看所有看板'),
-    ('tenant_admin', '租户管理员', '租户级管理员，拥有全部权限')
-ON CONFLICT (code) DO NOTHING;
-
-- =============================================================================
-- 种子数据：角色-权限映射（14 条）
-- =============================================================================
-
-INSERT INTO auth.role_permissions (role_id, permission_id)
-SELECT r.id, p.id
-FROM auth.roles r
-CROSS JOIN auth.permissions p
-WHERE (r.code, p.code) IN (
-    ('coach',        'view_tasks'),
-    ('coach',        'view_board_coach'),
-    ('staff',        'view_tasks'),
-    ('staff',        'view_board'),
-    ('site_admin',   'view_tasks'),
-    ('site_admin',   'view_board'),
-    ('site_admin',   'view_board_finance'),
-    ('site_admin',   'view_board_customer'),
-    ('site_admin',   'view_board_coach'),
-    ('tenant_admin', 'view_tasks'),
-    ('tenant_admin', 'view_board'),
-    ('tenant_admin', 'view_board_finance'),
-    ('tenant_admin', 'view_board_customer'),
-    ('tenant_admin', 'view_board_coach')
-)
-ON CONFLICT (role_id, permission_id) DO NOTHING;