Neo-ZQYY/docs/database/ddl/zqyy_app__auth.sql

-- =============================================================================
-- zqyy_app / auth（用户认证与权限）
-- 生成日期：2026-03-15
-- 来源：测试库（通过脚本自动导出）
-- =============================================================================

CREATE SCHEMA IF NOT EXISTS auth;

-- 序列
CREATE SEQUENCE IF NOT EXISTS auth.permissions_id_seq AS integer;
CREATE SEQUENCE IF NOT EXISTS auth.roles_id_seq AS integer;
CREATE SEQUENCE IF NOT EXISTS auth.site_code_mapping_id_seq AS integer;
CREATE SEQUENCE IF NOT EXISTS auth.user_applications_id_seq AS integer;
CREATE SEQUENCE IF NOT EXISTS auth.user_assistant_binding_id_seq AS integer;
CREATE SEQUENCE IF NOT EXISTS auth.user_site_roles_id_seq AS integer;
CREATE SEQUENCE IF NOT EXISTS auth.users_id_seq AS integer;

-- 表
CREATE TABLE auth.permissions (
    id integer DEFAULT nextval('auth.permissions_id_seq'::regclass) NOT NULL,
    code character varying(100) NOT NULL,
    name character varying(200) NOT NULL,
    description text,
    created_at timestamp with time zone DEFAULT now() NOT NULL
);

CREATE TABLE auth.role_permissions (
    role_id integer NOT NULL,
    permission_id integer NOT NULL
);

CREATE TABLE auth.roles (
    id integer DEFAULT nextval('auth.roles_id_seq'::regclass) NOT NULL,
    code character varying(50) NOT NULL,
    name character varying(100) NOT NULL,
    description text,
    created_at timestamp with time zone DEFAULT now() NOT NULL
);

CREATE TABLE auth.site_code_mapping (
    id integer DEFAULT nextval('auth.site_code_mapping_id_seq'::regclass) NOT NULL,
    site_code character varying(10) NOT NULL,
    site_id bigint NOT NULL,
    site_name character varying(200),
    tenant_id bigint,
    created_at timestamp with time zone DEFAULT now() NOT NULL
);

CREATE TABLE auth.user_applications (
    id integer DEFAULT nextval('auth.user_applications_id_seq'::regclass) NOT NULL,
    user_id integer NOT NULL,
    site_code character varying(10) NOT NULL,
    site_id bigint,
    applied_role_text character varying(100) NOT NULL,
    employee_number character varying(50),
    phone character varying(20) NOT NULL,
    status character varying(20) DEFAULT 'pending'::character varying NOT NULL,
    reviewer_id integer,
    review_note text,
    created_at timestamp with time zone DEFAULT now() NOT NULL,
    reviewed_at timestamp with time zone
);

CREATE TABLE auth.user_assistant_binding (
    id integer DEFAULT nextval('auth.user_assistant_binding_id_seq'::regclass) NOT NULL,
    user_id integer NOT NULL,
    site_id bigint NOT NULL,
    assistant_id bigint,
    staff_id bigint,
    binding_type character varying(20) NOT NULL,
    created_at timestamp with time zone DEFAULT now() NOT NULL
);

CREATE TABLE auth.user_site_roles (
    id integer DEFAULT nextval('auth.user_site_roles_id_seq'::regclass) NOT NULL,
    user_id integer NOT NULL,
    site_id bigint NOT NULL,
    role_id integer NOT NULL,
    created_at timestamp with time zone DEFAULT now() NOT NULL
);

CREATE TABLE auth.users (
    id integer DEFAULT nextval('auth.users_id_seq'::regclass) NOT NULL,
    wx_openid character varying(100),
    wx_union_id character varying(100),
    wx_avatar_url text,
    nickname character varying(100),
    phone character varying(20),
    status character varying(20) DEFAULT 'new'::character varying NOT NULL,
    created_at timestamp with time zone DEFAULT now() NOT NULL,
    updated_at timestamp with time zone DEFAULT now() NOT NULL
);

-- 约束（主键 / 唯一 / 外键）
ALTER TABLE auth.permissions ADD CONSTRAINT permissions_pkey PRIMARY KEY (id);
ALTER TABLE auth.permissions ADD CONSTRAINT permissions_code_key UNIQUE (code);
ALTER TABLE auth.permissions ADD CONSTRAINT uq_permissions_code UNIQUE (code);
ALTER TABLE auth.role_permissions ADD CONSTRAINT fk_role_permissions_permission_id FOREIGN KEY (permission_id) REFERENCES auth.permissions(id) ON DELETE CASCADE;
ALTER TABLE auth.role_permissions ADD CONSTRAINT fk_role_permissions_role_id FOREIGN KEY (role_id) REFERENCES auth.roles(id) ON DELETE CASCADE;
ALTER TABLE auth.role_permissions ADD CONSTRAINT role_permissions_permission_id_fkey FOREIGN KEY (permission_id) REFERENCES auth.permissions(id) ON DELETE CASCADE;
ALTER TABLE auth.role_permissions ADD CONSTRAINT role_permissions_role_id_fkey FOREIGN KEY (role_id) REFERENCES auth.roles(id) ON DELETE CASCADE;
ALTER TABLE auth.role_permissions ADD CONSTRAINT role_permissions_pkey PRIMARY KEY (role_id, permission_id);
ALTER TABLE auth.roles ADD CONSTRAINT roles_pkey PRIMARY KEY (id);
ALTER TABLE auth.roles ADD CONSTRAINT roles_code_key UNIQUE (code);
ALTER TABLE auth.roles ADD CONSTRAINT uq_roles_code UNIQUE (code);
ALTER TABLE auth.site_code_mapping ADD CONSTRAINT site_code_mapping_pkey PRIMARY KEY (id);
ALTER TABLE auth.site_code_mapping ADD CONSTRAINT site_code_mapping_site_code_key UNIQUE (site_code);
ALTER TABLE auth.site_code_mapping ADD CONSTRAINT site_code_mapping_site_id_key UNIQUE (site_id);
ALTER TABLE auth.site_code_mapping ADD CONSTRAINT uq_site_code_mapping_site_code UNIQUE (site_code);
ALTER TABLE auth.site_code_mapping ADD CONSTRAINT uq_site_code_mapping_site_id UNIQUE (site_id);
ALTER TABLE auth.user_applications ADD CONSTRAINT fk_user_applications_user_id FOREIGN KEY (user_id) REFERENCES auth.users(id) ON DELETE CASCADE;
ALTER TABLE auth.user_applications ADD CONSTRAINT user_applications_user_id_fkey FOREIGN KEY (user_id) REFERENCES auth.users(id) ON DELETE CASCADE;
ALTER TABLE auth.user_applications ADD CONSTRAINT user_applications_pkey PRIMARY KEY (id);
ALTER TABLE auth.user_assistant_binding ADD CONSTRAINT fk_user_assistant_binding_user_id FOREIGN KEY (user_id) REFERENCES auth.users(id) ON DELETE CASCADE;
ALTER TABLE auth.user_assistant_binding ADD CONSTRAINT user_assistant_binding_user_id_fkey FOREIGN KEY (user_id) REFERENCES auth.users(id) ON DELETE CASCADE;
ALTER TABLE auth.user_assistant_binding ADD CONSTRAINT user_assistant_binding_pkey PRIMARY KEY (id);
ALTER TABLE auth.user_site_roles ADD CONSTRAINT fk_user_site_roles_role_id FOREIGN KEY (role_id) REFERENCES auth.roles(id) ON DELETE CASCADE;
ALTER TABLE auth.user_site_roles ADD CONSTRAINT fk_user_site_roles_user_id FOREIGN KEY (user_id) REFERENCES auth.users(id) ON DELETE CASCADE;
ALTER TABLE auth.user_site_roles ADD CONSTRAINT user_site_roles_role_id_fkey FOREIGN KEY (role_id) REFERENCES auth.roles(id) ON DELETE CASCADE;
ALTER TABLE auth.user_site_roles ADD CONSTRAINT user_site_roles_user_id_fkey FOREIGN KEY (user_id) REFERENCES auth.users(id) ON DELETE CASCADE;
ALTER TABLE auth.user_site_roles ADD CONSTRAINT user_site_roles_pkey PRIMARY KEY (id);
ALTER TABLE auth.user_site_roles ADD CONSTRAINT uq_user_site_roles_user_site_role UNIQUE (user_id, site_id, role_id);
ALTER TABLE auth.user_site_roles ADD CONSTRAINT user_site_roles_user_id_site_id_role_id_key UNIQUE (user_id, site_id, role_id);
ALTER TABLE auth.users ADD CONSTRAINT users_pkey PRIMARY KEY (id);
ALTER TABLE auth.users ADD CONSTRAINT uq_users_wx_openid UNIQUE (wx_openid);
ALTER TABLE auth.users ADD CONSTRAINT users_wx_openid_key UNIQUE (wx_openid);

-- 索引
CREATE INDEX ix_site_code_mapping_site_code ON auth.site_code_mapping USING btree (site_code);
CREATE INDEX ix_user_applications_status ON auth.user_applications USING btree (status);
CREATE INDEX ix_user_applications_user_id ON auth.user_applications USING btree (user_id);
CREATE INDEX ix_user_site_roles_user_site ON auth.user_site_roles USING btree (user_id, site_id);
CREATE INDEX ix_users_status ON auth.users USING btree (status);
CREATE INDEX ix_users_wx_openid ON auth.users USING btree (wx_openid);



-- =============================================================================
-- 种子数据：权限列表（5 条）
-- =============================================================================

INSERT INTO auth.permissions (code, name, description) VALUES
    ('view_tasks',           '查看任务',       '允许查看任务列表和任务详情'),
    ('view_board',           '查看看板',       '允许查看数据看板概览'),
    ('view_board_finance',   '查看财务看板',   '允许查看财务相关的数据看板'),
    ('view_board_customer',  '查看客户看板',   '允许查看客户相关的数据看板'),
    ('view_board_coach',     '查看助教看板',   '允许查看助教相关的数据看板')
ON CONFLICT (code) DO NOTHING;

-- =============================================================================
-- 种子数据：默认角色（4 条）
-- =============================================================================

INSERT INTO auth.roles (code, name, description) VALUES
    ('coach',        '助教',       '球房助教，可查看任务和助教看板'),
    ('staff',        '员工',       '球房员工，可查看任务和数据看板'),
    ('site_admin',   '店铺管理员', '单店管理员，可查看所有看板'),
    ('tenant_admin', '租户管理员', '租户级管理员，拥有全部权限')
ON CONFLICT (code) DO NOTHING;

-- =============================================================================
-- 种子数据：角色-权限映射（14 条）
-- =============================================================================

INSERT INTO auth.role_permissions (role_id, permission_id)
SELECT r.id, p.id
FROM auth.roles r
CROSS JOIN auth.permissions p
WHERE (r.code, p.code) IN (
    ('coach',        'view_tasks'),
    ('coach',        'view_board_coach'),
    ('staff',        'view_tasks'),
    ('staff',        'view_board'),
    ('site_admin',   'view_tasks'),
    ('site_admin',   'view_board'),
    ('site_admin',   'view_board_finance'),
    ('site_admin',   'view_board_customer'),
    ('site_admin',   'view_board_coach'),
    ('tenant_admin', 'view_tasks'),
    ('tenant_admin', 'view_board'),
    ('tenant_admin', 'view_board_finance'),
    ('tenant_admin', 'view_board_customer'),
    ('tenant_admin', 'view_board_coach')
)
ON CONFLICT (role_id, permission_id) DO NOTHING;