feat(admin): complete full integration of kefu, finance, product and order modules with real RPC data streams

docs/sql/20_rls/kefu/ml_kefu_rls_v1.sql

@@ -0,0 +1,34 @@
+-- =====================================================================================
+-- RLS: 客服模块安全策略
+-- 位置：docs/sql/20_rls/kefu/ml_kefu_rls_v1.sql
+-- 对象类型：RLS 策略
+-- 版本：v1
+-- 说明：管理端全量访问通过 RPC 完成；用户仅能操作自己的留言反馈
+-- =====================================================================================
+
+-- 开启所有表的 RLS
+ALTER TABLE public.ml_kefu_accounts ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.ml_kefu_word_categories ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.ml_kefu_words ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.ml_kefu_feedbacks ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.ml_kefu_auto_replies ENABLE ROW LEVEL SECURITY;
+
+-- 1. 留言反馈表策略
+-- 允许登录用户插入自己的留言
+DROP POLICY IF EXISTS ml_kefu_feedbacks_user_insert ON public.ml_kefu_feedbacks;
+CREATE POLICY ml_kefu_feedbacks_user_insert
+  ON public.ml_kefu_feedbacks
+  FOR INSERT
+  TO authenticated
+  WITH CHECK (user_id = auth.uid());
+
+-- 允许用户查看自己的留言
+DROP POLICY IF EXISTS ml_kefu_feedbacks_user_select ON public.ml_kefu_feedbacks;
+CREATE POLICY ml_kefu_feedbacks_user_select
+  ON public.ml_kefu_feedbacks
+  FOR SELECT
+  TO authenticated
+  USING (user_id = auth.uid());
+
+-- 其他表（账号、话术、自动回复）默认不向 anon/authenticated 角色开放 SELECT/INSERT/UPDATE/DELETE
+-- 管理端全量管理将通过 SECURITY DEFINER 的 RPC 函数执行