feat(admin): complete integration of auth, delivery, and system infrastructure modules

2026-02-18 23:30:39 +08:00
parent 7b27694690
commit 5d00e3d74e
37 changed files with 2830 additions and 1075 deletions
--- a/docs/sql/20_rls/delivery/ak_delivery_rls_v1.sql
+++ b/docs/sql/20_rls/delivery/ak_delivery_rls_v1.sql
@@ -0,0 +1,24 @@
+-- =====================================================================================
+-- RLS: 物流设置 (Delivery) 安全策略
+-- 位置：docs/sql/20_rls/delivery/ak_delivery_rls_v1.sql
+-- 对象类型：RLS 策略
+-- 版本：v1
+-- 说明：配送员表管理端私有；提货点表消费者端只读
+-- =====================================================================================
+
+-- 启用 RLS
+ALTER TABLE public.ml_delivery_staff ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.ml_delivery_stations ENABLE ROW LEVEL SECURITY;
+
+-- 1. 配送员表策略：默认不开放直接访问
+-- 全量管理通过 docs/sql/30_rpc/delivery/ 下的 RPC 执行
+
+-- 2. 提货点表策略：允许消费者端只读（用于地图展示和下单选择）
+DROP POLICY IF EXISTS delivery_stations_select_active ON public.ml_delivery_stations;
+CREATE POLICY delivery_stations_select_active
+  ON public.ml_delivery_stations
+  FOR SELECT
+  TO anon, authenticated
+  USING (status = 1);
+
+-- 管理端全量管理将通过 SECURITY DEFINER 的 RPC 接口执行