feat(admin): complete marketing module database integration with RLS policies and RPC archiving

2026-02-16 18:04:13 +08:00
parent 1853c407cd
commit e1f48cc880
3 changed files with 131 additions and 0 deletions
--- a/docs/sql/20_rls/marketing/ml_marketing_activities_rls_v1.sql
+++ b/docs/sql/20_rls/marketing/ml_marketing_activities_rls_v1.sql
@@ -0,0 +1,36 @@
+-- =====================================================================================
+-- RLS: 营销核心活动表安全策略
+-- 位置：docs/sql/20_rls/marketing/ml_marketing_activities_rls_v1.sql
+-- 对象类型：RLS 策略
+-- 版本：v1
+-- 说明：消费者端公开只读；管理端操作由 RPC (SECURITY DEFINER) 承载
+-- =====================================================================================
+
+-- 启用 RLS
+ALTER TABLE public.ak_seckill_activities ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.ak_combination_activities ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.ak_marketing_bargains ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.ak_marketing_groupbuys ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.ak_marketing_lotteries ENABLE ROW LEVEL SECURITY;
+
+-- 1. 秒杀活动：公开只读
+DROP POLICY IF EXISTS seckill_select_policy ON public.ak_seckill_activities;
+CREATE POLICY seckill_select_policy ON public.ak_seckill_activities FOR SELECT TO anon, authenticated USING (status = true);
+
+-- 2. 拼团活动：公开只读
+DROP POLICY IF EXISTS combination_select_policy ON public.ak_combination_activities;
+CREATE POLICY combination_select_policy ON public.ak_combination_activities FOR SELECT TO anon, authenticated USING (status = 'ongoing');
+
+-- 3. 砍价活动：公开只读
+DROP POLICY IF EXISTS bargain_select_policy ON public.ak_marketing_bargains;
+CREATE POLICY bargain_select_policy ON public.ak_marketing_bargains FOR SELECT TO anon, authenticated USING (status = true);
+
+-- 4. 团购活动：公开只读
+DROP POLICY IF EXISTS groupbuy_select_policy ON public.ak_marketing_groupbuys;
+CREATE POLICY groupbuy_select_policy ON public.ak_marketing_groupbuys FOR SELECT TO anon, authenticated USING (status = true);
+
+-- 5. 抽奖活动：公开只读
+DROP POLICY IF EXISTS lottery_select_policy ON public.ak_marketing_lotteries;
+CREATE POLICY lottery_select_policy ON public.ak_marketing_lotteries FOR SELECT TO anon, authenticated USING (is_open = true);
+
+-- 管理端全量管理将由 SECURITY DEFINER 的 RPC 接口执行
--- a/docs/sql/20_rls/marketing/ml_marketing_others_rls_v1.sql
+++ b/docs/sql/20_rls/marketing/ml_marketing_others_rls_v1.sql
@@ -0,0 +1,57 @@
+-- =====================================================================================
+-- RLS: 营销模块其他业务表安全策略 (互动/会员/直播/充值)
+-- 位置：docs/sql/20_rls/marketing/ml_marketing_others_rls_v1.sql
+-- 对象类型：RLS 策略
+-- 版本：v1
+-- 说明：配置类公开只读；记录类用户隔离；管理端由 RPC 承载
+-- =====================================================================================
+
+-- 启用 RLS
+ALTER TABLE public.ak_signin_configs ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.ak_marketing_signin_logs ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.ak_marketing_newcomer_config ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.ak_marketing_member_types ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.ak_marketing_member_rights ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.ak_marketing_member_config ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.ak_marketing_live_anchors ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.ak_marketing_live_rooms ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.ak_recharge_configs ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.ak_recharge_quotas ENABLE ROW LEVEL SECURITY;
+
+-- 1. 签到与新人礼配置：公开只读
+DROP POLICY IF EXISTS signin_config_select_policy ON public.ak_signin_configs;
+CREATE POLICY signin_config_select_policy ON public.ak_signin_configs FOR SELECT TO authenticated USING (true);
+
+DROP POLICY IF EXISTS newcomer_config_select_policy ON public.ak_marketing_newcomer_config;
+CREATE POLICY newcomer_config_select_policy ON public.ak_marketing_newcomer_config FOR SELECT TO authenticated USING (true);
+
+-- 2. 签到日志：用户仅能查看自己的
+DROP POLICY IF EXISTS signin_logs_user_policy ON public.ak_marketing_signin_logs;
+CREATE POLICY signin_logs_user_policy ON public.ak_marketing_signin_logs 
+FOR SELECT TO authenticated USING (uid = auth.uid());
+
+-- 3. 会员体系：类型与权益公开只读
+DROP POLICY IF EXISTS member_types_select_policy ON public.ak_marketing_member_types;
+CREATE POLICY member_types_select_policy ON public.ak_marketing_member_types FOR SELECT TO authenticated USING (is_open = true);
+
+DROP POLICY IF EXISTS member_rights_select_policy ON public.ak_marketing_member_rights;
+CREATE POLICY member_rights_select_policy ON public.ak_marketing_member_rights FOR SELECT TO authenticated USING (is_show = true);
+
+DROP POLICY IF EXISTS member_config_select_policy ON public.ak_marketing_member_config;
+CREATE POLICY member_config_select_policy ON public.ak_marketing_member_config FOR SELECT TO authenticated USING (is_enabled = true);
+
+-- 4. 直播：公开只读
+DROP POLICY IF EXISTS live_anchors_select_policy ON public.ak_marketing_live_anchors;
+CREATE POLICY live_anchors_select_policy ON public.ak_marketing_live_anchors FOR SELECT TO authenticated USING (status = true);
+
+DROP POLICY IF EXISTS live_rooms_select_policy ON public.ak_marketing_live_rooms;
+CREATE POLICY live_rooms_select_policy ON public.ak_marketing_live_rooms FOR SELECT TO authenticated USING (is_show = true);
+
+-- 5. 充值配置：公开只读
+DROP POLICY IF EXISTS recharge_config_select_policy ON public.ak_recharge_configs;
+CREATE POLICY recharge_config_select_policy ON public.ak_recharge_configs FOR SELECT TO authenticated USING (balance_enabled = true);
+
+DROP POLICY IF EXISTS recharge_quotas_select_policy ON public.ak_recharge_quotas;
+CREATE POLICY recharge_quotas_select_policy ON public.ak_recharge_quotas FOR SELECT TO authenticated USING (is_open = true);
+
+-- 管理端全量管理均通过 SECURITY DEFINER 的 RPC 接口执行