admin模块接入数据库

2026-02-13 17:29:50 +08:00
parent 56209b7a75
commit ec636dc703
58 changed files with 5586 additions and 1394 deletions
--- a/docs/sql/20_rls/cms/ml_cms_rls_v1.sql
+++ b/docs/sql/20_rls/cms/ml_cms_rls_v1.sql
@@ -0,0 +1,29 @@
+-- =====================================================================================
+-- RLS: 内容管理模块安全策略
+-- 位置：docs/sql/20_rls/cms/ml_cms_rls_v1.sql
+-- 对象类型：RLS 策略
+-- 版本：v1
+-- 说明：消费者端可读（仅已发布/启用）；管理端通过 RPC 访问
+-- =====================================================================================
+
+-- 1. 开启 RLS
+ALTER TABLE public.ml_article_categories ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.ml_articles ENABLE ROW LEVEL SECURITY;
+
+-- 2. 分类表策略：允许所有人读取启用的分类
+DROP POLICY IF EXISTS ml_article_categories_select_active ON public.ml_article_categories;
+CREATE POLICY ml_article_categories_select_active
+  ON public.ml_article_categories
+  FOR SELECT
+  TO anon, authenticated
+  USING (status = 1);
+
+-- 3. 文章表策略：允许所有人读取已发布的文章
+DROP POLICY IF EXISTS ml_articles_select_published ON public.ml_articles;
+CREATE POLICY ml_articles_select_published
+  ON public.ml_articles
+  FOR SELECT
+  TO anon, authenticated
+  USING (status = 1);
+
+-- 默认不开放 INSERT/UPDATE/DELETE 给普通用户，管理端操作通过 RPC (SECURITY DEFINER) 执行
--- a/docs/sql/20_rls/marketing/ml_coupon_templates_rls_v1.sql
+++ b/docs/sql/20_rls/marketing/ml_coupon_templates_rls_v1.sql
@@ -0,0 +1,34 @@
+-- =====================================================================================
+-- RLS Policy: 优惠券模板表权限控制
+-- 位置：docs/sql/20_rls/marketing/ml_coupon_templates_rls_v1.sql
+-- 说明：确保商家仅能管理自己的优惠券模板，管理员拥有全权限。
+-- =====================================================================================
+
+-- 1. 启用 RLS
+ALTER TABLE public.ml_coupon_templates ENABLE ROW LEVEL SECURITY;
+
+-- 2. 创建权限策略
+-- 允许商家管理自己的模板
+CREATE POLICY ml_coupon_templates_merchant_policy ON public.ml_coupon_templates
+    FOR ALL 
+    TO authenticated
+    USING (
+        merchant_id = auth.uid() OR 
+        EXISTS (
+            SELECT 1 FROM public.ak_users 
+            WHERE id = auth.uid() AND role = 'admin'
+        )
+    )
+    WITH CHECK (
+        merchant_id = auth.uid() OR 
+        EXISTS (
+            SELECT 1 FROM public.ak_users 
+            WHERE id = auth.uid() AND role = 'admin'
+        )
+    );
+
+-- 允许所有认证用户查看模板（用于前台领取）
+CREATE POLICY ml_coupon_templates_select_policy ON public.ml_coupon_templates
+    FOR SELECT 
+    TO authenticated
+    USING (status = 1);