admin模块接入数据库

2026-02-13 17:29:50 +08:00
parent 56209b7a75
commit ec636dc703
58 changed files with 5586 additions and 1394 deletions
--- a/docs/sql/20_rls/cms/ml_cms_rls_v1.sql
+++ b/docs/sql/20_rls/cms/ml_cms_rls_v1.sql
@@ -0,0 +1,29 @@
+-- =====================================================================================
+-- RLS: 内容管理模块安全策略
+-- 位置：docs/sql/20_rls/cms/ml_cms_rls_v1.sql
+-- 对象类型：RLS 策略
+-- 版本：v1
+-- 说明：消费者端可读（仅已发布/启用）；管理端通过 RPC 访问
+-- =====================================================================================
+
+-- 1. 开启 RLS
+ALTER TABLE public.ml_article_categories ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.ml_articles ENABLE ROW LEVEL SECURITY;
+
+-- 2. 分类表策略：允许所有人读取启用的分类
+DROP POLICY IF EXISTS ml_article_categories_select_active ON public.ml_article_categories;
+CREATE POLICY ml_article_categories_select_active
+  ON public.ml_article_categories
+  FOR SELECT
+  TO anon, authenticated
+  USING (status = 1);
+
+-- 3. 文章表策略：允许所有人读取已发布的文章
+DROP POLICY IF EXISTS ml_articles_select_published ON public.ml_articles;
+CREATE POLICY ml_articles_select_published
+  ON public.ml_articles
+  FOR SELECT
+  TO anon, authenticated
+  USING (status = 1);
+
+-- 默认不开放 INSERT/UPDATE/DELETE 给普通用户，管理端操作通过 RPC (SECURITY DEFINER) 执行