huangzhenbao/medical-mall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5acda051341bc00be1d8990a6793df593347b9e3
medical-mall/docs/sql/20_rls/distribution/ml_distribution_rls_v1.sql
comlibmb 5acda05134 admin接入数据库
2026-02-16 15:19:17 +08:00

53 lines
3.0 KiB
SQL
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
-- =====================================================================================
-- RLS: 分销模块安全策略
-- 位置docs/sql/20_rls/distribution/ml_distribution_rls_v1.sql
-- 对象类型RLS 策略
-- 版本v1
-- 说明:管理端全量权限通过 SECURITY DEFINER RPC 执行;用户仅能访问个人关联数据
-- =====================================================================================
-- 启用 RLS
ALTER TABLE public.ak_distribution_config ENABLE ROW LEVEL SECURITY;
ALTER TABLE public.ak_distribution_level ENABLE ROW LEVEL SECURITY;
ALTER TABLE public.ak_promoter_relations ENABLE ROW LEVEL SECURITY;
ALTER TABLE public.ak_commission_logs ENABLE ROW LEVEL SECURITY;
ALTER TABLE public.ak_distribution_divisions ENABLE ROW LEVEL SECURITY;
ALTER TABLE public.ak_distribution_agents ENABLE ROW LEVEL SECURITY;
ALTER TABLE public.ak_distribution_agent_applications ENABLE ROW LEVEL SECURITY;
-- 1. 分销配置:允许所有登录用户读取(消费者端展示逻辑需要)
DROP POLICY IF EXISTS dist_config_select_policy ON public.ak_distribution_config;
CREATE POLICY dist_config_select_policy ON public.ak_distribution_config
FOR SELECT TO authenticated USING (true);
-- 2. 分销等级:允许所有登录用户读取可见等级
DROP POLICY IF EXISTS dist_level_select_policy ON public.ak_distribution_level;
CREATE POLICY dist_level_select_policy ON public.ak_distribution_level
FOR SELECT TO authenticated USING (is_visible = true);
-- 3. 推广员关系:用户仅能查看与自己相关的记录
DROP POLICY IF EXISTS promoter_relations_select_policy ON public.ak_promoter_relations;
CREATE POLICY promoter_relations_select_policy ON public.ak_promoter_relations
FOR SELECT TO authenticated USING (uid = auth.uid() OR inviter_uid = auth.uid());
-- 4. 佣金日志:用户仅能查看自己的佣金记录
DROP POLICY IF EXISTS commission_logs_select_policy ON public.ak_commission_logs;
CREATE POLICY commission_logs_select_policy ON public.ak_commission_logs
FOR SELECT TO authenticated USING (uid = auth.uid());
-- 5. 事业部与代理商:允许登录用户查看启用的记录
DROP POLICY IF EXISTS dist_divisions_select_policy ON public.ak_distribution_divisions;
CREATE POLICY dist_divisions_select_policy ON public.ak_distribution_divisions
FOR SELECT TO authenticated USING (is_enabled = true);
DROP POLICY IF EXISTS dist_agents_select_policy ON public.ak_distribution_agents;
CREATE POLICY dist_agents_select_policy ON public.ak_distribution_agents
FOR SELECT TO authenticated USING (is_enabled = true);
-- 6. 代理商申请:用户仅能管理自己的申请记录
DROP POLICY IF EXISTS dist_apply_user_policy ON public.ak_distribution_agent_applications;
CREATE POLICY dist_apply_user_policy ON public.ak_distribution_agent_applications
FOR ALL TO authenticated USING (uid = auth.uid()) WITH CHECK (uid = auth.uid());
-- 管理端全量管理将通过 SECURITY DEFINER 的 RPC 接口执行,此处不再额外开放直接表操作
Reference in New Issue View Git Blame Copy Permalink