From 891b90ebb71f6aa858650cce0adcba5f1e1c9598 Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 4 Mar 2026 19:53:26 +0800 Subject: [PATCH] =?UTF-8?q?feat(db):=20=E5=88=9B=E5=BB=BA=E6=9D=83?= =?UTF-8?q?=E9=99=90=E7=AE=A1=E7=90=86=E7=B3=BB=E7=BB=9F=E6=95=B0=E6=8D=AE?= =?UTF-8?q?=E5=BA=93=E8=BF=81=E7=A7=BB=E6=96=87=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - V21: 权限核心表(6张) - 角色/权限/用户角色/部门等 - V22: 审批流程表(5张) - 流程配置/节点/实例/记录/历史 - V23: 审计与权限审计表(4张) - 审计日志/权限审计/快照/部门层级 共创建15张数据库表,完成Phase 1数据库表创建任务 --- .ralph/progress.md | 28 ++++ .ralph/state.md | 53 +++++++ .../V21__Create_permission_core_tables.sql | 96 ++++++++++++ .../V22__Create_approval_flow_tables.sql | 146 ++++++++++++++++++ ...23__Create_audit_and_permission_tables.sql | 121 +++++++++++++++ 5 files changed, 444 insertions(+) create mode 100644 .ralph/progress.md create mode 100644 .ralph/state.md create mode 100644 src/main/resources/db/migration/V21__Create_permission_core_tables.sql create mode 100644 src/main/resources/db/migration/V22__Create_approval_flow_tables.sql create mode 100644 src/main/resources/db/migration/V23__Create_audit_and_permission_tables.sql diff --git a/.ralph/progress.md b/.ralph/progress.md new file mode 100644 index 0000000..d409d74 --- /dev/null +++ b/.ralph/progress.md @@ -0,0 +1,28 @@ +# Ralph Progress - 蚊子系统管理后台权限管理系统 + +## Iteration 1 (2026-03-04) +- 创建V21迁移: 权限核心表 (6张) +- 创建V22迁移: 审批流程表 (5张) +- 创建V23迁移: 审计与权限审计表 (4张) +- 总计创建: 15张数据库表 + +### 创建的表清单 +1. sys_role - 角色表 +2. sys_permission - 权限表 +3. sys_role_permission - 角色权限关联表 +4. sys_user_role - 用户角色关联表 +5. sys_department - 部门表 +6. sys_user_permission - 用户直接权限表 +7. sys_approval_flow - 审批流程配置表 +8. sys_approval_node - 审批节点配置表 +9. sys_approval_instance - 审批实例表 +10. sys_approval_record - 审批记录表 +11. sys_approval_history - 审批历史表 +12. sys_audit_log - 审计日志表 +13. sys_permission_audit - 权限审计表 +14. sys_user_permission_snapshot - 用户权限快照表 +15. sys_department_relation - 部门层级关系表 + +### Status: Continuing +- Phase 1数据库表创建已完成 +- 准备进入Phase 2: 权限核心模块开发 diff --git a/.ralph/state.md b/.ralph/state.md new file mode 100644 index 0000000..32cbc5a --- /dev/null +++ b/.ralph/state.md @@ -0,0 +1,53 @@ +# Ralph State - 蚊子系统管理后台权限管理系统 + +## Task Info +- **Task**: 实施蚊子系统管理后台权限管理系统 +- **Start Time**: 2026-03-04 +- **Max Iterations**: 100 + +## Current State +- **Iteration**: 1 +- **Status**: In Progress +- **Current Phase**: Phase 1 - 数据库表创建 + +## Progress +- [x] V21: 权限核心表 (6张) + - sys_role + - sys_permission + - sys_role_permission + - sys_user_role + - sys_department + - sys_user_permission +- [x] V22: 审批流程表 (5张) + - sys_approval_flow + - sys_approval_node + - sys_approval_instance + - sys_approval_record + - sys_approval_history +- [x] V23: 审计与权限审计表 (4张) + - sys_audit_log + - sys_permission_audit + - sys_user_permission_snapshot + - sys_department_relation + +## Completion Criteria +- [ ] Phase 1: 数据库表创建(10张权限相关表) - 完成度: 100% +- [ ] Phase 2: 权限核心模块(角色管理、权限管理、部门管理) +- [ ] Phase 3: 审批流引擎 +- [ ] Phase 4: 业务模块开发 + +## Next Actions +1. 运行Flyway迁移创建数据库表 +2. 开始Phase 2: 权限核心模块开发 + +## Completed Tasks +- TASK-105: 创建角色表sys_role +- TASK-106: 创建权限表sys_permission +- TASK-107: 创建角色权限关联表sys_role_permission +- TASK-108: 创建用户角色关联表sys_user_role +- TASK-109: 创建部门表sys_department +- TASK-110: 创建审批流程配置表sys_approval_flow +- TASK-111: 创建审批记录表sys_approval_record +- TASK-112: 创建审批历史表sys_approval_history +- TASK-113: 创建审计日志表sys_audit_log +- TASK-114: 创建权限审计表sys_permission_audit diff --git a/src/main/resources/db/migration/V21__Create_permission_core_tables.sql b/src/main/resources/db/migration/V21__Create_permission_core_tables.sql new file mode 100644 index 0000000..9a08206 --- /dev/null +++ b/src/main/resources/db/migration/V21__Create_permission_core_tables.sql @@ -0,0 +1,96 @@ +-- 权限管理系统数据库迁移 +-- 版本: V21 +-- 描述: 创建权限管理核心表 +-- 创建时间: 2026-03-04 + +-- 1. 角色表 +CREATE TABLE sys_role ( + id BIGINT PRIMARY KEY AUTO_INCREMENT COMMENT '角色ID', + role_code VARCHAR(50) NOT NULL UNIQUE COMMENT '角色代码', + role_name VARCHAR(100) NOT NULL COMMENT '角色名称', + role_level VARCHAR(20) NOT NULL COMMENT '角色层级:SYSTEM/MANAGER/EXECUTOR/AUDIT', + data_scope VARCHAR(20) NOT NULL DEFAULT 'DEPARTMENT' COMMENT '数据权限:ALL/DEPARTMENT/OWN', + description VARCHAR(500) COMMENT '角色描述', + is_core TINYINT(1) DEFAULT 0 COMMENT '是否核心角色:0-扩展/1-核心', + status VARCHAR(20) DEFAULT 'ENABLED' COMMENT '状态:ENABLED/DISABLED', + created_by BIGINT COMMENT '创建人', + created_at DATETIME DEFAULT CURRENT_TIMESTAMP, + updated_at DATETIME DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + deleted TINYINT(1) DEFAULT 0 COMMENT '删除标志:0-未删除/1-已删除', + INDEX idx_role_code (role_code), + INDEX idx_status (status), + INDEX idx_role_level (role_level) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='角色表'; + +-- 2. 权限表 +CREATE TABLE sys_permission ( + id BIGINT PRIMARY KEY AUTO_INCREMENT COMMENT '权限ID', + permission_code VARCHAR(100) NOT NULL UNIQUE COMMENT '权限代码', + permission_name VARCHAR(100) NOT NULL COMMENT '权限名称', + module_code VARCHAR(50) NOT NULL COMMENT '模块代码', + resource_code VARCHAR(50) COMMENT '资源代码', + operation_code VARCHAR(50) COMMENT '操作代码:view/create/edit/delete/approve/export/execute', + data_scope VARCHAR(20) COMMENT '数据范围:ALL/DEPARTMENT/OWN', + description VARCHAR(500) COMMENT '权限描述', + sort_order INT DEFAULT 0 COMMENT '排序', + status VARCHAR(20) DEFAULT 'ENABLED' COMMENT '状态', + created_at DATETIME DEFAULT CURRENT_TIMESTAMP, + INDEX idx_permission_code (permission_code), + INDEX idx_module_code (module_code), + INDEX idx_status (status) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='权限表'; + +-- 3. 角色权限关联表 +CREATE TABLE sys_role_permission ( + id BIGINT PRIMARY KEY AUTO_INCREMENT, + role_id BIGINT NOT NULL COMMENT '角色ID', + permission_id BIGINT NOT NULL COMMENT '权限ID', + created_at DATETIME DEFAULT CURRENT_TIMESTAMP, + UNIQUE KEY uk_role_permission (role_id, permission_id), + INDEX idx_role_id (role_id), + INDEX idx_permission_id (permission_id) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='角色权限关联表'; + +-- 4. 用户角色关联表 +CREATE TABLE sys_user_role ( + id BIGINT PRIMARY KEY AUTO_INCREMENT, + user_id BIGINT NOT NULL COMMENT '用户ID', + role_id BIGINT NOT NULL COMMENT '角色ID', + department_id BIGINT COMMENT '部门ID', + created_by BIGINT COMMENT '分配人', + created_at DATETIME DEFAULT CURRENT_TIMESTAMP, + UNIQUE KEY uk_user_role_dept (user_id, role_id, department_id), + INDEX idx_user_id (user_id), + INDEX idx_role_id (role_id), + INDEX idx_department_id (department_id) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='用户角色关联表'; + +-- 5. 部门表 +CREATE TABLE sys_department ( + id BIGINT PRIMARY KEY AUTO_INCREMENT COMMENT '部门ID', + dept_name VARCHAR(100) NOT NULL COMMENT '部门名称', + parent_id BIGINT COMMENT '父部门ID', + dept_code VARCHAR(50) COMMENT '部门编码', + leader_id BIGINT COMMENT '部门负责人', + sort_order INT DEFAULT 0 COMMENT '排序', + status VARCHAR(20) DEFAULT 'ENABLED' COMMENT '状态', + created_at DATETIME DEFAULT CURRENT_TIMESTAMP, + updated_at DATETIME DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + INDEX idx_parent_id (parent_id), + INDEX idx_dept_code (dept_code), + INDEX idx_status (status) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='部门表'; + +-- 6. 用户直接权限表(用于临时权限) +CREATE TABLE sys_user_permission ( + id BIGINT PRIMARY KEY AUTO_INCREMENT, + user_id BIGINT NOT NULL COMMENT '用户ID', + permission_id BIGINT NOT NULL COMMENT '权限ID', + expire_time DATETIME COMMENT '过期时间', + created_by BIGINT COMMENT '分配人', + created_at DATETIME DEFAULT CURRENT_TIMESTAMP, + UNIQUE KEY uk_user_permission (user_id, permission_id), + INDEX idx_user_id (user_id), + INDEX idx_permission_id (permission_id), + INDEX idx_expire_time (expire_time) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='用户直接权限表'; diff --git a/src/main/resources/db/migration/V22__Create_approval_flow_tables.sql b/src/main/resources/db/migration/V22__Create_approval_flow_tables.sql new file mode 100644 index 0000000..9f6c5ff --- /dev/null +++ b/src/main/resources/db/migration/V22__Create_approval_flow_tables.sql @@ -0,0 +1,146 @@ +-- 审批流程系统数据库迁移 +-- 版本: V22 +-- 描述: 创建审批流程相关表 +-- 创建时间: 2026-03-04 + +-- 1. 审批流程配置表 +CREATE TABLE sys_approval_flow ( + id BIGINT PRIMARY KEY AUTO_INCREMENT COMMENT '流程ID', + flow_code VARCHAR(50) NOT NULL UNIQUE COMMENT '流程代码', + flow_name VARCHAR(100) NOT NULL COMMENT '流程名称', + module_code VARCHAR(50) NOT NULL COMMENT '所属模块', + business_type VARCHAR(50) NOT NULL COMMENT '业务类型', + approval_type VARCHAR(20) NOT NULL COMMENT '审批类型:SERIAL(串行)/PARALLEL(并行)/CONDITIONAL(条件)', + approval_mode VARCHAR(20) NOT NULL DEFAULT 'ANY' COMMENT '审批模式:ANY(或签)/ALL(会签)', + timeout_hours INT DEFAULT 24 COMMENT '审批超时小时数', + auto_approve TINYINT(1) DEFAULT 0 COMMENT '是否支持自动审批', + auto_approve_rule VARCHAR(500) COMMENT '自动审批规则表达式', + allow_transfer TINYINT(1) DEFAULT 1 COMMENT '是否允许转审', + allow_cc TINYINT(1) DEFAULT 1 COMMENT '是否允许抄送', + notify_type VARCHAR(50) DEFAULT 'EMAIL,IN_APP' COMMENT '通知类型:EMAIL/IN_APP/SMS/WECHAT', + form_template TEXT COMMENT '审批表单模板(JSON)', + description VARCHAR(500) COMMENT '流程描述', + is_active TINYINT(1) DEFAULT 1 COMMENT '是否启用', + priority INT DEFAULT 0 COMMENT '优先级', + created_by BIGINT COMMENT '创建人', + created_at DATETIME DEFAULT CURRENT_TIMESTAMP, + updated_at DATETIME DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + deleted TINYINT(1) DEFAULT 0 COMMENT '删除标志', + INDEX idx_flow_code (flow_code), + INDEX idx_module_code (module_code), + INDEX idx_business_type (business_type), + INDEX idx_is_active (is_active) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='审批流程配置表'; + +-- 2. 审批节点配置表 +CREATE TABLE sys_approval_node ( + id BIGINT PRIMARY KEY AUTO_INCREMENT COMMENT '节点ID', + flow_id BIGINT NOT NULL COMMENT '流程ID', + node_code VARCHAR(50) NOT NULL COMMENT '节点代码', + node_name VARCHAR(100) NOT NULL COMMENT '节点名称', + node_type VARCHAR(20) NOT NULL COMMENT '节点类型:START/APPROVAL/CONDITION/CC/END', + node_order INT NOT NULL DEFAULT 0 COMMENT '节点顺序', + approver_type VARCHAR(20) NOT NULL COMMENT '审批人类型:USER/ROLE/DEPARTMENT/MANAGER/DYNAMIC', + approver_value VARCHAR(500) COMMENT '审批人值(用户ID/角色ID/部门ID/表达式)', + approver_count INT DEFAULT 1 COMMENT '审批人数(会签时>1)', + condition_expression VARCHAR(1000) COMMENT '条件表达式(CONDITION节点使用)', + timeout_action VARCHAR(20) COMMENT '超时动作:AUTO_PASS/AUTO_REJECT/NOTIFY/ESCALATE', + timeout_hours INT DEFAULT 24 COMMENT '节点超时小时数', + allow_transfer TINYINT(1) DEFAULT 1 COMMENT '是否允许转审', + allow_reject TINYINT(1) DEFAULT 1 COMMENT '是否允许驳回', + reject_to_node VARCHAR(50) COMMENT '驳回到节点代码', + allow_callback TINYINT(1) DEFAULT 1 COMMENT '是否允许撤回', + notify_before INT COMMENT '提前通知分钟数', + created_at DATETIME DEFAULT CURRENT_TIMESTAMP, + INDEX idx_flow_id (flow_id), + INDEX idx_node_code (node_code) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='审批节点配置表'; + +-- 3. 审批实例表 +CREATE TABLE sys_approval_instance ( + id BIGINT PRIMARY KEY AUTO_INCREMENT COMMENT '实例ID', + instance_no VARCHAR(50) NOT NULL UNIQUE COMMENT '实例编号', + flow_id BIGINT NOT NULL COMMENT '流程ID', + flow_code VARCHAR(50) NOT NULL COMMENT '流程代码', + flow_name VARCHAR(100) NOT NULL COMMENT '流程名称', + module_code VARCHAR(50) NOT NULL COMMENT '模块代码', + business_type VARCHAR(50) NOT NULL COMMENT '业务类型', + business_id BIGINT NOT NULL COMMENT '业务ID', + business_key VARCHAR(100) COMMENT '业务键', + title VARCHAR(200) NOT NULL COMMENT '审批标题', + applicant_id BIGINT NOT NULL COMMENT '申请人ID', + applicant_name VARCHAR(100) COMMENT '申请人姓名', + applicant_dept_id BIGINT COMMENT '申请人部门ID', + current_node_code VARCHAR(50) COMMENT '当前节点代码', + current_node_name VARCHAR(100) COMMENT '当前节点名称', + approval_status VARCHAR(20) NOT NULL DEFAULT 'PENDING' COMMENT '审批状态:PENDING/APPROVING/APPROVED/REJECTED/CANCELLED/TRANSFERRED', + form_data JSON COMMENT '表单数据', + total_amount DECIMAL(15,2) COMMENT '涉及金额', + level INT DEFAULT 1 COMMENT '审批级别(多级审批)', + related_instance_id BIGINT COMMENT '关联实例ID', + external_no VARCHAR(100) COMMENT '外部单据编号', + source_system VARCHAR(50) COMMENT '来源系统', + callback_url VARCHAR(500) COMMENT '回调URL', + callback_status VARCHAR(20) COMMENT '回调状态', + started_at DATETIME COMMENT '开始时间', + ended_at DATETIME COMMENT '结束时间', + duration_hours INT COMMENT '处理时长(小时)', + created_at DATETIME DEFAULT CURRENT_TIMESTAMP, + updated_at DATETIME DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + INDEX idx_instance_no (instance_no), + INDEX idx_flow_id (flow_id), + INDEX idx_business (business_type, business_id), + INDEX idx_applicant_id (applicant_id), + INDEX idx_approval_status (approval_status), + INDEX idx_current_node (current_node_code) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='审批实例表'; + +-- 4. 审批记录表 +CREATE TABLE sys_approval_record ( + id BIGINT PRIMARY KEY AUTO_INCREMENT COMMENT '记录ID', + instance_id BIGINT NOT NULL COMMENT '实例ID', + node_code VARCHAR(50) NOT NULL COMMENT '节点代码', + node_name VARCHAR(100) COMMENT '节点名称', + approver_id BIGINT NOT NULL COMMENT '审批人ID', + approver_name VARCHAR(100) COMMENT '审批人姓名', + approver_dept_id BIGINT COMMENT '审批人部门ID', + action_type VARCHAR(20) NOT NULL COMMENT '操作类型:APPROVE/REJECT/TRANSFER/CC/ESCALATE', + action_result VARCHAR(20) NOT NULL COMMENT '操作结果:PASS/REJECT/TRANSFERRED/SKIPPED', + comment TEXT COMMENT '审批意见', + attachment_urls VARCHAR(2000) COMMENT '附件URL(逗号分隔)', + suggest_next_node VARCHAR(50) COMMENT '建议下一节点', + is_last TINYINT(1) DEFAULT 0 COMMENT '是否最后一级', + level INT DEFAULT 1 COMMENT '审批级别', + sequence INT NOT NULL DEFAULT 0 COMMENT '审批顺序', + delegate_from_id BIGINT COMMENT '委托来源用户ID', + delegate_from_name VARCHAR(100) COMMENT '委托来源用户名', + timeout_action VARCHAR(20) COMMENT '超时自动处理', + action_at DATETIME COMMENT '审批时间', + created_at DATETIME DEFAULT CURRENT_TIMESTAMP, + INDEX idx_instance_id (instance_id), + INDEX idx_approver_id (approver_id), + INDEX idx_action_type (action_type), + INDEX idx_action_result (action_result) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='审批记录表'; + +-- 5. 审批历史表 +CREATE TABLE sys_approval_history ( + id BIGINT PRIMARY KEY AUTO_INCREMENT COMMENT '历史ID', + instance_id BIGINT NOT NULL COMMENT '实例ID', + instance_no VARCHAR(50) NOT NULL COMMENT '实例编号', + node_code VARCHAR(50) NOT NULL COMMENT '节点代码', + node_name VARCHAR(100) COMMENT '节点名称', + operator_id BIGINT NOT NULL COMMENT '操作人ID', + operator_name VARCHAR(100) COMMENT '操作人姓名', + operator_type VARCHAR(20) NOT NULL COMMENT '操作人类型:APPROVER/APPLICANT/SYSTEM', + action_type VARCHAR(20) NOT NULL COMMENT '操作类型', + action_detail TEXT COMMENT '操作详情', + form_snapshot JSON COMMENT '表单快照', + comment TEXT COMMENT '备注', + attachment_urls VARCHAR(2000) COMMENT '附件', + created_at DATETIME DEFAULT CURRENT_TIMESTAMP, + INDEX idx_instance_id (instance_id), + INDEX idx_instance_no (instance_no), + INDEX idx_operator_id (operator_id), + INDEX idx_created_at (created_at) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='审批历史表'; diff --git a/src/main/resources/db/migration/V23__Create_audit_and_permission_tables.sql b/src/main/resources/db/migration/V23__Create_audit_and_permission_tables.sql new file mode 100644 index 0000000..aff4af4 --- /dev/null +++ b/src/main/resources/db/migration/V23__Create_audit_and_permission_tables.sql @@ -0,0 +1,121 @@ +-- 审计与权限审计数据库迁移 +-- 版本: V23 +-- 描述: 创建审计日志和权限审计表 +-- 创建时间: 2026-03-04 + +-- 1. 审计日志表 +CREATE TABLE sys_audit_log ( + id BIGINT PRIMARY KEY AUTO_INCREMENT COMMENT '日志ID', + trace_id VARCHAR(64) COMMENT '链路追踪ID', + user_id BIGINT COMMENT '用户ID', + user_name VARCHAR(100) COMMENT '用户名', + user_ip VARCHAR(50) COMMENT '用户IP', + user_agent VARCHAR(500) COMMENT '用户代理', + module_code VARCHAR(50) NOT NULL COMMENT '模块代码', + module_name VARCHAR(100) COMMENT '模块名称', + operation_type VARCHAR(50) NOT NULL COMMENT '操作类型', + operation_name VARCHAR(100) COMMENT '操作名称', + business_type VARCHAR(50) COMMENT '业务类型', + business_id VARCHAR(100) COMMENT '业务ID', + business_no VARCHAR(100) COMMENT '业务编号', + request_method VARCHAR(10) COMMENT '请求方法', + request_url VARCHAR(500) COMMENT '请求URL', + request_params TEXT COMMENT '请求参数', + request_body TEXT COMMENT '请求体', + response_code VARCHAR(20) COMMENT '响应码', + response_message VARCHAR(500) COMMENT '响应消息', + response_time_ms INT COMMENT '响应耗时(毫秒)', + error_stack TEXT COMMENT '错误堆栈', + affected_records INT DEFAULT 0 COMMENT '影响记录数', + data_before JSON COMMENT '修改前数据', + data_after JSON COMMENT '修改后数据', + is_sensitive TINYINT(1) DEFAULT 0 COMMENT '是否敏感操作', + sensitivity_level VARCHAR(20) COMMENT '敏感级别:NORMAL/WARNING/DANGER', + resource_type VARCHAR(50) COMMENT '资源类型', + resource_id VARCHAR(100) COMMENT '资源ID', + location VARCHAR(200) COMMENT '地理位置', + device_info VARCHAR(200) COMMENT '设备信息', + session_id VARCHAR(100) COMMENT '会话ID', + created_at DATETIME DEFAULT CURRENT_TIMESTAMP, + INDEX idx_trace_id (trace_id), + INDEX idx_user_id (user_id), + INDEX idx_module_operation (module_code, operation_type), + INDEX idx_business (business_type, business_id), + INDEX idx_created_at (created_at), + INDEX idx_user_ip (user_ip) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='审计日志表'; + +-- 2. 权限审计表 +CREATE TABLE sys_permission_audit ( + id BIGINT PRIMARY KEY AUTO_INCREMENT COMMENT '审计ID', + audit_type VARCHAR(20) NOT NULL COMMENT '审计类型:GRANT/REVOKE/TRANSFER/EXPIRE', + target_type VARCHAR(20) NOT NULL COMMENT '目标类型:USER/ROLE/DEPARTMENT', + target_id BIGINT NOT NULL COMMENT '目标ID', + target_name VARCHAR(100) COMMENT '目标名称', + target_code VARCHAR(100) COMMENT '目标代码', + permission_type VARCHAR(20) NOT NULL COMMENT '权限类型:ROLE/DIRECT/MENU/DATA', + permission_id BIGINT COMMENT '权限ID', + permission_code VARCHAR(100) COMMENT '权限代码', + permission_name VARCHAR(100) COMMENT '权限名称', + permission_scope VARCHAR(20) COMMENT '权限范围:ALL/DEPARTMENT/OWN', + department_id BIGINT COMMENT '部门ID', + department_name VARCHAR(100) COMMENT '部门名称', + expire_time DATETIME COMMENT '过期时间', + reason VARCHAR(500) COMMENT '授权原因', + source_type VARCHAR(20) COMMENT '来源类型:MANUAL/APPROVAL/AUTO', + source_id BIGINT COMMENT '来源ID', + source_no VARCHAR(100) COMMENT '来源单据编号', + operator_id BIGINT COMMENT '操作人ID', + operator_name VARCHAR(100) COMMENT '操作人姓名', + operator_ip VARCHAR(50) COMMENT '操作人IP', + approval_instance_id BIGINT COMMENT '审批实例ID', + status VARCHAR(20) DEFAULT 'APPROVED' COMMENT '状态:PENDING/APPROVED/REJECTED/CANCELLED', + effective_time DATETIME COMMENT '生效时间', + effect_status VARCHAR(20) COMMENT '生效状态:EFFECTIVE/EXPIRED/REVOKED', + remark VARCHAR(500) COMMENT '备注', + created_at DATETIME DEFAULT CURRENT_TIMESTAMP, + updated_at DATETIME DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + INDEX idx_audit_type (audit_type), + INDEX idx_target (target_type, target_id), + INDEX idx_permission (permission_type, permission_id), + INDEX idx_source (source_type, source_id), + INDEX idx_operator (operator_id), + INDEX idx_status (status), + INDEX idx_created_at (created_at) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='权限审计表'; + +-- 3. 用户权限快照表(定期生成) +CREATE TABLE sys_user_permission_snapshot ( + id BIGINT PRIMARY KEY AUTO_INCREMENT COMMENT '快照ID', + user_id BIGINT NOT NULL COMMENT '用户ID', + snapshot_date DATE NOT NULL COMMENT '快照日期', + role_ids VARCHAR(500) COMMENT '角色ID列表', + role_names VARCHAR(1000) COMMENT '角色名称列表', + permission_ids TEXT COMMENT '权限ID列表(JSON数组)', + permission_codes TEXT COMMENT '权限代码列表(JSON数组)', + permission_count INT DEFAULT 0 COMMENT '权限数量', + data_scope VARCHAR(20) COMMENT '数据权限范围', + department_id BIGINT COMMENT '主部门ID', + department_name VARCHAR(100) COMMENT '主部门名称', + all_department_ids VARCHAR(500) COMMENT '所有部门ID', + is_active TINYINT(1) DEFAULT 1 COMMENT '是否有效', + created_at DATETIME DEFAULT CURRENT_TIMESTAMP, + UNIQUE KEY uk_user_date (user_id, snapshot_date), + INDEX idx_user_id (user_id), + INDEX idx_snapshot_date (snapshot_date) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='用户权限快照表'; + +-- 4. 部门层级关系表(支持树形查询) +CREATE TABLE sys_department_relation ( + id BIGINT PRIMARY KEY AUTO_INCREMENT COMMENT 'ID', + ancestor_id BIGINT NOT NULL COMMENT '祖先部门ID', + descendant_id BIGINT NOT NULL COMMENT '后代部门ID', + depth INT NOT NULL DEFAULT 0 COMMENT '层级深度', + path VARCHAR(1000) NOT NULL COMMENT '路径', + is_direct TINYINT(1) DEFAULT 0 COMMENT '是否直接上级', + created_at DATETIME DEFAULT CURRENT_TIMESTAMP, + UNIQUE KEY uk_descendant (descendant_id, ancestor_id), + INDEX idx_ancestor (ancestor_id), + INDEX idx_descendant (descendant_id), + INDEX idx_path (path) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='部门层级关系表';