-- Level configuration is owned by activity-service but exposed under User Management in admin. -- The menu and permissions are seeded through migration so production can run without bootstrap. SET @now_ms = CAST(UNIX_TIMESTAMP(UTC_TIMESTAMP(3)) * 1000 AS UNSIGNED); INSERT INTO admin_permissions (name, code, kind, description, created_at_ms, updated_at_ms) VALUES ('等级配置查看', 'level-config:view', 'menu', '', @now_ms, @now_ms), ('等级配置更新', 'level-config:update', 'button', '', @now_ms, @now_ms) ON DUPLICATE KEY UPDATE name = VALUES(name), kind = VALUES(kind), description = VALUES(description), updated_at_ms = @now_ms; INSERT INTO admin_menus (parent_id, title, code, path, icon, permission_code, sort, visible, created_at_ms, updated_at_ms) VALUES (NULL, '用户管理', 'app-users', '', 'users', '', 60, TRUE, @now_ms, @now_ms) ON DUPLICATE KEY UPDATE title = VALUES(title), path = VALUES(path), icon = VALUES(icon), permission_code = VALUES(permission_code), sort = VALUES(sort), visible = VALUES(visible), updated_at_ms = @now_ms; INSERT INTO admin_menus (parent_id, title, code, path, icon, permission_code, sort, visible, created_at_ms, updated_at_ms) SELECT parent.id, '等级配置', 'app-user-level-config', '/app/users/level-config', 'military_tech', 'level-config:view', 63, TRUE, @now_ms, @now_ms FROM admin_menus parent WHERE parent.code = 'app-users' ON DUPLICATE KEY UPDATE parent_id = VALUES(parent_id), title = VALUES(title), path = VALUES(path), icon = VALUES(icon), permission_code = VALUES(permission_code), sort = VALUES(sort), visible = VALUES(visible), updated_at_ms = @now_ms; INSERT IGNORE INTO admin_role_permissions (role_id, permission_id) SELECT admin_role.id, admin_permission.id FROM admin_roles admin_role JOIN admin_permissions admin_permission WHERE admin_role.code = 'platform-admin' AND admin_permission.code IN ('level-config:view', 'level-config:update'); INSERT IGNORE INTO admin_role_permissions (role_id, permission_id) SELECT admin_role.id, admin_permission.id FROM admin_roles admin_role JOIN admin_permissions admin_permission WHERE admin_role.code = 'ops-admin' AND admin_permission.code IN ('level-config:view', 'level-config:update'); INSERT IGNORE INTO admin_role_permissions (role_id, permission_id) SELECT admin_role.id, admin_permission.id FROM admin_roles admin_role JOIN admin_permissions admin_permission WHERE admin_role.code IN ('auditor', 'readonly') AND admin_permission.code = 'level-config:view';