35 lines
1.9 KiB
SQL
35 lines
1.9 KiB
SQL
-- 奖池人工增减是资金高风险动作,使用独立按钮权限;迁移仅按唯一 code 连接小型 RBAC 元数据表,不扫描业务流水。
|
||
SET @now_ms = CAST(UNIX_TIMESTAMP(CURRENT_TIMESTAMP(3)) * 1000 AS UNSIGNED);
|
||
|
||
INSERT INTO admin_permissions (name, code, kind, description, created_at_ms, updated_at_ms) VALUES
|
||
('幸运礼物奖池注资', 'lucky-gift:pool-credit', 'button', '允许对指定策略奖池执行带幂等审计的人工注资', @now_ms, @now_ms),
|
||
('幸运礼物奖池扣资', 'lucky-gift:pool-debit', 'button', '允许在安全水位之上执行带幂等审计的人工扣资', @now_ms, @now_ms)
|
||
ON DUPLICATE KEY UPDATE
|
||
name = VALUES(name),
|
||
kind = VALUES(kind),
|
||
description = VALUES(description),
|
||
updated_at_ms = @now_ms;
|
||
|
||
-- 093 的岗位同步矩阵曾漏掉既有 lucky-gift:view/update;增量迁移按当前岗位边界补齐,避免下次同步再次丢失。
|
||
INSERT IGNORE INTO admin_role_permissions (role_id, permission_id)
|
||
SELECT role.id, permission.id
|
||
FROM admin_roles role
|
||
JOIN admin_permissions permission
|
||
WHERE role.code IN ('platform-admin', 'ops-admin', 'operations-specialist', 'product-lead', 'product-specialist')
|
||
AND permission.code = 'lucky-gift:view';
|
||
|
||
INSERT IGNORE INTO admin_role_permissions (role_id, permission_id)
|
||
SELECT role.id, permission.id
|
||
FROM admin_roles role
|
||
JOIN admin_permissions permission
|
||
WHERE role.code IN ('platform-admin', 'ops-admin', 'product-lead')
|
||
AND permission.code = 'lucky-gift:update';
|
||
|
||
-- 实际资金操作只授予超级管理员和运营负责人;查看/规则编辑权限不能隐式获得调账能力。
|
||
INSERT IGNORE INTO admin_role_permissions (role_id, permission_id)
|
||
SELECT role.id, permission.id
|
||
FROM admin_roles role
|
||
JOIN admin_permissions permission
|
||
WHERE role.code IN ('platform-admin', 'ops-admin')
|
||
AND permission.code IN ('lucky-gift:pool-credit', 'lucky-gift:pool-debit');
|