member/member-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(members): split username/display_name, sync updates to authentik, add password reset API and refresh docs

Browse Source
This commit is contained in:
Chris
2026-03-30 22:15:41 +08:00
parent e1a6bbd844
commit ccb99683b8
22 changed files with 361 additions and 207 deletions
Download Patch File Download Diff File Expand all files Collapse all files

111
docs/DB_SCHEMA.md
View File

@@ -1,91 +1,42 @@
# DB Schema新架構
# DB Schema現行
## 1) 設計原則
- 權限以群組為中心,不使用會員直接細粒度授權流程
- `scope` 固定為 `site`
- `action` 只允許 `view``edit`(可同時存在)
- DB 真實執行來源:`backend/scripts/init_schema.sql`
## 真實來源
- `backend/scripts/init_schema.sql`
- 線上增量:`backend/scripts/migrate_add_users_username.sql`
## 2) 核心實體
- `companies`
- `id` (PK)
- `company_key` (UNIQUE)
- `name`, `status`, `created_at`, `updated_at`
- `sites`
- `id` (PK)
- `site_key` (UNIQUE)
- `company_id` (FK -> companies.id)
- `name`, `status`, `created_at`, `updated_at`
## 主要表
- `users`
- `id` (PK)
- `authentik_sub` (UNIQUE)
- `authentik_user_id`, `email` (UNIQUE), `display_name`, `is_active`
- `authentik_sub` UNIQUE
- `authentik_user_id` INTEGER
- `username` UNIQUE
- `email` UNIQUE
- `display_name`
- `is_active`, `status`, timestamps
- `companies`
- `sites``company_id -> companies.id`
- `systems`
- `id` (PK)
- `system_key` (UNIQUE)
- `name`, `status`
- `modules`
- `id` (PK)
- `module_key` (UNIQUE)
- `system_id` (FK -> systems.id)
- `name`, `status`
- `modules``system_key -> systems.system_key`
- `permission_groups`
- `id` (PK)
- `group_key` (UNIQUE)
- `name`, `status`
- `permission_group_members`group + authentik_sub
- `permission_group_permissions`group + site/system/module/action
- `user_scope_permissions`(相容保留)
- `api_clients`(保留給機器對機器用途)
## 3) 群組關聯(多對多)
- `permission_group_members`
- `group_id` (FK -> permission_groups.id)
- `user_id` (FK -> users.id)
- UNIQUE (`group_id`, `user_id`)
- `permission_group_sites`
- `group_id` (FK -> permission_groups.id)
- `site_id` (FK -> sites.id)
- UNIQUE (`group_id`, `site_id`)
- `permission_group_systems`
- `group_id` (FK -> permission_groups.id)
- `system_id` (FK -> systems.id)
- UNIQUE (`group_id`, `system_id`)
- `permission_group_modules`
- `group_id` (FK -> permission_groups.id)
- `module_id` (FK -> modules.id)
- UNIQUE (`group_id`, `module_id`)
- `permission_group_actions`
- `group_id` (FK -> permission_groups.id)
- `action` (`view` | `edit`)
- UNIQUE (`group_id`, `action`)
## 權限規則
- `scope_type='site'`
- `action in ('view','edit')`
## 4) 查詢預期
- 系統頁關聯:
- `permission_group_systems` 取群組
- `permission_group_members` 推導涉及會員
- 模組頁關聯:
-`permission_group_modules` 取群組
-`permission_group_members` 推導涉及會員
- 公司頁站台:
-`sites` by `company_id`
- 會員頁群組:
-`permission_group_members` by `user_id`
## 會員與 Authentik 對齊
- `users.authentik_sub` 對應 Authentik `uid`
- `users.username` 對應 Authentik `username`
- `users.display_name` 對應 Authentik `name`
## 5) 驗收查核(SQL
## 快速檢查 SQL
```sql
-- 1) 檢查主表是否存在
SELECT tablename
FROM pg_tables
WHERE schemaname = 'public'
AND tablename IN (
'companies','sites','users','systems','modules','permission_groups',
'permission_group_members','permission_group_sites',
'permission_group_systems','permission_group_modules','permission_group_actions'
)
ORDER BY tablename;
SELECT column_name, data_type
FROM information_schema.columns
WHERE table_name='users'
ORDER BY ordinal_position;
-- 2) 檢查 action 值域
SELECT DISTINCT action FROM permission_group_actions ORDER BY action;
-- 3) 檢查群組可同時有 view/edit
SELECT group_id, array_agg(action ORDER BY action) AS actions
FROM permission_group_actions
GROUP BY group_id;
SELECT COUNT(*) FROM users WHERE username IS NULL;
```