feat(flow): unify member-group-permission admin workflow and docs
This commit is contained in:
Chris
@@ -1,37 +1,52 @@
|
||||
# memberapi.ose.tw 後端架構(公司/品牌站台/會員)
|
||||
# memberapi.ose.tw 後端架構(公司/品牌站台/會員 + 系統/模組權限)
|
||||
|
||||
## 核心主檔(對齊 DB Schema)
|
||||
- `users`:會員
|
||||
- `companies`:公司
|
||||
- `sites`:品牌站台(隸屬 company)
|
||||
- `systems`:系統層(member/mkt/...)
|
||||
- `modules`:模組(使用 `system.module` key)
|
||||
## 資料層級
|
||||
- 業務層級:`companies -> sites -> users`
|
||||
- 功能層級:`systems -> modules`
|
||||
- 授權掛載點:
|
||||
- Scope:`company` 或 `site`
|
||||
- 能力:`system` 必填,`module` 選填(空值代表系統層)
|
||||
|
||||
## 權限模型
|
||||
- 直接權限:`user_scope_permissions`
|
||||
- 群組權限:`permission_groups` + `permission_group_members` + `permission_group_permissions`
|
||||
- Snapshot 回傳:合併「user 直接 + group」去重
|
||||
- 直接授權:`user_scope_permissions`
|
||||
- 群組授權:`permission_groups` + `permission_group_members` + `permission_group_permissions`
|
||||
- 權限快照:`/me/permissions/snapshot` 會合併「直接 + 群組」並去重
|
||||
|
||||
## 授權層級
|
||||
- `system` 必填
|
||||
- `module` 選填
|
||||
- 有值:`{system}.{module}`(例:`mkt.campaign`)
|
||||
- 無值:系統層權限,使用 `system.__system__`
|
||||
## 目前後端 API(管理面)
|
||||
- 主資料:
|
||||
- `GET|POST|PATCH /admin/systems`
|
||||
- `GET|POST|PATCH /admin/modules`
|
||||
- `GET|POST|PATCH /admin/companies`
|
||||
- `GET|POST|PATCH /admin/sites`
|
||||
- 會員:
|
||||
- `GET /admin/members`
|
||||
- `POST /admin/members/upsert`
|
||||
- `PATCH /admin/members/{authentik_sub}`
|
||||
- 會員群組(改由會員頁管理):
|
||||
- `GET /admin/members/{authentik_sub}/permission-groups`
|
||||
- `PUT /admin/members/{authentik_sub}/permission-groups`
|
||||
- 群組:
|
||||
- `GET|POST|PATCH /admin/permission-groups`
|
||||
- `GET /admin/permission-groups/{group_key}/permissions`
|
||||
- `POST /admin/permission-groups/{group_key}/permissions/grant`
|
||||
- `POST /admin/permission-groups/{group_key}/permissions/revoke`
|
||||
- 直接授權:
|
||||
- `POST /admin/permissions/grant`
|
||||
- `POST /admin/permissions/revoke`
|
||||
- `GET /admin/permissions/direct`
|
||||
- `DELETE /admin/permissions/direct/{permission_id}`
|
||||
|
||||
## 主要 API
|
||||
- `GET /me`
|
||||
- `GET /me/permissions/snapshot`
|
||||
- `POST /admin/permissions/grant|revoke`
|
||||
- `GET|POST /admin/systems`
|
||||
- `GET|POST /admin/modules`
|
||||
- `GET|POST /admin/companies`
|
||||
- `GET|POST /admin/sites`
|
||||
- `GET /admin/members`
|
||||
- `GET|POST /admin/permission-groups`
|
||||
- `POST|DELETE /admin/permission-groups/{group_key}/members/{authentik_sub}`
|
||||
- `POST /admin/permission-groups/{group_key}/permissions/grant|revoke`
|
||||
- `GET /internal/systems|modules|companies|sites|members`
|
||||
## 驗證與查詢 API
|
||||
- 使用者端:
|
||||
- `GET /me`
|
||||
- `GET /me/permissions/snapshot`
|
||||
- OIDC:
|
||||
- `GET /auth/oidc/url`
|
||||
- `POST /auth/oidc/exchange`
|
||||
- Internal(跨系統查詢):
|
||||
- `GET /internal/systems|modules|companies|sites|members`
|
||||
- `GET /internal/permissions/{authentik_sub}/snapshot`
|
||||
|
||||
## DB Migration
|
||||
- 初始化:`backend/scripts/init_schema.sql`
|
||||
- 舊庫補齊:`backend/scripts/migrate_align_company_site_member_system.sql`
|
||||
## DB 與初始化
|
||||
- 統一 schema:`backend/scripts/init_schema.sql`
|
||||
- schema 快照:`docs/DB_SCHEMA_SNAPSHOT.md`
|
||||
|
||||
Reference in New Issue
Block a user