member/member-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f884f1043df93cbfbe74932c502eeb360986d977
member-platform/docs/BACKEND_ARCHITECTURE.md

1.8 KiB
Raw Blame History

memberapi.ose.tw 後端架構(公司/品牌站台/會員 + 系統/模組權限)

資料層級

  • 業務層級:companies -> sites -> users
  • 功能層級:systems -> modules
  • 授權掛載點:
    • Scopecompanysite
    • 能力:system 必填,module 選填(空值代表系統層)

權限模型

  • 直接授權:user_scope_permissions
  • 群組授權:permission_groups + permission_group_members + permission_group_permissions
  • 權限快照:/me/permissions/snapshot 會合併「直接 + 群組」並去重

目前後端 API管理面

  • 主資料:
    • GET|POST|PATCH /admin/systems
    • GET|POST|PATCH /admin/modules
    • GET|POST|PATCH /admin/companies
    • GET|POST|PATCH /admin/sites
  • 會員:
    • GET /admin/members
    • POST /admin/members/upsert
    • PATCH /admin/members/{authentik_sub}
  • 會員群組(改由會員頁管理):
    • GET /admin/members/{authentik_sub}/permission-groups
    • PUT /admin/members/{authentik_sub}/permission-groups
  • 群組:
    • GET|POST|PATCH /admin/permission-groups
    • GET /admin/permission-groups/{group_key}/permissions
    • POST /admin/permission-groups/{group_key}/permissions/grant
    • POST /admin/permission-groups/{group_key}/permissions/revoke
  • 直接授權:
    • POST /admin/permissions/grant
    • POST /admin/permissions/revoke
    • GET /admin/permissions/direct
    • DELETE /admin/permissions/direct/{permission_id}

驗證與查詢 API

  • 使用者端:
    • GET /me
    • GET /me/permissions/snapshot
  • OIDC
    • GET /auth/oidc/url
    • POST /auth/oidc/exchange
  • Internal跨系統查詢
    • GET /internal/systems|modules|companies|sites|members
    • GET /internal/permissions/{authentik_sub}/snapshot

DB 與初始化

  • 統一 schemabackend/scripts/init_schema.sql
  • schema 快照:docs/DB_SCHEMA_SNAPSHOT.md
Reference in New Issue View Git Blame Copy Permalink