53 lines
1.8 KiB
Markdown
53 lines
1.8 KiB
Markdown
# memberapi.ose.tw 後端架構(公司/品牌站台/會員 + 系統/模組權限)
|
||
|
||
## 資料層級
|
||
- 業務層級:`companies -> sites -> users`
|
||
- 功能層級:`systems -> modules`
|
||
- 授權掛載點:
|
||
- Scope:`company` 或 `site`
|
||
- 能力:`system` 必填,`module` 選填(空值代表系統層)
|
||
|
||
## 權限模型
|
||
- 直接授權:`user_scope_permissions`
|
||
- 群組授權:`permission_groups` + `permission_group_members` + `permission_group_permissions`
|
||
- 權限快照:`/me/permissions/snapshot` 會合併「直接 + 群組」並去重
|
||
|
||
## 目前後端 API(管理面)
|
||
- 主資料:
|
||
- `GET|POST|PATCH /admin/systems`
|
||
- `GET|POST|PATCH /admin/modules`
|
||
- `GET|POST|PATCH /admin/companies`
|
||
- `GET|POST|PATCH /admin/sites`
|
||
- 會員:
|
||
- `GET /admin/members`
|
||
- `POST /admin/members/upsert`
|
||
- `PATCH /admin/members/{authentik_sub}`
|
||
- 會員群組(改由會員頁管理):
|
||
- `GET /admin/members/{authentik_sub}/permission-groups`
|
||
- `PUT /admin/members/{authentik_sub}/permission-groups`
|
||
- 群組:
|
||
- `GET|POST|PATCH /admin/permission-groups`
|
||
- `GET /admin/permission-groups/{group_key}/permissions`
|
||
- `POST /admin/permission-groups/{group_key}/permissions/grant`
|
||
- `POST /admin/permission-groups/{group_key}/permissions/revoke`
|
||
- 直接授權:
|
||
- `POST /admin/permissions/grant`
|
||
- `POST /admin/permissions/revoke`
|
||
- `GET /admin/permissions/direct`
|
||
- `DELETE /admin/permissions/direct/{permission_id}`
|
||
|
||
## 驗證與查詢 API
|
||
- 使用者端:
|
||
- `GET /me`
|
||
- `GET /me/permissions/snapshot`
|
||
- OIDC:
|
||
- `GET /auth/oidc/url`
|
||
- `POST /auth/oidc/exchange`
|
||
- Internal(跨系統查詢):
|
||
- `GET /internal/systems|modules|companies|sites|members`
|
||
- `GET /internal/permissions/{authentik_sub}/snapshot`
|
||
|
||
## DB 與初始化
|
||
- 統一 schema:`backend/scripts/init_schema.sql`
|
||
- schema 快照:`docs/DB_SCHEMA_SNAPSHOT.md`
|