251208:1625 Frontend: to be complete admin panel, Backend: tobe recheck all task
This commit is contained in:
admin
@@ -16,12 +16,12 @@ FOREIGN KEYS (FK),
|
||||
| id | INT | PRIMARY KEY,
|
||||
AUTO_INCREMENT | UNIQUE identifier FOR organization role | | role_name | VARCHAR(20) | NOT NULL,
|
||||
UNIQUE | Role name (
|
||||
OWNER,
|
||||
DESIGNER,
|
||||
CONSULTANT,
|
||||
CONTRACTOR,
|
||||
THIRD PARTY
|
||||
) | ** INDEXES **: - PRIMARY KEY (id) - UNIQUE (role_name) ** Business Rules **: - Predefined system roles FOR organization TYPES - Cannot be deleted IF referenced by organizations ---
|
||||
) |
|
||||
| created_at | TIMESTAMP | DEFAULT CURRENT_TIMESTAMP | Record creation timestamp |
|
||||
| updated_at | TIMESTAMP | DEFAULT CURRENT_TIMESTAMP ON UPDATE | Last update timestamp |
|
||||
| deleted_at | DATETIME | NULL | Soft delete timestamp | ** INDEXES **: - PRIMARY KEY (id) - UNIQUE (role_name) ** Business Rules **: - Predefined system roles FOR organization TYPES - Cannot be deleted IF referenced by organizations ---
|
||||
|
||||
### 1.2 organizations
|
||||
|
||||
@@ -29,7 +29,8 @@ UNIQUE | Role name (
|
||||
| id | INT | PRIMARY KEY,
|
||||
AUTO_INCREMENT | UNIQUE identifier FOR organization | | organization_code | VARCHAR(20) | NOT NULL,
|
||||
UNIQUE | Organization code (e.g., 'กทท.', 'TEAM') | | organization_name | VARCHAR(255) | NOT NULL | FULL organization name | | is_active | BOOLEAN | DEFAULT TRUE | Active STATUS (1 = active, 0 = inactive) | | created_at | TIMESTAMP | DEFAULT CURRENT_TIMESTAMP | Record creation timestamp | | updated_at | TIMESTAMP | DEFAULT CURRENT_TIMESTAMP ON UPDATE | Last
|
||||
UPDATE timestamp | ** INDEXES **: - PRIMARY KEY (id) - UNIQUE (organization_code) - INDEX (is_active) ** Relationships **: - Referenced by: users,
|
||||
UPDATE timestamp |
|
||||
| deleted_at | DATETIME | NULL | Soft delete timestamp | ** INDEXES **: - PRIMARY KEY (id) - UNIQUE (organization_code) - INDEX (is_active) ** Relationships **: - Referenced by: users,
|
||||
project_organizations,
|
||||
contract_organizations,
|
||||
correspondences,
|
||||
@@ -40,7 +41,11 @@ UPDATE timestamp | ** INDEXES **: - PRIMARY KEY (id) - UNIQUE (organization_code
|
||||
* * Purpose **: MASTER TABLE FOR ALL projects IN the system | COLUMN Name | Data TYPE | Constraints | Description | | ------------ | ------------ | --------------------------- | ----------------------------- |
|
||||
| id | INT | PRIMARY KEY,
|
||||
AUTO_INCREMENT | UNIQUE identifier FOR project | | project_code | VARCHAR(50) | NOT NULL,
|
||||
UNIQUE | Project code (e.g., 'LCBP3') | | project_name | VARCHAR(255) | NOT NULL | FULL project name | | is_active | TINYINT(1) | DEFAULT 1 | Active STATUS | ** INDEXES **: - PRIMARY KEY (id) - UNIQUE (project_code) - INDEX (is_active) ** Relationships **: - Referenced by: contracts,
|
||||
UNIQUE | Project code (e.g., 'LCBP3') | | project_name | VARCHAR(255) | NOT NULL | FULL project name | | is_active | TINYINT(1) | DEFAULT 1 | Active STATUS |
|
||||
| created_at | TIMESTAMP | DEFAULT CURRENT_TIMESTAMP | Record creation timestamp |
|
||||
| updated_at | TIMESTAMP | DEFAULT CURRENT_TIMESTAMP ON UPDATE | Last update timestamp |
|
||||
| deleted_at | DATETIME | NULL | Soft delete timestamp |
|
||||
** INDEXES **: - PRIMARY KEY (id) - UNIQUE (project_code) - INDEX (is_active) ** Relationships **: - Referenced by: contracts,
|
||||
correspondences,
|
||||
document_number_formats,
|
||||
drawings ---
|
||||
@@ -53,7 +58,8 @@ UPDATE timestamp | ** INDEXES **: - PRIMARY KEY (id) - UNIQUE (organization_code
|
||||
FK | Reference TO projects TABLE | | contract_code | VARCHAR(50) | NOT NULL,
|
||||
UNIQUE | Contract code | | contract_name | VARCHAR(255) | NOT NULL | FULL contract name | | description | TEXT | NULL | Contract description | | start_date | DATE | NULL | Contract START date | | end_date | DATE | NULL | Contract
|
||||
END date | | is_active | BOOLEAN | DEFAULT TRUE | Active STATUS | | created_at | TIMESTAMP | DEFAULT CURRENT_TIMESTAMP | Record creation timestamp | | updated_at | TIMESTAMP | DEFAULT CURRENT_TIMESTAMP ON UPDATE | Last
|
||||
UPDATE timestamp | ** INDEXES **: - PRIMARY KEY (id) - UNIQUE (contract_code) - FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE - INDEX (project_id, is_active) ** Relationships **: - Parent: projects - Referenced by: contract_organizations,
|
||||
UPDATE timestamp |
|
||||
| deleted_at | DATETIME | NULL | Soft delete timestamp | ** INDEXES **: - PRIMARY KEY (id) - UNIQUE (contract_code) - FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE - INDEX (project_id, is_active) ** Relationships **: - Parent: projects - Referenced by: contract_organizations,
|
||||
user_assignments ---
|
||||
|
||||
### 1.5 disciplines (NEW v1.5.1)
|
||||
@@ -87,7 +93,11 @@ SET NULL - INDEX (is_active) - INDEX (email) ** Relationships **: - Parent: orga
|
||||
AUTO_INCREMENT | UNIQUE identifier FOR role | | role_name | VARCHAR(100) | NOT NULL | Role name (e.g., 'Superadmin', 'Document Control') | | scope | ENUM | NOT NULL | Scope LEVEL: GLOBAL,
|
||||
Organization,
|
||||
Project,
|
||||
Contract | | description | TEXT | NULL | Role description | | is_system | BOOLEAN | DEFAULT FALSE | System role flag (cannot be deleted) | ** INDEXES **: - PRIMARY KEY (role_id) - INDEX (scope) ** Relationships **: - Referenced by: role_permissions,
|
||||
Contract | | description | TEXT | NULL | Role description | | is_system | BOOLEAN | DEFAULT FALSE | System role flag (cannot be deleted) |
|
||||
| created_at | TIMESTAMP | DEFAULT CURRENT_TIMESTAMP | Record creation timestamp |
|
||||
| updated_at | TIMESTAMP | DEFAULT CURRENT_TIMESTAMP ON UPDATE | Last update timestamp |
|
||||
| deleted_at | DATETIME | NULL | Soft delete timestamp |
|
||||
** INDEXES **: - PRIMARY KEY (role_id) - INDEX (scope) ** Relationships **: - Referenced by: role_permissions,
|
||||
user_assignments ---
|
||||
|
||||
### 2.3 permissions
|
||||
@@ -97,7 +107,11 @@ SET NULL - INDEX (is_active) - INDEX (email) ** Relationships **: - Parent: orga
|
||||
AUTO_INCREMENT | UNIQUE identifier FOR permission | | permission_name | VARCHAR(100) | NOT NULL,
|
||||
UNIQUE | Permission code (e.g., 'rfas.create', 'document.view') | | description | TEXT | NULL | Permission description | | module | VARCHAR(50) | NULL | Related module name | | scope_level | ENUM | NULL | Scope: GLOBAL,
|
||||
ORG,
|
||||
PROJECT | | is_active | TINYINT(1) | DEFAULT 1 | Active STATUS | ** INDEXES **: - PRIMARY KEY (permission_id) - UNIQUE (permission_name) - INDEX (module) - INDEX (scope_level) - INDEX (is_active) ** Relationships **: - Referenced by: role_permissions ---
|
||||
PROJECT | | is_active | TINYINT(1) | DEFAULT 1 | Active STATUS |
|
||||
| created_at | TIMESTAMP | DEFAULT CURRENT_TIMESTAMP | Record creation timestamp |
|
||||
| updated_at | TIMESTAMP | DEFAULT CURRENT_TIMESTAMP ON UPDATE | Last update timestamp |
|
||||
| deleted_at | DATETIME | NULL | Soft delete timestamp |
|
||||
** INDEXES **: - PRIMARY KEY (permission_id) - UNIQUE (permission_name) - INDEX (module) - INDEX (scope_level) - INDEX (is_active) ** Relationships **: - Referenced by: role_permissions ---
|
||||
|
||||
### 2.4 role_permissions
|
||||
|
||||
@@ -205,6 +219,9 @@ SET NULL - INDEX (is_active) - INDEX (email) ** Relationships **: - Parent: orga
|
||||
| type_name | VARCHAR(255) | NOT NULL | Full type name |
|
||||
| sort_order | INT | DEFAULT 0 | Display order |
|
||||
| is_active | TINYINT(1) | DEFAULT 1 | Active status |
|
||||
| created_at | TIMESTAMP | DEFAULT CURRENT_TIMESTAMP | Record creation timestamp |
|
||||
| updated_at | TIMESTAMP | DEFAULT CURRENT_TIMESTAMP | Last update timestamp |
|
||||
| deleted_at | DATETIME | NULL | Soft delete timestamp |
|
||||
|
||||
**Indexes**:
|
||||
|
||||
|
||||
@@ -204,7 +204,10 @@ DROP TABLE IF EXISTS organizations;
|
||||
-- ตาราง Master เก็บประเภทบทบาทขององค์กร
|
||||
CREATE TABLE organization_roles (
|
||||
id INT PRIMARY KEY AUTO_INCREMENT COMMENT 'ID ของตาราง',
|
||||
role_name VARCHAR(20) NOT NULL UNIQUE COMMENT 'ชื่อบทบาท (OWNER, DESIGNER, CONSULTANT, CONTRACTOR, THIRD PARTY)'
|
||||
role_name VARCHAR(20) NOT NULL UNIQUE COMMENT 'ชื่อบทบาท (OWNER, DESIGNER, CONSULTANT, CONTRACTOR, THIRD PARTY)',
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP COMMENT 'วันที่สร้าง',
|
||||
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT 'วันที่แก้ไขล่าสุด',
|
||||
deleted_at DATETIME NULL COMMENT 'วันที่ลบ (Soft Delete)'
|
||||
) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4 COLLATE = utf8mb4_general_ci COMMENT = 'ตาราง Master เก็บประเภทบทบาทขององค์กร';
|
||||
|
||||
-- ตาราง Master เก็บข้อมูลองค์กรทั้งหมดที่เกี่ยวข้องในระบบ
|
||||
@@ -216,6 +219,7 @@ CREATE TABLE organizations (
|
||||
is_active BOOLEAN DEFAULT TRUE COMMENT 'สถานะการใช้งาน',
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP COMMENT 'วันที่สร้าง',
|
||||
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT 'วันที่แก้ไขล่าสุด',
|
||||
deleted_at DATETIME NULL COMMENT 'วันที่ลบ (Soft Delete)',
|
||||
FOREIGN KEY (role_id) REFERENCES organization_roles (id) ON DELETE
|
||||
SET NULL
|
||||
) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4 COLLATE = utf8mb4_general_ci COMMENT = 'ตาราง Master เก็บข้อมูลองค์กรทั้งหมดที่เกี่ยวข้องในระบบ';
|
||||
@@ -227,8 +231,12 @@ CREATE TABLE projects (
|
||||
project_name VARCHAR(255) NOT NULL COMMENT 'ชื่อโครงการ',
|
||||
-- parent_project_id INT COMMENT 'รหัสโครงการหลัก (ถ้ามี)',
|
||||
-- contractor_organization_id INT COMMENT 'รหัสองค์กรผู้รับเหมา (ถ้ามี)',
|
||||
is_active TINYINT(1) DEFAULT 1 COMMENT 'สถานะการใช้งาน' -- FOREIGN KEY (parent_project_id) REFERENCES projects(id) ON DELETE SET NULL,
|
||||
is_active TINYINT(1) DEFAULT 1 COMMENT 'สถานะการใช้งาน',
|
||||
-- FOREIGN KEY (parent_project_id) REFERENCES projects(id) ON DELETE SET NULL,
|
||||
-- FOREIGN KEY (contractor_organization_id) REFERENCES organizations(id) ON DELETE SET NULL
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP COMMENT 'วันที่สร้าง',
|
||||
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT 'วันที่แก้ไขล่าสุด',
|
||||
deleted_at DATETIME NULL COMMENT 'วันที่ลบ (Soft Delete)'
|
||||
) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4 COLLATE = utf8mb4_general_ci COMMENT = 'ตาราง Master เก็บข้อมูลโครงการ';
|
||||
|
||||
-- ตาราง Master เก็บข้อมูลสัญญา
|
||||
@@ -243,6 +251,7 @@ CREATE TABLE contracts (
|
||||
is_active BOOLEAN DEFAULT TRUE,
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP COMMENT 'วันที่สร้าง',
|
||||
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT 'วันที่แก้ไขล่าสุด',
|
||||
deleted_at DATETIME NULL COMMENT 'วันที่ลบ (Soft Delete)',
|
||||
FOREIGN KEY (project_id) REFERENCES projects (id) ON DELETE CASCADE
|
||||
) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4 COLLATE = utf8mb4_general_ci COMMENT = 'ตาราง Master เก็บข้อมูลสัญญา';
|
||||
|
||||
@@ -295,7 +304,10 @@ CREATE TABLE roles (
|
||||
) NOT NULL,
|
||||
-- ขอบเขตของบทบาท (จากข้อ 4.3)
|
||||
description TEXT COMMENT 'คำอธิบายบทบาท',
|
||||
is_system BOOLEAN DEFAULT FALSE COMMENT '(1 = บทบาทของระบบ ลบไม่ได้)'
|
||||
is_system BOOLEAN DEFAULT FALSE COMMENT '(1 = บทบาทของระบบ ลบไม่ได้)',
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP COMMENT 'วันที่สร้าง',
|
||||
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT 'วันที่แก้ไขล่าสุด',
|
||||
deleted_at DATETIME NULL COMMENT 'วันที่ลบ (Soft Delete)'
|
||||
) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4 COLLATE = utf8mb4_general_ci COMMENT = 'ตาราง Master เก็บ "บทบาท" ของผู้ใช้ในระบบ';
|
||||
|
||||
-- ตาราง Master เก็บ "สิทธิ์" (Permission) หรือ "การกระทำ" ทั้งหมดในระบบ
|
||||
@@ -305,7 +317,10 @@ CREATE TABLE permissions (
|
||||
description TEXT COMMENT 'คำอธิบายสิทธิ์',
|
||||
module VARCHAR(50) COMMENT 'โมดูลที่เกี่ยวข้อง',
|
||||
scope_level ENUM('GLOBAL', 'ORG', 'PROJECT') COMMENT 'ระดับขอบเขตของสิทธิ์',
|
||||
is_active TINYINT(1) DEFAULT 1 COMMENT 'สถานะการใช้งาน'
|
||||
is_active TINYINT(1) DEFAULT 1 COMMENT 'สถานะการใช้งาน',
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP COMMENT 'วันที่สร้าง',
|
||||
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT 'วันที่แก้ไขล่าสุด',
|
||||
deleted_at DATETIME NULL COMMENT 'วันที่ลบ (Soft Delete)'
|
||||
) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4 COLLATE = utf8mb4_general_ci COMMENT = 'ตาราง Master เก็บ "สิทธิ์" (Permission) หรือ "การกระทำ" ทั้งหมดในระบบ';
|
||||
|
||||
-- ตารางเชื่อมระหว่าง roles และ permissions (M:N)
|
||||
@@ -388,7 +403,10 @@ CREATE TABLE correspondence_types (
|
||||
type_code VARCHAR(50) NOT NULL UNIQUE COMMENT 'รหัสประเภท (เช่น RFA, RFI)',
|
||||
type_name VARCHAR(255) NOT NULL COMMENT 'ชื่อประเภท',
|
||||
sort_order INT DEFAULT 0 COMMENT 'ลำดับการแสดงผล',
|
||||
is_active TINYINT(1) DEFAULT 1 COMMENT 'สถานะการใช้งาน '
|
||||
is_active TINYINT(1) DEFAULT 1 COMMENT 'สถานะการใช้งาน ',
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP COMMENT 'วันที่สร้าง',
|
||||
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT 'วันที่แก้ไขล่าสุด',
|
||||
deleted_at DATETIME NULL COMMENT 'วันที่ลบ (Soft Delete)'
|
||||
) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4 COLLATE = utf8mb4_general_ci COMMENT = 'ตาราง Master เก็บประเภทเอกสารโต้ตอบ';
|
||||
|
||||
-- ตาราง Master เก็บสถานะของเอกสาร
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
1067
specs/07-database/permissions-seed-data.sql
Normal file
1067
specs/07-database/permissions-seed-data.sql
Normal file
File diff suppressed because it is too large
Load Diff
276
specs/07-database/permissions-verification.sql
Normal file
276
specs/07-database/permissions-verification.sql
Normal file
@@ -0,0 +1,276 @@
|
||||
-- ==========================================================
|
||||
-- Permission System Verification Queries
|
||||
-- File: specs/07-database/permissions-verification.sql
|
||||
-- Purpose: Verify permissions setup after seed data deployment
|
||||
-- ==========================================================
|
||||
-- ==========================================================
|
||||
-- 1. COUNT PERMISSIONS PER CATEGORY
|
||||
-- ==========================================================
|
||||
SELECT CASE
|
||||
WHEN permission_id BETWEEN 1 AND 10 THEN '001-010: System & Global'
|
||||
WHEN permission_id BETWEEN 11 AND 20 THEN '011-020: Organization Management'
|
||||
WHEN permission_id BETWEEN 21 AND 40 THEN '021-040: User & Role Management'
|
||||
WHEN permission_id BETWEEN 41 AND 50 THEN '041-050: Master Data Management'
|
||||
WHEN permission_id BETWEEN 51 AND 70 THEN '051-070: Document Management (Generic)'
|
||||
WHEN permission_id BETWEEN 71 AND 80 THEN '071-080: Correspondence Module'
|
||||
WHEN permission_id BETWEEN 81 AND 90 THEN '081-090: RFA Module'
|
||||
WHEN permission_id BETWEEN 91 AND 100 THEN '091-100: Drawing Module'
|
||||
WHEN permission_id BETWEEN 101 AND 110 THEN '101-110: Circulation Module'
|
||||
WHEN permission_id BETWEEN 111 AND 120 THEN '111-120: Transmittal Module'
|
||||
WHEN permission_id BETWEEN 121 AND 130 THEN '121-130: Workflow Engine'
|
||||
WHEN permission_id BETWEEN 131 AND 140 THEN '131-140: Document Numbering'
|
||||
WHEN permission_id BETWEEN 141 AND 150 THEN '141-150: Search & Reporting'
|
||||
WHEN permission_id BETWEEN 151 AND 160 THEN '151-160: Notification & Dashboard'
|
||||
WHEN permission_id BETWEEN 161 AND 170 THEN '161-170: JSON Schema Management'
|
||||
WHEN permission_id BETWEEN 171 AND 180 THEN '171-180: Monitoring & Admin Tools'
|
||||
WHEN permission_id BETWEEN 201 AND 220 THEN '201-220: Project & Contract Management'
|
||||
ELSE 'Unknown Range'
|
||||
END AS category_range,
|
||||
COUNT(*) AS permission_count
|
||||
FROM permissions
|
||||
GROUP BY CASE
|
||||
WHEN permission_id BETWEEN 1 AND 10 THEN '001-010: System & Global'
|
||||
WHEN permission_id BETWEEN 11 AND 20 THEN '011-020: Organization Management'
|
||||
WHEN permission_id BETWEEN 21 AND 40 THEN '021-040: User & Role Management'
|
||||
WHEN permission_id BETWEEN 41 AND 50 THEN '041-050: Master Data Management'
|
||||
WHEN permission_id BETWEEN 51 AND 70 THEN '051-070: Document Management (Generic)'
|
||||
WHEN permission_id BETWEEN 71 AND 80 THEN '071-080: Correspondence Module'
|
||||
WHEN permission_id BETWEEN 81 AND 90 THEN '081-090: RFA Module'
|
||||
WHEN permission_id BETWEEN 91 AND 100 THEN '091-100: Drawing Module'
|
||||
WHEN permission_id BETWEEN 101 AND 110 THEN '101-110: Circulation Module'
|
||||
WHEN permission_id BETWEEN 111 AND 120 THEN '111-120: Transmittal Module'
|
||||
WHEN permission_id BETWEEN 121 AND 130 THEN '121-130: Workflow Engine'
|
||||
WHEN permission_id BETWEEN 131 AND 140 THEN '131-140: Document Numbering'
|
||||
WHEN permission_id BETWEEN 141 AND 150 THEN '141-150: Search & Reporting'
|
||||
WHEN permission_id BETWEEN 151 AND 160 THEN '151-160: Notification & Dashboard'
|
||||
WHEN permission_id BETWEEN 161 AND 170 THEN '161-170: JSON Schema Management'
|
||||
WHEN permission_id BETWEEN 171 AND 180 THEN '171-180: Monitoring & Admin Tools'
|
||||
WHEN permission_id BETWEEN 201 AND 220 THEN '201-220: Project & Contract Management'
|
||||
ELSE 'Unknown Range'
|
||||
END
|
||||
ORDER BY MIN(permission_id);
|
||||
|
||||
-- ==========================================================
|
||||
-- 2. COUNT PERMISSIONS PER ROLE
|
||||
-- ==========================================================
|
||||
SELECT r.role_id,
|
||||
r.role_name,
|
||||
r.scope,
|
||||
COUNT(rp.permission_id) AS permission_count
|
||||
FROM roles r
|
||||
LEFT JOIN role_permissions rp ON r.role_id = rp.role_id
|
||||
GROUP BY r.role_id,
|
||||
r.role_name,
|
||||
r.scope
|
||||
ORDER BY r.role_id;
|
||||
|
||||
-- ==========================================================
|
||||
-- 3. CHECK TOTAL PERMISSION COUNT
|
||||
-- ==========================================================
|
||||
SELECT 'Total Permissions' AS metric,
|
||||
COUNT(*) AS COUNT
|
||||
FROM permissions
|
||||
UNION ALL
|
||||
SELECT 'Active Permissions',
|
||||
COUNT(*)
|
||||
FROM permissions
|
||||
WHERE is_active = 1;
|
||||
|
||||
-- ==========================================================
|
||||
-- 4. CHECK FOR MISSING PERMISSIONS (Used in Code but Not in DB)
|
||||
-- ==========================================================
|
||||
-- List of permissions actually used in controllers
|
||||
WITH code_permissions AS (
|
||||
SELECT 'system.manage_all' AS permission_name
|
||||
UNION
|
||||
SELECT 'system.impersonate'
|
||||
UNION
|
||||
SELECT 'organization.view'
|
||||
UNION
|
||||
SELECT 'organization.create'
|
||||
UNION
|
||||
SELECT 'user.create'
|
||||
UNION
|
||||
SELECT 'user.view'
|
||||
UNION
|
||||
SELECT 'user.edit'
|
||||
UNION
|
||||
SELECT 'user.delete'
|
||||
UNION
|
||||
SELECT 'user.manage_assignments'
|
||||
UNION
|
||||
SELECT 'role.assign_permissions'
|
||||
UNION
|
||||
SELECT 'project.create'
|
||||
UNION
|
||||
SELECT 'project.view'
|
||||
UNION
|
||||
SELECT 'project.edit'
|
||||
UNION
|
||||
SELECT 'project.delete'
|
||||
UNION
|
||||
SELECT 'contract.create'
|
||||
UNION
|
||||
SELECT 'contract.view'
|
||||
UNION
|
||||
SELECT 'contract.edit'
|
||||
UNION
|
||||
SELECT 'contract.delete'
|
||||
UNION
|
||||
SELECT 'master_data.view'
|
||||
UNION
|
||||
SELECT 'master_data.manage'
|
||||
UNION
|
||||
SELECT 'master_data.drawing_category.manage'
|
||||
UNION
|
||||
SELECT 'master_data.tag.manage'
|
||||
UNION
|
||||
SELECT 'document.view'
|
||||
UNION
|
||||
SELECT 'document.create'
|
||||
UNION
|
||||
SELECT 'document.edit'
|
||||
UNION
|
||||
SELECT 'document.delete'
|
||||
UNION
|
||||
SELECT 'correspondence.create'
|
||||
UNION
|
||||
SELECT 'rfa.create'
|
||||
UNION
|
||||
SELECT 'drawing.create'
|
||||
UNION
|
||||
SELECT 'drawing.view'
|
||||
UNION
|
||||
SELECT 'circulation.create'
|
||||
UNION
|
||||
SELECT 'circulation.respond'
|
||||
UNION
|
||||
SELECT 'workflow.action_review'
|
||||
UNION
|
||||
SELECT 'workflow.manage_definitions'
|
||||
UNION
|
||||
SELECT 'search.advanced'
|
||||
UNION
|
||||
SELECT 'json_schema.view'
|
||||
UNION
|
||||
SELECT 'json_schema.manage'
|
||||
UNION
|
||||
SELECT 'monitoring.manage_maintenance'
|
||||
)
|
||||
SELECT cp.permission_name,
|
||||
CASE
|
||||
WHEN p.permission_id IS NULL THEN '❌ MISSING'
|
||||
ELSE '✅ EXISTS'
|
||||
END AS STATUS,
|
||||
p.permission_id
|
||||
FROM code_permissions cp
|
||||
LEFT JOIN permissions p ON cp.permission_name = p.permission_name
|
||||
ORDER BY STATUS DESC,
|
||||
cp.permission_name;
|
||||
|
||||
-- ==========================================================
|
||||
-- 5. LIST PERMISSIONS FOR EACH ROLE
|
||||
-- ==========================================================
|
||||
SELECT r.role_name,
|
||||
r.scope,
|
||||
GROUP_CONCAT(
|
||||
p.permission_name
|
||||
ORDER BY p.permission_id SEPARATOR ', '
|
||||
) AS permissions
|
||||
FROM roles r
|
||||
LEFT JOIN role_permissions rp ON r.role_id = rp.role_id
|
||||
LEFT JOIN permissions p ON rp.permission_id = p.permission_id
|
||||
GROUP BY r.role_id,
|
||||
r.role_name,
|
||||
r.scope
|
||||
ORDER BY r.role_id;
|
||||
|
||||
-- ==========================================================
|
||||
-- 6. CHECK SUPERADMIN HAS ALL PERMISSIONS
|
||||
-- ==========================================================
|
||||
SELECT 'Superadmin Permission Coverage' AS metric,
|
||||
CONCAT(
|
||||
COUNT(DISTINCT rp.permission_id),
|
||||
' / ',
|
||||
(
|
||||
SELECT COUNT(*)
|
||||
FROM permissions
|
||||
WHERE is_active = 1
|
||||
),
|
||||
' (',
|
||||
ROUND(
|
||||
COUNT(DISTINCT rp.permission_id) * 100.0 / (
|
||||
SELECT COUNT(*)
|
||||
FROM permissions
|
||||
WHERE is_active = 1
|
||||
),
|
||||
1
|
||||
),
|
||||
'%)'
|
||||
) AS coverage
|
||||
FROM role_permissions rp
|
||||
WHERE rp.role_id = 1;
|
||||
|
||||
-- Superadmin
|
||||
-- ==========================================================
|
||||
-- 7. CHECK FOR DUPLICATE PERMISSIONS
|
||||
-- ==========================================================
|
||||
SELECT permission_name,
|
||||
COUNT(*) AS duplicate_count
|
||||
FROM permissions
|
||||
GROUP BY permission_name
|
||||
HAVING COUNT(*) > 1;
|
||||
|
||||
-- ==========================================================
|
||||
-- 8. CHECK PERMISSIONS WITHOUT ROLE ASSIGNMENTS
|
||||
-- ==========================================================
|
||||
SELECT p.permission_id,
|
||||
p.permission_name,
|
||||
p.description
|
||||
FROM permissions p
|
||||
LEFT JOIN role_permissions rp ON p.permission_id = rp.permission_id
|
||||
WHERE rp.permission_id IS NULL
|
||||
AND p.is_active = 1
|
||||
ORDER BY p.permission_id;
|
||||
|
||||
-- ==========================================================
|
||||
-- 9. CHECK USER PERMISSION VIEW (v_user_all_permissions)
|
||||
-- ==========================================================
|
||||
-- Test with user_id = 1 (Superadmin)
|
||||
SELECT 'User 1 (Superadmin) Permissions' AS metric,
|
||||
COUNT(*) AS permission_count
|
||||
FROM v_user_all_permissions
|
||||
WHERE user_id = 1;
|
||||
|
||||
-- List first 10 permissions for user 1
|
||||
SELECT user_id,
|
||||
permission_name
|
||||
FROM v_user_all_permissions
|
||||
WHERE user_id = 1
|
||||
ORDER BY permission_name
|
||||
LIMIT 10;
|
||||
|
||||
-- ==========================================================
|
||||
-- 10. CHECK SPECIFIC CRITICAL PERMISSIONS
|
||||
-- ==========================================================
|
||||
SELECT permission_name,
|
||||
permission_id,
|
||||
CASE
|
||||
WHEN permission_id IS NOT NULL THEN '✅ Exists'
|
||||
ELSE '❌ Missing'
|
||||
END AS STATUS
|
||||
FROM (
|
||||
SELECT 'system.manage_all' AS permission_name
|
||||
UNION
|
||||
SELECT 'document.view'
|
||||
UNION
|
||||
SELECT 'user.create'
|
||||
UNION
|
||||
SELECT 'master_data.manage'
|
||||
UNION
|
||||
SELECT 'drawing.view'
|
||||
UNION
|
||||
SELECT 'workflow.action_review'
|
||||
) required_perms
|
||||
LEFT JOIN permissions p USING (permission_name)
|
||||
ORDER BY permission_name;
|
||||
Reference in New Issue
Block a user