103 lines
2.8 KiB
SQL
103 lines
2.8 KiB
SQL
-- Фаза 1B: RBAC (Role-Based Access Control) (КРИТИЧНО)
|
|
-- Запросы для управления ролями и правами доступа
|
|
|
|
-- ============================================================================
|
|
-- Роли
|
|
-- ============================================================================
|
|
|
|
-- name: GetRoleByName :one
|
|
SELECT * FROM roles
|
|
WHERE name = $1;
|
|
|
|
-- name: GetRoleByID :one
|
|
SELECT * FROM roles
|
|
WHERE id = $1;
|
|
|
|
-- name: ListAllRoles :many
|
|
SELECT * FROM roles
|
|
ORDER BY name;
|
|
|
|
-- ============================================================================
|
|
-- Пользовательские роли
|
|
-- ============================================================================
|
|
|
|
-- name: GetUserRoles :many
|
|
SELECT r.* FROM roles r
|
|
JOIN user_roles ur ON ur.role_id = r.id
|
|
WHERE ur.user_id = $1
|
|
ORDER BY r.name;
|
|
|
|
-- name: AssignRoleToUser :one
|
|
INSERT INTO user_roles (user_id, role_id, assigned_by)
|
|
VALUES ($1, $2, $3)
|
|
ON CONFLICT (user_id, role_id) DO NOTHING
|
|
RETURNING *;
|
|
|
|
-- name: RemoveRoleFromUser :exec
|
|
DELETE FROM user_roles
|
|
WHERE user_id = $1 AND role_id = $2;
|
|
|
|
-- name: UserHasRole :one
|
|
SELECT EXISTS(
|
|
SELECT 1 FROM user_roles
|
|
WHERE user_id = $1 AND role_id = $2
|
|
);
|
|
|
|
-- name: UserHasRoleByName :one
|
|
SELECT EXISTS(
|
|
SELECT 1 FROM user_roles ur
|
|
JOIN roles r ON r.id = ur.role_id
|
|
WHERE ur.user_id = $1 AND r.name = $2
|
|
);
|
|
|
|
-- ============================================================================
|
|
-- Права доступа
|
|
-- ============================================================================
|
|
|
|
-- name: GetUserPermissions :many
|
|
SELECT DISTINCT p.name, p.resource, p.action, p.description
|
|
FROM users u
|
|
JOIN user_roles ur ON ur.user_id = u.id
|
|
JOIN role_permissions rp ON rp.role_id = ur.role_id
|
|
JOIN permissions p ON p.id = rp.permission_id
|
|
WHERE u.id = $1
|
|
AND u.deleted_at IS NULL
|
|
AND u.is_blocked = FALSE
|
|
ORDER BY p.resource, p.action;
|
|
|
|
-- name: GetPermissionByName :one
|
|
SELECT * FROM permissions
|
|
WHERE name = $1;
|
|
|
|
-- name: ListPermissionsByRole :many
|
|
SELECT p.* FROM permissions p
|
|
JOIN role_permissions rp ON rp.permission_id = p.id
|
|
WHERE rp.role_id = $1
|
|
ORDER BY p.resource, p.action;
|
|
|
|
-- name: UserHasPermission :one
|
|
SELECT EXISTS(
|
|
SELECT 1
|
|
FROM users u
|
|
JOIN user_roles ur ON ur.user_id = u.id
|
|
JOIN role_permissions rp ON rp.role_id = ur.role_id
|
|
JOIN permissions p ON p.id = rp.permission_id
|
|
WHERE u.id = $1
|
|
AND p.name = $2
|
|
AND u.deleted_at IS NULL
|
|
AND u.is_blocked = FALSE
|
|
);
|
|
|
|
-- name: UserHasAnyPermission :one
|
|
SELECT EXISTS(
|
|
SELECT 1
|
|
FROM users u
|
|
JOIN user_roles ur ON ur.user_id = u.id
|
|
JOIN role_permissions rp ON rp.role_id = ur.role_id
|
|
JOIN permissions p ON p.id = rp.permission_id
|
|
WHERE u.id = $1
|
|
AND p.name = ANY($2::varchar[])
|
|
AND u.deleted_at IS NULL
|
|
AND u.is_blocked = FALSE
|
|
);
|