-- =============================================
-- 平台运维审计 + 用户授权管理 DDL
-- Version: 1.0
-- Module: wm-revenue
-- =============================================

-- 1. 操作日志表
CREATE TABLE IF NOT EXISTS pa_audit_log (
    id              BIGSERIAL PRIMARY KEY,
    operator        VARCHAR(100),
    operator_id     BIGINT,
    module          VARCHAR(100),
    action          VARCHAR(50),
    target_type     VARCHAR(50),
    target_id       BIGINT,
    before_value    TEXT,
    after_value     TEXT,
    ip_address      VARCHAR(50),
    user_agent      VARCHAR(500),
    request_url     VARCHAR(500),
    request_method  VARCHAR(10),
    result          VARCHAR(20)     DEFAULT 'success',
    remark          VARCHAR(500),
    created_at      TIMESTAMP       DEFAULT CURRENT_TIMESTAMP
);

CREATE INDEX idx_audit_log_module ON pa_audit_log(module);
CREATE INDEX idx_audit_log_action ON pa_audit_log(action);
CREATE INDEX idx_audit_log_operator_id ON pa_audit_log(operator_id);
CREATE INDEX idx_audit_log_created_at ON pa_audit_log(created_at);
CREATE INDEX idx_audit_log_target ON pa_audit_log(target_type, target_id);

COMMENT ON TABLE pa_audit_log IS '操作日志（CRUD审计）';
COMMENT ON COLUMN pa_audit_log.operator IS '操作人姓名';
COMMENT ON COLUMN pa_audit_log.operator_id IS '操作人ID';
COMMENT ON COLUMN pa_audit_log.module IS '模块名称';
COMMENT ON COLUMN pa_audit_log.action IS '操作类型：create/update/delete/query/export/login/logout';
COMMENT ON COLUMN pa_audit_log.target_type IS '目标类型';
COMMENT ON COLUMN pa_audit_log.target_id IS '目标ID';
COMMENT ON COLUMN pa_audit_log.before_value IS '操作前数据（JSON）';
COMMENT ON COLUMN pa_audit_log.after_value IS '操作后数据（JSON）';

-- 2. 平台角色表
CREATE TABLE IF NOT EXISTS pa_platform_role (
    id              BIGSERIAL PRIMARY KEY,
    role_name       VARCHAR(100)    NOT NULL,
    role_code       VARCHAR(50)     NOT NULL UNIQUE,
    description     VARCHAR(500),
    permissions     TEXT            DEFAULT '[]',
    data_scope      VARCHAR(20)     DEFAULT 'self',
    enabled         INTEGER         DEFAULT 1,
    deleted         INTEGER         DEFAULT 0,
    created_at      TIMESTAMP       DEFAULT CURRENT_TIMESTAMP,
    updated_at      TIMESTAMP       DEFAULT CURRENT_TIMESTAMP
);

CREATE INDEX idx_platform_role_code ON pa_platform_role(role_code);
CREATE INDEX idx_platform_role_enabled ON pa_platform_role(enabled);

COMMENT ON TABLE pa_platform_role IS '平台角色';
COMMENT ON COLUMN pa_platform_role.role_name IS '角色名称';
COMMENT ON COLUMN pa_platform_role.role_code IS '角色编码';
COMMENT ON COLUMN pa_platform_role.permissions IS '权限列表（JSON数组）';
COMMENT ON COLUMN pa_platform_role.data_scope IS '数据范围：all/dept/self/custom';

-- 3. 角色-用户关联表
CREATE TABLE IF NOT EXISTS pa_role_user_relation (
    id              BIGSERIAL PRIMARY KEY,
    role_id         BIGINT          NOT NULL,
    user_id         BIGINT          NOT NULL,
    created_at      TIMESTAMP       DEFAULT CURRENT_TIMESTAMP
);

CREATE INDEX idx_role_user_relation_role ON pa_role_user_relation(role_id);
CREATE INDEX idx_role_user_relation_user ON pa_role_user_relation(user_id);
CREATE UNIQUE INDEX idx_role_user_relation_unique ON pa_role_user_relation(role_id, user_id);

COMMENT ON TABLE pa_role_user_relation IS '角色-用户关联';

-- 4. 平台用户表
CREATE TABLE IF NOT EXISTS pa_platform_user (
    id              BIGSERIAL PRIMARY KEY,
    username        VARCHAR(100)    NOT NULL UNIQUE,
    real_name       VARCHAR(100),
    phone           VARCHAR(20),
    email           VARCHAR(100),
    department_id   BIGINT,
    role_id         BIGINT,
    status          INTEGER         DEFAULT 1,
    password        VARCHAR(200),
    last_login_at   TIMESTAMP,
    deleted         INTEGER         DEFAULT 0,
    created_at      TIMESTAMP       DEFAULT CURRENT_TIMESTAMP,
    updated_at      TIMESTAMP       DEFAULT CURRENT_TIMESTAMP
);

CREATE INDEX idx_platform_user_username ON pa_platform_user(username);
CREATE INDEX idx_platform_user_department ON pa_platform_user(department_id);
CREATE INDEX idx_platform_user_role ON pa_platform_user(role_id);
CREATE INDEX idx_platform_user_status ON pa_platform_user(status);

COMMENT ON TABLE pa_platform_user IS '平台用户';
COMMENT ON COLUMN pa_platform_user.username IS '登录用户名';
COMMENT ON COLUMN pa_platform_user.status IS '状态：1-启用 0-禁用';

-- =============================================
-- 默认角色数据
-- =============================================
INSERT INTO pa_platform_role (role_name, role_code, description, permissions, data_scope, enabled) VALUES
('超级管理员', 'SUPER_ADMIN', '系统超级管理员，拥有所有权限',
 '["user:read","user:write","user:delete","role:read","role:write","role:delete","audit:read","audit:export","system:config"]',
 'all', 1),
('运维管理员', 'OPS_ADMIN', '运维管理员，可查看和管理所有运维相关功能',
 '["user:read","user:write","role:read","audit:read","audit:export","ops:manage"]',
 'all', 1),
('普通用户', 'NORMAL_USER', '普通用户，基本查看权限',
 '["user:read","audit:read"]',
 'self', 1),
('部门管理员', 'DEPT_ADMIN', '部门管理员，管理本部门用户',
 '["user:read","user:write","role:read","audit:read"]',
 'dept', 1),
('审计员', 'AUDITOR', '审计员，只读审计日志权限',
 '["audit:read","audit:export","user:read","role:read"]',
 'all', 1)
ON CONFLICT (role_code) DO NOTHING;