From 679463d2c1d6b616c57b8c999a1751d9c795eef5 Mon Sep 17 00:00:00 2001
From: Nick Zeng <Nick.Zeng@wpic.co>
Date: Mon, 9 Mar 2026 14:14:21 +0800
Subject: [PATCH] add role route override and user data scope

---
 backend/app/Model/RoleRouteOverride.php       | 52 +++++++++++++++++++
 backend/app/Model/UserDataScope.php           | 43 +++++++++++++++
 ...0000_create_role_route_overrides_table.php | 32 ++++++++++++
 ...9_240000_create_user_data_scopes_table.php | 34 ++++++++++++
 4 files changed, 161 insertions(+)
 create mode 100644 backend/app/Model/RoleRouteOverride.php
 create mode 100644 backend/app/Model/UserDataScope.php
 create mode 100644 backend/migrations/2026_03_09_230000_create_role_route_overrides_table.php
 create mode 100644 backend/migrations/2026_03_09_240000_create_user_data_scopes_table.php

diff --git a/backend/app/Model/RoleRouteOverride.php b/backend/app/Model/RoleRouteOverride.php
new file mode 100644
index 0000000..7ec22c1
--- /dev/null
+++ b/backend/app/Model/RoleRouteOverride.php
@@ -0,0 +1,52 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Model;
+
+use Hyperf\Database\Model\Relations\BelongsTo;
+use Hyperf\DbConnection\Model\Model;
+
+/**
+ * @property int $role_id
+ * @property int $route_id
+ * @property bool $allowed
+ */
+class RoleRouteOverride extends Model
+{
+    protected ?string $table = 'role_route_overrides';
+
+    public bool $timestamps = false;
+
+    protected string $primaryKey = 'role_id';
+
+    public bool $incrementing = false;
+
+    protected array $fillable = [
+        'role_id',
+        'route_id',
+        'allowed',
+    ];
+
+    protected array $casts = [
+        'role_id' => 'integer',
+        'route_id' => 'integer',
+        'allowed' => 'boolean',
+    ];
+
+    /**
+     * 所属角色
+     */
+    public function role(): BelongsTo
+    {
+        return $this->belongsTo(Role::class, 'role_id');
+    }
+
+    /**
+     * 所属路由
+     */
+    public function route(): BelongsTo
+    {
+        return $this->belongsTo(Route::class, 'route_id');
+    }
+}
diff --git a/backend/app/Model/UserDataScope.php b/backend/app/Model/UserDataScope.php
new file mode 100644
index 0000000..0ebda0e
--- /dev/null
+++ b/backend/app/Model/UserDataScope.php
@@ -0,0 +1,43 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Model;
+
+use Hyperf\Database\Model\Relations\BelongsTo;
+use Hyperf\DbConnection\Model\Model;
+
+/**
+ * @property int $id
+ * @property int $user_id
+ * @property string $scope_type
+ * @property int $scope_id
+ * @property \Carbon\Carbon $created_at
+ */
+class UserDataScope extends Model
+{
+    protected ?string $table = 'user_data_scopes';
+
+    public bool $timestamps = false;
+
+    protected array $fillable = [
+        'user_id',
+        'scope_type',
+        'scope_id',
+    ];
+
+    protected array $casts = [
+        'id' => 'integer',
+        'user_id' => 'integer',
+        'scope_id' => 'integer',
+        'created_at' => 'datetime',
+    ];
+
+    /**
+     * 所属用户
+     */
+    public function user(): BelongsTo
+    {
+        return $this->belongsTo(User::class, 'user_id');
+    }
+}
diff --git a/backend/migrations/2026_03_09_230000_create_role_route_overrides_table.php b/backend/migrations/2026_03_09_230000_create_role_route_overrides_table.php
new file mode 100644
index 0000000..9961e01
--- /dev/null
+++ b/backend/migrations/2026_03_09_230000_create_role_route_overrides_table.php
@@ -0,0 +1,32 @@
+<?php
+
+use Hyperf\Database\Schema\Schema;
+use Hyperf\Database\Schema\Blueprint;
+use Hyperf\Database\Migrations\Migration;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::create('role_route_overrides', function (Blueprint $table) {
+            $table->unsignedBigInteger('role_id')->comment('角色 ID');
+            $table->unsignedBigInteger('route_id')->comment('路由 ID');
+            $table->boolean('allowed')->comment('true=强制允许, false=强制拒绝');
+
+            $table->primary(['role_id', 'route_id']);
+            $table->foreign('role_id')->references('id')->on('roles')->onDelete('cascade');
+            $table->foreign('route_id')->references('id')->on('routes')->onDelete('cascade');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::dropIfExists('role_route_overrides');
+    }
+};
diff --git a/backend/migrations/2026_03_09_240000_create_user_data_scopes_table.php b/backend/migrations/2026_03_09_240000_create_user_data_scopes_table.php
new file mode 100644
index 0000000..877cee1
--- /dev/null
+++ b/backend/migrations/2026_03_09_240000_create_user_data_scopes_table.php
@@ -0,0 +1,34 @@
+<?php
+
+use Hyperf\Database\Schema\Schema;
+use Hyperf\Database\Schema\Blueprint;
+use Hyperf\Database\Migrations\Migration;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::create('user_data_scopes', function (Blueprint $table) {
+            $table->id()->comment('主键');
+            $table->unsignedBigInteger('user_id')->comment('用户 ID');
+            $table->string('scope_type', 20)->comment('范围类型: company/platform/store');
+            $table->unsignedBigInteger('scope_id')->comment('范围目标 ID');
+            $table->timestampTz('created_at')->useCurrent()->comment('创建时间');
+
+            $table->unique(['user_id', 'scope_type', 'scope_id']);
+            $table->index('user_id');
+            $table->foreign('user_id')->references('id')->on('users')->onDelete('cascade');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::dropIfExists('user_data_scopes');
+    }
+};