feat: scaffold Django multi-tenant project with 5 of 9 apps

Phase 1 scaffolding: config/, core/, base models, AES-256-GCM phone encryption, enums mirror apps.tenant: Tenant + Domain (django-tenants) apps.org: 11 models (OrgUnit hierarchy, Staff, audit logs) apps.account: 4 models (UserAccount as AUTH_USER_MODEL, login/password tracking) apps.permission: 7 models (RBAC + overrides + datascope + append-only changelog) apps.region: 5 models (District, BusinessArea, MetroLine, MetroStation, School) All migrations generated, manage.py check passes
2026-04-29 17:01:55 +08:00
parent 61535a53c2
commit 9a7d06b34e
116 changed files with 3411 additions and 0 deletions
--- a/apps/permission/models/permission_def.py
+++ b/apps/permission/models/permission_def.py
@@ -0,0 +1,46 @@
+from django.contrib.postgres.fields import ArrayField
+from django.db import models
+
+from core.enums import PermissionModule, PermissionValueType
+from core.models.base import TimeStampedModel
+
+
+class PermissionDef(TimeStampedModel):
+    code = models.CharField(max_length=150, unique=True)
+    module = models.CharField(max_length=50, choices=PermissionModule.choices)
+    sub_module = models.CharField(max_length=50, blank=True, default="")
+    group_name = models.CharField(max_length=100)
+    name = models.CharField(max_length=200)
+    description = models.TextField(blank=True, default="")
+    value_type = models.CharField(max_length=20, choices=PermissionValueType.choices)
+    scope_choices = models.JSONField(default=list, blank=True)
+    integer_min = models.IntegerField(null=True, blank=True)
+    integer_max = models.IntegerField(null=True, blank=True)
+    default_value = models.JSONField(default=dict)
+    max_allowed_categories = ArrayField(
+        models.CharField(max_length=50),
+        default=list,
+        blank=True,
+    )
+    sort_order = models.PositiveIntegerField(default=0)
+    is_active = models.BooleanField(default=True)
+    is_deprecated = models.BooleanField(default=False)
+    version = models.PositiveIntegerField(default=1)
+
+    class Meta:
+        db_table = "permission_defs"
+        indexes = [
+            models.Index(
+                fields=["module", "sub_module", "sort_order"],
+                name="idx_perm_defs_module",
+                condition=models.Q(is_active=True),
+            ),
+            models.Index(
+                fields=["is_active"],
+                name="idx_perm_defs_active",
+                condition=models.Q(is_active=True),
+            ),
+        ]
+
+    def __str__(self) -> str:
+        return f"{self.code} ({self.value_type})"