fonrey/apps/permission/models/role.py

from django.db import models

from core.enums import PermissionRoleCategory
from core.models.base import SoftDeleteModel, TimeStampedModel


class Role(SoftDeleteModel):
    name = models.CharField(
        max_length=100,
        verbose_name="角色名称",
    )
    category = models.CharField(
        max_length=30,
        choices=PermissionRoleCategory.choices,
        verbose_name="角色类别",
        help_text="agent=置业顾问 / store_manager=店管 / director=总经 / operator=运营 / custom=自定义",
    )
    description = models.TextField(
        blank=True,
        default="",
        verbose_name="角色描述",
    )
    template_role = models.ForeignKey(
        "fonrey_permission.Role",
        null=True,
        blank=True,
        on_delete=models.SET_NULL,
        related_name="derived_roles",
        verbose_name="权限模板来源",
        help_text='PRD「引用该角色配置」列',
    )
    is_system_builtin = models.BooleanField(
        default=False,
        verbose_name="是否系统内置",
        help_text='如「最大权限角色」，不可删除、不可改名',
    )
    is_active = models.BooleanField(
        default=True,
        verbose_name="是否启用",
        help_text="FALSE=禁用（员工无法继承该角色权限）",
    )
    created_by = models.ForeignKey(
        "org.Staff",
        null=True,
        blank=True,
        on_delete=models.SET_NULL,
        related_name="permission_roles_created",
        verbose_name="创建人",
        help_text="角色类别只能由创建者修改",
    )
    updated_by = models.ForeignKey(
        "org.Staff",
        null=True,
        blank=True,
        on_delete=models.SET_NULL,
        related_name="permission_roles_updated",
        verbose_name="最后修改人",
        help_text="权限管理审计用",
    )

    class Meta:
        db_table = "roles"
        verbose_name = "角色"
        verbose_name_plural = "角色"
        constraints = [
            models.UniqueConstraint(
                fields=["name"],
                name="uq_roles_name_active",
                condition=models.Q(deleted_at__isnull=True),
            ),
        ]
        indexes = [
            models.Index(
                fields=["category"],
                name="idx_roles_category",
                condition=models.Q(deleted_at__isnull=True),
            ),
            models.Index(fields=["template_role"], name="idx_roles_template"),
        ]

    def __str__(self) -> str:
        return f"{self.name} ({self.category})"


class RolePermission(TimeStampedModel):
    role = models.ForeignKey(
        "fonrey_permission.Role",
        on_delete=models.CASCADE,
        related_name="permissions",
        verbose_name="所属角色",
        help_text="稀疏存储：角色删除时级联清理权限值",
    )
    permission_def = models.ForeignKey(
        "fonrey_permission.PermissionDef",
        on_delete=models.PROTECT,
        related_name="role_assignments",
        verbose_name="权限定义",
        help_text="RESTRICT 防止删除仍被引用的权限项",
    )
    value = models.JSONField(
        verbose_name="权限值",
        help_text='统一格式 {"v": <value>}',
    )
    updated_by = models.ForeignKey(
        "org.Staff",
        null=True,
        blank=True,
        on_delete=models.SET_NULL,
        related_name="role_permissions_updated",
        verbose_name="最后修改人",
    )

    class Meta:
        db_table = "role_permissions"
        verbose_name = "角色权限"
        verbose_name_plural = "角色权限"
        constraints = [
            models.UniqueConstraint(
                fields=["role", "permission_def"],
                name="uq_role_permissions",
            ),
        ]
        indexes = [
            models.Index(fields=["role"], name="idx_role_permissions_role"),
            models.Index(fields=["permission_def"], name="idx_role_permissions_def"),
        ]

    def __str__(self) -> str:
        return f"{self.role.name} → {self.permission_def.code}"