"""CRM Permission Configuration 单一业主机构内的角色和权限配置。 部署时由管理员通过RBAC UI或此配置初始化。 Convention roles: - any: 任何人(未登录) - logined: 已登录用户 - anonymous: 匿名用户 """ # ============================================================ # 单一业主机构 # ============================================================ # CRM为单业主机构系统,不跨机构。 # 所有角色属于同一业主机构内部的不同部门。 # ============================================================ # 角色定义 # ============================================================ ROLES = [ # 销售部 {'id': 'sales_manager', 'name': '销售经理', 'desc': '团队管理、客户分配、审批'}, {'id': 'sales_rep', 'name': '销售代表', 'desc': '客户跟进、商机推进、合同起草'}, # 财务部 {'id': 'finance_admin', 'name': '财务管理员', 'desc': '所有财务操作、报表'}, {'id': 'finance_clerk', 'name': '财务出纳', 'desc': '收款登记、付款处理'}, # 管理员 {'id': 'admin_superuser', 'name': '超级用户', 'desc': '全部权限,初始化用'}, ] # ============================================================ # 权限矩阵 # 格式: {模块名: {路径模式: [有权限的角色列表]}} # ============================================================ PERMISSION_MATRIX = { # ---------------------------------------------------------- # 公共路径(登录等) # ---------------------------------------------------------- 'main': { '/main/login.ui': ['any'], '/main/login.dspy': ['any'], }, # ---------------------------------------------------------- # 客户管理模块 - 销售+财务+管理员 # ---------------------------------------------------------- 'customer_management': { '/customer_management/**': [ 'sales_manager', 'sales_rep', 'finance_admin', 'admin_superuser', ], '/customer_management/customer_handover**': [ 'sales_manager', 'sales_rep', 'admin_superuser', ], '/customer_management/customer_pool**': [ 'sales_manager', 'sales_rep', 'admin_superuser', ], }, # ---------------------------------------------------------- # 商机管理模块 - 销售+管理员 # ---------------------------------------------------------- 'opportunity_management': { '/opportunity_management/**': [ 'sales_manager', 'sales_rep', 'admin_superuser', ], }, # ---------------------------------------------------------- # 合同管理模块 - 销售+财务+管理员 # ---------------------------------------------------------- 'contract_management': { '/contract_management/**': [ 'sales_manager', 'sales_rep', 'finance_admin', 'admin_superuser', ], '/contract_management/contract_ai_config**': [ 'sales_manager', 'admin_superuser', ], }, # ---------------------------------------------------------- # 财务管理模块 - 财务+管理员 # ---------------------------------------------------------- 'financial_management': { '/financial_management/**': [ 'finance_admin', 'finance_clerk', 'admin_superuser', ], '/financial_management/receivables**': [ 'sales_manager', 'finance_admin', 'finance_clerk', 'admin_superuser', ], }, # ---------------------------------------------------------- # 工作流审批模块 - 全部内部角色 # ---------------------------------------------------------- 'workflow_approval': { '/workflow_approval/**': [ 'sales_manager', 'sales_rep', 'finance_admin', 'finance_clerk', 'admin_superuser', ], }, # ---------------------------------------------------------- # 统一仪表盘 - 全部内部角色 # ---------------------------------------------------------- 'unified_dashboard': { '/unified_dashboard/**': [ 'sales_manager', 'sales_rep', 'finance_admin', 'finance_clerk', 'admin_superuser', ], }, } # ============================================================ # CRUD 路径 # 每个模块的表自动生成 CRUD 路径: /{modulename}/{tablename}/ # ============================================================ CRUD_TABLES = { 'customer_management': [ 'customers', 'customer_pool', 'customer_handover', 'customer_handover_items', ], 'opportunity_management': [ 'opportunities', 'opportunity_stage_history', 'opportunity_predictions', 'sales_stages', ], 'contract_management': [ 'contract', 'contract_versions', 'contract_attachment', 'contract_milestones', 'contract_ai_config', 'orders', 'order_payments', ], 'financial_management': [ 'receivables', 'receipts', 'receipt_allocations', 'payments', 'financial_vouchers', ], 'workflow_approval': [ 'approval_workflow', 'approval_instance', 'approval_step', 'approval_task', ], 'unified_dashboard': [ 'dashboard_config', 'report_template', 'user_dashboard', ], }