184 lines
6.5 KiB
Python
184 lines
6.5 KiB
Python
"""CRM Permission Configuration
|
||
|
||
单一业主机构内的角色和权限配置。
|
||
部署时由管理员通过RBAC UI或此配置初始化。
|
||
|
||
Convention roles:
|
||
- any: 任何人(未登录)
|
||
- logined: 已登录用户
|
||
- anonymous: 匿名用户
|
||
"""
|
||
|
||
# ============================================================
|
||
# 单一业主机构
|
||
# ============================================================
|
||
# CRM为单业主机构系统,不跨机构。
|
||
# 所有角色属于同一业主机构内部的不同部门。
|
||
|
||
# ============================================================
|
||
# 角色定义
|
||
# ============================================================
|
||
ROLES = [
|
||
# 销售部
|
||
{'id': 'sales_manager', 'name': '销售经理', 'desc': '团队管理、客户分配、审批'},
|
||
{'id': 'sales_rep', 'name': '销售代表', 'desc': '客户跟进、商机推进、合同起草'},
|
||
# 财务部
|
||
{'id': 'finance_admin', 'name': '财务管理员', 'desc': '所有财务操作、报表'},
|
||
{'id': 'finance_clerk', 'name': '财务出纳', 'desc': '收款登记、付款处理'},
|
||
# 管理员(兼容已有数据库中的角色名)
|
||
{'id': 'admin', 'name': '管理员', 'desc': '全部权限'},
|
||
{'id': 'superuser', 'name': '超级用户', 'desc': '全部权限'},
|
||
{'id': 'admin_superuser', 'name': '超级用户', 'desc': '全部权限,初始化用'},
|
||
]
|
||
|
||
# ============================================================
|
||
# 权限矩阵
|
||
# 格式: {模块名: {路径模式: [有权限的角色列表]}}
|
||
# ============================================================
|
||
PERMISSION_MATRIX = {
|
||
# ----------------------------------------------------------
|
||
# 静态资源(bricks 框架)—— 任何人可访问
|
||
# ----------------------------------------------------------
|
||
'bricks': {
|
||
'/bricks/**': ['any'],
|
||
},
|
||
|
||
# ----------------------------------------------------------
|
||
# 公共路径(登录等)—— 任何人可访问
|
||
# ----------------------------------------------------------
|
||
'public': {
|
||
'/main/rbac/user/login.ui': ['any'],
|
||
'/main/rbac/user/login.dspy': ['any'],
|
||
'/main/rbac/user/up_login.dspy': ['any'],
|
||
'/main/rbac/user/logout.dspy': ['any'],
|
||
'/main/rbac/user/register.dspy': ['any'],
|
||
'/main/rbac/user/register.ui': ['any'],
|
||
'/main/login.ui': ['any'],
|
||
'/main/login.dspy': ['any'],
|
||
},
|
||
|
||
# ----------------------------------------------------------
|
||
# 根路径 —— 已登录用户可访问(/main/ 指向 base.ui)
|
||
# ----------------------------------------------------------
|
||
'root': {
|
||
'/main/': ['logined'],
|
||
'/main/index.html': ['logined'],
|
||
'/main/base.ui': ['logined'],
|
||
'/base.ui': ['logined'],
|
||
'/login.ui': ['any'],
|
||
'/login.dspy': ['any'],
|
||
},
|
||
|
||
# ----------------------------------------------------------
|
||
# 客户管理模块 - 销售+财务+管理员
|
||
# ----------------------------------------------------------
|
||
'customer_management': {
|
||
'/customer_management/**': [
|
||
'sales_manager', 'sales_rep',
|
||
'finance_admin',
|
||
'admin_superuser',
|
||
],
|
||
'/customer_management/customer_handover**': [
|
||
'sales_manager', 'sales_rep',
|
||
'admin_superuser',
|
||
],
|
||
'/customer_management/customer_pool**': [
|
||
'sales_manager', 'sales_rep',
|
||
'admin_superuser',
|
||
],
|
||
},
|
||
|
||
# ----------------------------------------------------------
|
||
# 商机管理模块 - 销售+管理员
|
||
# ----------------------------------------------------------
|
||
'opportunity_management': {
|
||
'/opportunity_management/**': [
|
||
'sales_manager', 'sales_rep',
|
||
'admin_superuser',
|
||
],
|
||
},
|
||
|
||
# ----------------------------------------------------------
|
||
# 合同管理模块 - 销售+财务+管理员
|
||
# ----------------------------------------------------------
|
||
'contract_management': {
|
||
'/contract_management/**': [
|
||
'sales_manager', 'sales_rep',
|
||
'finance_admin',
|
||
'admin_superuser',
|
||
],
|
||
'/contract_management/contract_ai_config**': [
|
||
'sales_manager',
|
||
'admin_superuser',
|
||
],
|
||
},
|
||
|
||
# ----------------------------------------------------------
|
||
# 财务管理模块 - 财务+管理员
|
||
# ----------------------------------------------------------
|
||
'financial_management': {
|
||
'/financial_management/**': [
|
||
'finance_admin', 'finance_clerk',
|
||
'admin_superuser',
|
||
],
|
||
'/financial_management/receivables**': [
|
||
'sales_manager',
|
||
'finance_admin', 'finance_clerk',
|
||
'admin_superuser',
|
||
],
|
||
},
|
||
|
||
# ----------------------------------------------------------
|
||
# 工作流审批模块 - 全部内部角色
|
||
# ----------------------------------------------------------
|
||
'workflow_approval': {
|
||
'/workflow_approval/**': [
|
||
'sales_manager', 'sales_rep',
|
||
'finance_admin', 'finance_clerk',
|
||
'admin_superuser',
|
||
],
|
||
},
|
||
|
||
# ----------------------------------------------------------
|
||
# 统一仪表盘 - 全部内部角色
|
||
# ----------------------------------------------------------
|
||
'unified_dashboard': {
|
||
'/unified_dashboard/**': [
|
||
'sales_manager', 'sales_rep',
|
||
'finance_admin', 'finance_clerk',
|
||
'admin_superuser',
|
||
],
|
||
},
|
||
}
|
||
|
||
# ============================================================
|
||
# CRUD 路径
|
||
# 每个模块的表自动生成 CRUD 路径: /{modulename}/{tablename}/
|
||
# ============================================================
|
||
CRUD_TABLES = {
|
||
'customer_management': [
|
||
'customers', 'customer_pool',
|
||
'customer_handover', 'customer_handover_items',
|
||
],
|
||
'opportunity_management': [
|
||
'opportunities', 'opportunity_stage_history',
|
||
'opportunity_predictions', 'sales_stages',
|
||
],
|
||
'contract_management': [
|
||
'contract', 'contract_versions', 'contract_attachment',
|
||
'contract_milestones', 'contract_ai_config',
|
||
'orders', 'order_payments',
|
||
],
|
||
'financial_management': [
|
||
'receivables', 'receipts', 'receipt_allocations',
|
||
'payments', 'financial_vouchers',
|
||
],
|
||
'workflow_approval': [
|
||
'approval_workflow', 'approval_instance',
|
||
'approval_step', 'approval_task',
|
||
],
|
||
'unified_dashboard': [
|
||
'dashboard_config', 'report_template', 'user_dashboard',
|
||
],
|
||
}
|