26 lines
1.2 KiB
SQL
26 lines
1.2 KiB
SQL
CREATE TABLE IF NOT EXISTS gateway_access_rules (
|
|
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
|
|
subject_type text NOT NULL CHECK (subject_type IN ('user_group', 'tenant', 'user', 'api_key')),
|
|
subject_id uuid NOT NULL,
|
|
resource_type text NOT NULL CHECK (resource_type IN ('platform', 'platform_model', 'base_model')),
|
|
resource_id uuid NOT NULL,
|
|
effect text NOT NULL CHECK (effect IN ('allow', 'deny')),
|
|
priority integer NOT NULL DEFAULT 100,
|
|
min_permission_level integer NOT NULL DEFAULT 0,
|
|
conditions jsonb NOT NULL DEFAULT '{}'::jsonb,
|
|
metadata jsonb NOT NULL DEFAULT '{}'::jsonb,
|
|
status text NOT NULL DEFAULT 'active' CHECK (status IN ('active', 'disabled')),
|
|
created_at timestamptz NOT NULL DEFAULT now(),
|
|
updated_at timestamptz NOT NULL DEFAULT now(),
|
|
UNIQUE (subject_type, subject_id, resource_type, resource_id, effect)
|
|
);
|
|
|
|
CREATE INDEX IF NOT EXISTS idx_gateway_access_rules_subject
|
|
ON gateway_access_rules(subject_type, subject_id, status);
|
|
|
|
CREATE INDEX IF NOT EXISTS idx_gateway_access_rules_resource
|
|
ON gateway_access_rules(resource_type, resource_id, status);
|
|
|
|
CREATE INDEX IF NOT EXISTS idx_gateway_access_rules_effect
|
|
ON gateway_access_rules(effect, status, priority);
|