Skip to content

DB foundation_security

Jump to bottom
wuda0112 edited this page Dec 27, 2020 · 2 revisions

permission_category

column name definition
permission_category_id BIGINT UNSIGNED NOT NULL
parent_id BIGINT UNSIGNED NOT NULL DEFAULT 0 COMMENT '父级'
name VARCHAR (45) NOT NULL COMMENT 'category name'
description VARCHAR (256) NULL COMMENT '描述'
create_time DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
create_user_id BIGINT UNSIGNED NOT NULL
last_modify_time DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
last_modify_user_id BIGINT UNSIGNED NOT NULL
is_deleted BIGINT UNSIGNED NOT NULL DEFAULT 0

permission_target

column name definition
permission_target_id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT
permission_category_id BIGINT UNSIGNED NOT NULL COMMENT '分类'
name VARCHAR (45) NOT NULL COMMENT 'permission target name。在java.security.Permission#getName设计中,name就唯一识别了作用对象,类似的,在我们这里,由于有分类,因此只要在分类中唯一即可'
type TINYINT UNSIGNED NOT NULL COMMENT 'permission target的类型。比如对象的类型是文件,或者对象的类型是菜单,等等。'
referenced_type TINYINT UNSIGNED NOT NULL DEFAULT 0 COMMENT '关联的外部对象的类型。注意和type字段的区别,在实际中,有可能这两个字段的值是一样的,但是在意义上却是完全不一样的,而且有可能一种type的target,由关联的多种referenced_type组成'
referenced_identifier BIGINT UNSIGNED NOT NULL DEFAULT 0 COMMENT '该target关联的外部对象的唯一标记,如果为0,表示并没有关联外部对象。这样设计的目的是:不把作用对象放在权限体系中,而是任何想要使用权限体系的外部对象,通过该字段关联到自己,这样就可以做到权限体系的最大可扩展性。举例:在web系统中,如果已经拥有了菜单表,如果要对菜单权限控制,就可以使用该字段将permission与菜单数据建立联系,而不需要把菜单相关的逻辑引入到权限体系中,但是,如果多种外部对象通过该字段关联进来,有可能identifier冲突,因此需要type字段一起做唯一控制'
description VARCHAR (45) NULL COMMENT '描述'
create_time DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
create_user_id BIGINT UNSIGNED NOT NULL
last_modify_time DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
last_modify_user_id BIGINT UNSIGNED NOT NULL
is_deleted BIGINT UNSIGNED NOT NULL DEFAULT 0

permission_assignment

column name definition
id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT
subject_type TINYINT UNSIGNED NOT NULL COMMENT 'subject的类型,比如subject代表用户'
subject_identifier BIGINT UNSIGNED NOT NULL COMMENT '如果subject type代表用户,那么这个值可能就是用户ID'
target_type SMALLINT UNSIGNED NOT NULL COMMENT 'target的类型,比如target代表文件'
target_identifier BIGINT UNSIGNED NOT NULL COMMENT 'target的唯一标记符'
action_type SMALLINT UNSIGNED NOT NULL COMMENT 'action的类型'
action_identifier BIGINT UNSIGNED NOT NULL COMMENT 'action的唯一标记符'
allow BIT (1) NOT NULL COMMENT 'allow or deny,虽然为subject分配了target和action,但不一定是允许,也可以是拒绝'
create_time DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
create_user_id BIGINT UNSIGNED NOT NULL
is_deleted BIGINT UNSIGNED NOT NULL DEFAULT 0

permission_action

column name definition
permission_action_id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT
permission_target_id BIGINT UNSIGNED NOT NULL
name VARCHAR (45) NOT NULL COMMENT 'action name'
description VARCHAR (128) NULL
referenced_type TINYINT UNSIGNED NOT NULL DEFAULT 0 COMMENT '关联的外部对象的类型,0表示没有关联其他外部对象。'
referenced_identifier BIGINT UNSIGNED NOT NULL DEFAULT 0 COMMENT '关联的外部对象的identifier,0表示没有关联外部对象。'
create_time DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
create_user_id BIGINT UNSIGNED NOT NULL
last_modify_time DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
last_modify_user_id BIGINT UNSIGNED NOT NULL
is_deleted BIGINT UNSIGNED NOT NULL DEFAULT 0

permission_role

column name definition
permission_role_id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT
type TINYINT UNSIGNED NOT NULL COMMENT '角色的类型,比如某一类型的角色只用于用户在组中的角色;某一类型的角色只用于菜单访问控制'
name VARCHAR (45) NOT NULL COMMENT '名称'
description VARCHAR (256) NULL COMMENT '描述'
create_time DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
create_user_id BIGINT UNSIGNED NOT NULL
last_modify_time DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
last_modify_user_id BIGINT UNSIGNED NOT NULL
is_deleted BIGINT UNSIGNED NOT NULL DEFAULT 0

简介

架构

数据库设计

约定

基础工具

DataType模块

Property模块

权限模块

Clone this wiki locally