RBAC: Phase 1-3, Total Salary fix, employee creation fix, permission groups, backup script

Made-with: Cursor
2026-03-04 19:31:08 +04:00
parent 6034f774ed
commit 8edeaf10f5
46 changed files with 2751 additions and 598 deletions
--- a/backend/prisma/schema.prisma
+++ b/backend/prisma/schema.prisma
@@ -69,10 +69,59 @@ model User {
  assignedTasks     Task[]
  projectMembers    ProjectMember[]
  campaigns         Campaign[]
+  userRoles         UserRole[]
  
  @@map("users")
 }

+// Optional roles - user can belong to multiple permission groups (Phase 3 multi-group)
+model Role {
+  id          String      @id @default(uuid())
+  name        String      @unique
+  nameAr      String?
+  description String?
+  isActive    Boolean     @default(true)
+  
+  createdAt   DateTime    @default(now())
+  updatedAt  DateTime    @updatedAt
+  
+  permissions RolePermission[]
+  userRoles   UserRole[]
+  
+  @@map("roles")
+}
+
+model RolePermission {
+  id        String   @id @default(uuid())
+  roleId    String
+  role      Role     @relation(fields: [roleId], references: [id], onDelete: Cascade)
+  module    String
+  resource  String
+  actions   Json     // ["read", "create", "update", "delete", ...]
+  
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+  
+  @@unique([roleId, module, resource])
+  @@map("role_permissions")
+}
+
+model UserRole {
+  id        String   @id @default(uuid())
+  userId    String
+  roleId    String
+  
+  user      User     @relation(fields: [userId], references: [id], onDelete: Cascade)
+  role      Role     @relation(fields: [roleId], references: [id], onDelete: Cascade)
+  
+  createdAt DateTime @default(now())
+  
+  @@unique([userId, roleId])
+  @@index([userId])
+  @@index([roleId])
+  @@map("user_roles")
+}
+
 model Employee {
  id                String    @id @default(uuid())
  uniqueEmployeeId  String    @unique // رقم الموظف الموحد