-- 查询白名单功能部署 SQL
-- 数据库：tyc
-- 执行后请重新登录管理后台

-- ============================================
-- 1. 创建操作记录表
-- ============================================
CREATE TABLE IF NOT EXISTS `query_whitelist_op_log` (
  `id` bigint NOT NULL AUTO_INCREMENT,
  `create_time` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
  `update_time` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
  `delete_time` datetime DEFAULT NULL COMMENT '删除时间',
  `del_state` tinyint NOT NULL DEFAULT '0',
  `version` bigint NOT NULL DEFAULT '0' COMMENT '版本号',

  `admin_user_id` bigint NOT NULL COMMENT '操作管理员ID',
  `action` varchar(20) NOT NULL COMMENT '操作类型：create=创建规则，append=追加接口',
  `name` varchar(50) NOT NULL DEFAULT '*' COMMENT '姓名规则',
  `id_card` varchar(50) NOT NULL COMMENT '身份证号（明文，供后台审计）',
  `id_card_masked` varchar(50) DEFAULT NULL COMMENT '天远返回的脱敏身份证号',
  `api_codes` varchar(2000) NOT NULL COMMENT '本次提交的产品编码（JSON数组）',
  `remark` varchar(500) DEFAULT NULL COMMENT '备注',
  `tianyuan_code` int NOT NULL DEFAULT 0 COMMENT '天远 API 业务码',
  `tianyuan_message` varchar(500) DEFAULT NULL COMMENT '天远 API 返回描述',
  `transaction_id` varchar(64) DEFAULT NULL COMMENT '天远 API 流水号',
  `entry_id` varchar(64) DEFAULT NULL COMMENT '天远规则ID（成功时）',
  `entry_status` varchar(20) DEFAULT NULL COMMENT '规则状态（成功时）',
  `entry_api_codes` varchar(2000) DEFAULT NULL COMMENT '规则当前产品编码列表（JSON数组，成功时）',

  PRIMARY KEY (`id`),
  KEY `idx_admin_user_id` (`admin_user_id`),
  KEY `idx_id_card` (`id_card`),
  KEY `idx_action` (`action`),
  KEY `idx_tianyuan_code` (`tianyuan_code`),
  KEY `idx_create_time` (`create_time`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci COMMENT='查询白名单操作记录表';

-- ============================================
-- 2. 新增「查询白名单」菜单
-- ============================================
INSERT INTO `admin_menu` (
  `pid`, `name`, `path`, `component`, `redirect`, `meta`, `status`, `type`, `sort`, `del_state`, `version`
)
SELECT
  20,
  'queryWhitelist',
  '/product-manage/query-whitelist/list',
  '/product-manage/query-whitelist/list',
  NULL,
  JSON_OBJECT('icon', 'lucide:shield-off', 'title', '查询白名单'),
  1,
  1,
  0,
  0,
  0
FROM DUAL
WHERE NOT EXISTS (
  SELECT 1 FROM `admin_menu`
  WHERE `path` = '/product-manage/query-whitelist/list' AND `del_state` = 0
);

-- ============================================
-- 3. 给超级管理员（role_id=1）授权菜单
-- ============================================
INSERT INTO `admin_role_menu` (`role_id`, `menu_id`, `del_state`, `version`)
SELECT
  1,
  m.`id`,
  0,
  0
FROM `admin_menu` m
WHERE m.`path` = '/product-manage/query-whitelist/list'
  AND m.`del_state` = 0
  AND NOT EXISTS (
    SELECT 1 FROM `admin_role_menu` rm
    WHERE rm.`role_id` = 1
      AND rm.`menu_id` = m.`id`
      AND rm.`del_state` = 0
  );

-- ============================================
-- 4. 注册 admin_api 权限
-- ============================================
INSERT INTO `admin_api` (`api_name`, `api_code`, `method`, `url`, `status`, `description`, `del_state`, `version`)
SELECT 'query-whitelist-create', 'post__api_v1_admin_query-whitelist_create', 'POST', '/api/v1/admin/query-whitelist/create', 1, '创建查询白名单规则', 0, 0
FROM DUAL WHERE NOT EXISTS (SELECT 1 FROM `admin_api` WHERE `url` = '/api/v1/admin/query-whitelist/create' AND `del_state` = 0);

INSERT INTO `admin_api` (`api_name`, `api_code`, `method`, `url`, `status`, `description`, `del_state`, `version`)
SELECT 'query-whitelist-append', 'post__api_v1_admin_query-whitelist_append', 'POST', '/api/v1/admin/query-whitelist/append', 1, '追加查询白名单产品编码', 0, 0
FROM DUAL WHERE NOT EXISTS (SELECT 1 FROM `admin_api` WHERE `url` = '/api/v1/admin/query-whitelist/append' AND `del_state` = 0);

INSERT INTO `admin_api` (`api_name`, `api_code`, `method`, `url`, `status`, `description`, `del_state`, `version`)
SELECT 'query-whitelist-op-log-list', 'get__api_v1_admin_query-whitelist_op-log_list', 'GET', '/api/v1/admin/query-whitelist/op-log/list', 1, '查询白名单操作记录列表', 0, 0
FROM DUAL WHERE NOT EXISTS (SELECT 1 FROM `admin_api` WHERE `url` = '/api/v1/admin/query-whitelist/op-log/list' AND `del_state` = 0);

-- ============================================
-- 5. 给超级管理员（role_id=1）授权 API
-- ============================================
INSERT INTO `admin_role_api` (`role_id`, `api_id`, `del_state`, `version`)
SELECT 1, a.`id`, 0, 0
FROM `admin_api` a
WHERE a.`url` IN (
  '/api/v1/admin/query-whitelist/create',
  '/api/v1/admin/query-whitelist/append',
  '/api/v1/admin/query-whitelist/op-log/list'
)
AND a.`del_state` = 0
AND NOT EXISTS (
  SELECT 1 FROM `admin_role_api` ra
  WHERE ra.`role_id` = 1 AND ra.`api_id` = a.`id` AND ra.`del_state` = 0
);