-- ===================================================== -- 快速开放消息系统所有权限(开发模式) -- 适用于开发/测试环境的一键权限开放 -- ⚠️ 生产环境严禁使用! -- ===================================================== -- 确保所有消息表启用RLS ALTER TABLE IF EXISTS public.ak_message_types ENABLE ROW LEVEL SECURITY; ALTER TABLE IF EXISTS public.ak_messages ENABLE ROW LEVEL SECURITY; ALTER TABLE IF EXISTS public.ak_message_recipients ENABLE ROW LEVEL SECURITY; ALTER TABLE IF EXISTS public.ak_message_groups ENABLE ROW LEVEL SECURITY; ALTER TABLE IF EXISTS public.ak_message_group_members ENABLE ROW LEVEL SECURITY; ALTER TABLE IF EXISTS public.ak_message_templates ENABLE ROW LEVEL SECURITY; ALTER TABLE IF EXISTS public.ak_user_message_preferences ENABLE ROW LEVEL SECURITY; ALTER TABLE IF EXISTS public.ak_message_stats ENABLE ROW LEVEL SECURITY; -- ============================================================================= -- 一键清理所有限制性策略并创建开放策略 -- ============================================================================= DO $$ DECLARE table_names TEXT[] := ARRAY[ 'ak_message_types', 'ak_messages', 'ak_message_recipients', 'ak_message_groups', 'ak_message_group_members', 'ak_message_templates', 'ak_user_message_preferences', 'ak_message_stats' ]; table_name TEXT; r RECORD; BEGIN RAISE NOTICE '🔓 开始设置开发权限模式...'; -- 清理现有策略 FOREACH table_name IN ARRAY table_names LOOP -- 删除该表的所有策略 FOR r IN SELECT policyname FROM pg_policies WHERE schemaname = 'public' AND tablename = table_name LOOP EXECUTE format('DROP POLICY IF EXISTS %I ON public.%I', r.policyname, table_name); END LOOP; -- 创建开放策略 EXECUTE format(' CREATE POLICY "dev_open_access_%s" ON public.%I FOR ALL USING (auth.role() = ''authenticated'') WITH CHECK (auth.role() = ''authenticated'') ', replace(table_name, 'ak_', ''), table_name); RAISE NOTICE '✅ 已为表 % 设置开放权限', table_name; END LOOP; RAISE NOTICE '🎉 开发权限模式设置完成!'; RAISE NOTICE '⚠️ 所有已认证用户现在可以完全操作消息系统'; RAISE NOTICE '📝 记住:这仅适用于开发/测试环境!'; END $$; -- ============================================================================= -- 创建开发便捷函数 -- ============================================================================= -- 快速发送消息 CREATE OR REPLACE FUNCTION public.dev_send_message( p_title TEXT, p_content TEXT, p_to_user_id UUID, p_type_name TEXT DEFAULT 'notification' ) RETURNS UUID LANGUAGE plpgsql SECURITY DEFINER AS $$ DECLARE v_message_id UUID; v_type_id UUID; v_sender_id UUID := auth.uid(); BEGIN -- 获取或创建消息类型 SELECT id INTO v_type_id FROM public.ak_message_types WHERE type_name = p_type_name; IF v_type_id IS NULL THEN INSERT INTO public.ak_message_types (type_name, display_name, is_active) VALUES (p_type_name, initcap(p_type_name), true) RETURNING id INTO v_type_id; END IF; -- 创建消息 INSERT INTO public.ak_messages ( message_type_id, sender_type, sender_id, receiver_type, receiver_id, title, content, status, created_by ) VALUES ( v_type_id, 'user', v_sender_id, 'user', p_to_user_id, p_title, p_content, 'sent', v_sender_id ) RETURNING id INTO v_message_id; -- 创建接收记录 INSERT INTO public.ak_message_recipients ( message_id, user_id, status, created_by ) VALUES ( v_message_id, p_to_user_id, 'unread', v_sender_id ); RETURN v_message_id; END $$; -- 快速创建群组 CREATE OR REPLACE FUNCTION public.dev_create_group( p_name TEXT, p_description TEXT DEFAULT '', p_is_public BOOLEAN DEFAULT true ) RETURNS UUID LANGUAGE plpgsql SECURITY DEFINER AS $$ DECLARE v_group_id UUID; v_creator_id UUID := auth.uid(); BEGIN INSERT INTO public.ak_message_groups ( name, description, is_public, status, created_by ) VALUES ( p_name, p_description, p_is_public, 'active', v_creator_id ) RETURNING id INTO v_group_id; -- 添加创建者为群主 INSERT INTO public.ak_message_group_members ( group_id, user_id, role, status, joined_at, created_by ) VALUES ( v_group_id, v_creator_id, 'owner', 'active', NOW(), v_creator_id ); RETURN v_group_id; END $$; -- 快速添加群组成员 CREATE OR REPLACE FUNCTION public.dev_add_to_group( p_group_id UUID, p_user_id UUID, p_role TEXT DEFAULT 'member' ) RETURNS BOOLEAN LANGUAGE plpgsql SECURITY DEFINER AS $$ BEGIN INSERT INTO public.ak_message_group_members ( group_id, user_id, role, status, joined_at, created_by ) VALUES ( p_group_id, p_user_id, p_role, 'active', NOW(), auth.uid() ) ON CONFLICT (group_id, user_id) DO UPDATE SET status = 'active', role = EXCLUDED.role, joined_at = NOW(); RETURN true; END $$; -- 开发数据查看函数 CREATE OR REPLACE FUNCTION public.dev_show_my_messages() RETURNS TABLE ( message_id UUID, title TEXT, content TEXT, sender_name TEXT, created_at TIMESTAMPTZ, status TEXT ) LANGUAGE plpgsql SECURITY DEFINER AS $$ BEGIN RETURN QUERY SELECT m.id, m.title, m.content, COALESCE('User-' || m.sender_id::TEXT, 'System') as sender_name, m.created_at, COALESCE(mr.status, m.status) as message_status FROM public.ak_messages m LEFT JOIN public.ak_message_recipients mr ON m.id = mr.message_id AND mr.user_id = auth.uid() WHERE m.receiver_id = auth.uid() OR mr.user_id = auth.uid() ORDER BY m.created_at DESC; END $$; -- ============================================================================= -- 验证开发模式设置 -- ============================================================================= DO $$ DECLARE policy_count INTEGER; function_count INTEGER; BEGIN -- 检查策略 SELECT COUNT(*) INTO policy_count FROM pg_policies WHERE schemaname = 'public' AND policyname LIKE 'dev_open_access_%'; -- 检查函数 SELECT COUNT(*) INTO function_count FROM information_schema.routines WHERE routine_schema = 'public' AND routine_name LIKE 'dev_%'; RAISE NOTICE '📊 开发模式统计:'; RAISE NOTICE ' - 开放策略: % 个', policy_count; RAISE NOTICE ' - 便捷函数: % 个', function_count; IF policy_count >= 8 THEN RAISE NOTICE '🎯 开发权限模式已成功启用!'; RAISE NOTICE ''; RAISE NOTICE '🛠️ 可用的开发函数:'; RAISE NOTICE ' • dev_send_message(标题, 内容, 接收者ID, 类型)'; RAISE NOTICE ' • dev_create_group(群组名, 描述, 是否公开)'; RAISE NOTICE ' • dev_add_to_group(群组ID, 用户ID, 角色)'; RAISE NOTICE ' • dev_show_my_messages() - 查看我的消息'; RAISE NOTICE ''; RAISE NOTICE '📝 使用示例:'; RAISE NOTICE ' SELECT dev_send_message(''测试'', ''内容'', ''user-id'');'; RAISE NOTICE ' SELECT * FROM dev_show_my_messages();'; ELSE RAISE NOTICE '⚠️ 策略设置可能不完整,请检查'; END IF; END $$; -- 完成提示 SELECT '🔓 开发权限模式' as mode, '已启用' as status, '所有authenticated用户可操作消息系统' as description, '⚠️ 仅用于开发/测试环境' as warning;