-- ================================================================
-- 权限方案 A 升级 DDL（在已有表结构基础上执行）
-- 执行顺序：按文件从上到下顺序执行
-- ================================================================

-- ------------------------------------------------------------
-- 1. department：新增部门负责人字段
-- ------------------------------------------------------------
ALTER TABLE public.department
    ADD COLUMN IF NOT EXISTS leader_user_id INTEGER
        REFERENCES public.user_list(id) ON DELETE SET NULL;

COMMENT ON COLUMN public.department.leader_user_id IS '部门负责人 user_id，对应 role=leader 的用户';

CREATE INDEX IF NOT EXISTS idx_department_leader_user_id
    ON public.department (leader_user_id);

-- ------------------------------------------------------------
-- 2. user_list：新增「是否允许上传文件到知识库」开关
-- ------------------------------------------------------------
ALTER TABLE public.user_list
    ADD COLUMN IF NOT EXISTS allow_kb_upload BOOLEAN NOT NULL DEFAULT TRUE;

COMMENT ON COLUMN public.user_list.allow_kb_upload IS '是否允许上传文件到知识库（上级领导或 admin 可关闭）';

-- ------------------------------------------------------------
-- 3. kb_audit_log：知识库操作审计日志表（新建）
-- ------------------------------------------------------------
CREATE TABLE IF NOT EXISTS public.kb_audit_log
(
    id             SERIAL PRIMARY KEY,
    enterprise_id  INTEGER      NOT NULL
        REFERENCES public.enterprise ON DELETE CASCADE,
    actor_id       INTEGER      NOT NULL
        REFERENCES public.user_list (id) ON DELETE CASCADE,
    target_user_id INTEGER
        REFERENCES public.user_list (id) ON DELETE SET NULL,
    department_id  INTEGER
        REFERENCES public.department (id) ON DELETE SET NULL,
    kb_id          INTEGER
        REFERENCES public.knowledge_base (id) ON DELETE SET NULL,
    file_id        INTEGER
        REFERENCES public.knowledge_base_file (id) ON DELETE SET NULL,
    action         VARCHAR(50)  NOT NULL,
    -- upload | download | delete | archive | create_kb | delete_kb | permission_change
    ip             VARCHAR(128),
    user_agent     TEXT,
    metadata       JSONB,
    created_at     TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP NOT NULL
);

COMMENT ON TABLE public.kb_audit_log IS '知识库操作审计日志';
COMMENT ON COLUMN public.kb_audit_log.action IS
    'upload | download | delete | archive | create_kb | delete_kb | permission_change';

CREATE INDEX IF NOT EXISTS idx_kb_audit_log_enterprise_id
    ON public.kb_audit_log (enterprise_id);
CREATE INDEX IF NOT EXISTS idx_kb_audit_log_actor_id
    ON public.kb_audit_log (actor_id);
CREATE INDEX IF NOT EXISTS idx_kb_audit_log_target_user_id
    ON public.kb_audit_log (target_user_id);
CREATE INDEX IF NOT EXISTS idx_kb_audit_log_department_id
    ON public.kb_audit_log (department_id);
CREATE INDEX IF NOT EXISTS idx_kb_audit_log_kb_id
    ON public.kb_audit_log (kb_id);
CREATE INDEX IF NOT EXISTS idx_kb_audit_log_action
    ON public.kb_audit_log (action);
CREATE INDEX IF NOT EXISTS idx_kb_audit_log_created_at
    ON public.kb_audit_log (created_at DESC);
CREATE INDEX IF NOT EXISTS idx_kb_audit_log_ent_dept_created
    ON public.kb_audit_log (enterprise_id, department_id, created_at DESC);

ALTER TABLE public.kb_audit_log OWNER TO zuoleiroot;
