feat: add tenant stored card permission seed script

deploy/postgres/README.md

@@ -6,6 +6,13 @@
 
 - `create_databases.sql`：创建四个业务库与对应角色（可多次执行，存在则跳过）。
 - `bootstrap.ps1`：PowerShell 包装脚本，调用 `psql` 执行 SQL。
+- `seed_tenant_seckill_permissions.sql`：补齐租户端秒杀活动权限码、菜单权限与角色授权映射（可重复执行）。
+- `seed_tenant_new_customer_permissions.sql`：补齐租户端新客有礼权限码、菜单权限与角色授权映射（可重复执行）。
+- `seed_tenant_punch_card_permissions.sql`：补齐租户端次卡管理权限码、菜单权限与角色授权映射（可重复执行）。
+- `seed_tenant_calendar_permissions.sql`：补齐租户端营销日历权限码、菜单权限与角色授权映射（可重复执行）。
+- `seed_tenant_customer_permissions.sql`：补齐租户端客户管理权限码、菜单权限与角色授权映射（可重复执行）。
+- `seed_tenant_member_permissions.sql`：补齐租户端会员管理权限码、菜单权限与角色授权映射（可重复执行）。
+- `seed_tenant_member_stored_card_permissions.sql`：补齐租户端会员储值卡权限码、菜单权限与角色授权映射（可重复执行）。
 
 ## 前置条件
 
@@ -38,6 +45,104 @@ cd deploy/postgres
 - 如需修改密码或新增库，编辑 `create_databases.sql` 后重新运行脚本。
 - 若在本地拉起测试库，可把 `Host` 指向 `localhost`，其余参数保持一致。
 
+## 秒杀权限补齐
+
+在 `takeout_identity_db` 执行：
+
+```powershell
+psql -h <host> -p <port> -U identity_user -d takeout_identity_db -f .\seed_tenant_seckill_permissions.sql
+```
+
+脚本会完成：
+
+1. 新增/修正 `tenant:marketing:seckill:*` 权限码。
+2. 更新秒杀菜单 (`/marketing/seckill/index`) 的 `RequiredPermissions`、`MetaPermissions` 与 `AuthListJson`。
+3. 参考满减权限映射，补齐角色模板与租户角色的秒杀权限授权。
+
+## 新客有礼权限补齐
+
+在 `takeout_identity_db` 执行：
+
+```powershell
+psql -h <host> -p <port> -U identity_user -d takeout_identity_db -f .\seed_tenant_new_customer_permissions.sql
+```
+
+脚本会完成：
+
+1. 新增/修正 `tenant:marketing:new-customer:*` 权限码。
+2. 更新新客有礼菜单 (`/marketing/new-customer/index`) 的 `RequiredPermissions`、`MetaPermissions` 与 `AuthListJson`。
+3. 参考满减权限映射，补齐角色模板与租户角色的新客有礼权限授权。
+
+## 次卡管理权限补齐
+
+在 `takeout_identity_db` 执行：
+
+```powershell
+psql -h <host> -p <port> -U identity_user -d takeout_identity_db -f .\seed_tenant_punch_card_permissions.sql
+```
+
+脚本会完成：
+
+1. 新增/修正 `tenant:marketing:punch-card:*` 权限码。
+2. 更新次卡管理菜单 (`/marketing/punch-card/index`) 的 `RequiredPermissions`、`MetaPermissions` 与 `AuthListJson`。
+3. 参考满减权限映射，补齐角色模板与租户角色的次卡管理权限授权。
+
+## 营销日历权限补齐
+
+在 `takeout_identity_db` 执行：
+
+```powershell
+psql -h <host> -p <port> -U identity_user -d takeout_identity_db -f .\seed_tenant_calendar_permissions.sql
+```
+
+脚本会完成：
+
+1. 新增/修正 `tenant:marketing:calendar:*` 权限码。
+2. 更新营销日历菜单 (`/marketing/calendar/index`) 的 `RequiredPermissions`、`MetaPermissions` 与 `AuthListJson`。
+3. 参考满减权限映射，补齐角色模板与租户角色的营销日历权限授权。
+
+## 客户管理权限补齐
+
+在 `takeout_identity_db` 执行：
+
+```powershell
+psql -h <host> -p <port> -U identity_user -d takeout_identity_db -f .\seed_tenant_customer_permissions.sql
+```
+
+脚本会完成：
+
+1. 新增/修正 `tenant:customer:*` 权限码（list/profile/analysis）。
+2. 更新客户菜单 (`/customer/list|profile|analysis`) 的 `RequiredPermissions`、`MetaPermissions` 与 `AuthListJson`。
+3. 按订单列表权限映射补齐客户列表（view/manage）与客户画像（profile/view）角色模板和租户角色授权；`analysis` 不做角色映射。
+
+## 会员管理权限补齐
+
+在 `takeout_identity_db` 执行：
+
+```powershell
+psql -h <host> -p <port> -U identity_user -d takeout_identity_db -f .\seed_tenant_member_permissions.sql
+```
+
+脚本会完成：
+
+1. 新增/修正 `tenant:member:*` 权限码（view/manage）。
+2. 更新会员管理菜单 (`/member/list/index`) 的 `RequiredPermissions`、`MetaPermissions` 与 `AuthListJson`。
+3. 按订单列表权限映射补齐会员管理权限的角色模板与租户角色授权。
+
+## 会员储值卡权限补齐
+
+在 `takeout_identity_db` 执行：
+
+```powershell
+psql -h <host> -p <port> -U identity_user -d takeout_identity_db -f .\seed_tenant_member_stored_card_permissions.sql
+```
+
+脚本会完成：
+
+1. 新增/修正 `tenant:member:stored-card:*` 权限码（view/manage）。
+2. 更新会员储值卡菜单 (`/member/stored-card/index`) 的 `RequiredPermissions`、`MetaPermissions` 与 `AuthListJson`。
+3. 按订单列表权限映射补齐会员储值卡权限的角色模板与租户角色授权。
+
 ## 常见问题
 
 | 问题 | 处理方式 |

deploy/postgres/seed_tenant_calendar_permissions.sql

@@ -0,0 +1,255 @@
+-- 文件职责：补齐 Tenant 端营销日历权限与菜单权限绑定（可重复执行）。
+-- 执行范围：takeout_identity 数据库（Portal=1，Tenant 端）。
+
+BEGIN;
+
+-- 1) 新增/修正营销日历权限码
+WITH calendar_permissions(code, name, sort_order) AS (
+    VALUES
+        ('tenant:marketing:calendar:view', '查看营销日历', 38),
+        ('tenant:marketing:calendar:manage', '管理营销日历', 39)
+),
+missing AS (
+    SELECT
+        source.code,
+        source.name,
+        source.sort_order,
+        ROW_NUMBER() OVER (ORDER BY source.sort_order, source.code) AS rn
+    FROM calendar_permissions source
+    LEFT JOIN public.permissions existing
+        ON existing."Code" = source.code
+    WHERE existing."Id" IS NULL
+),
+base AS (
+    SELECT COALESCE(MAX("Id"), 820000000000000000) AS max_id
+    FROM public.permissions
+)
+INSERT INTO public.permissions
+(
+    "Id", "Name", "Code", "Description", "CreatedAt", "UpdatedAt", "DeletedAt",
+    "CreatedBy", "UpdatedBy", "DeletedBy", "ParentId", "SortOrder", "Type", "Portal"
+)
+SELECT
+    base.max_id + missing.rn,
+    missing.name,
+    missing.code,
+    NULL,
+    NOW(),
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    820000000000000005,
+    missing.sort_order,
+    'leaf',
+    1
+FROM missing
+CROSS JOIN base;
+
+WITH calendar_permissions(code, name, sort_order) AS (
+    VALUES
+        ('tenant:marketing:calendar:view', '查看营销日历', 38),
+        ('tenant:marketing:calendar:manage', '管理营销日历', 39)
+)
+UPDATE public.permissions target
+SET
+    "Name" = source.name,
+    "ParentId" = 820000000000000005,
+    "SortOrder" = source.sort_order,
+    "Type" = 'leaf',
+    "Portal" = 1,
+    "DeletedAt" = NULL,
+    "DeletedBy" = NULL,
+    "UpdatedAt" = NOW()
+FROM calendar_permissions source
+WHERE target."Code" = source.code;
+
+-- 2) 绑定营销日历菜单访问权限与按钮权限
+UPDATE public.menu_definitions
+SET
+    "RequiredPermissions" = 'tenant:marketing:calendar:view',
+    "MetaPermissions" = 'tenant:marketing:calendar:view,tenant:marketing:calendar:manage',
+    "AuthListJson" = '[{"title":"管理","authMark":"tenant:marketing:calendar:manage"}]',
+    "UpdatedAt" = NOW()
+WHERE
+    "Portal" = 1
+    AND ("Path" = 'calendar' OR "Component" = '/marketing/calendar/index');
+
+-- 3) 给角色模板补齐营销日历权限（按满减权限映射）
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:marketing:full-reduction:view', 'tenant:marketing:calendar:view'),
+        ('tenant:marketing:full-reduction:create', 'tenant:marketing:calendar:manage'),
+        ('tenant:marketing:full-reduction:update', 'tenant:marketing:calendar:manage'),
+        ('tenant:marketing:full-reduction:delete', 'tenant:marketing:calendar:manage')
+),
+candidates AS (
+    SELECT DISTINCT
+        source."RoleTemplateId",
+        mapping.target_code
+    FROM public.role_template_permissions source
+    INNER JOIN code_mapping mapping
+        ON mapping.source_code = source."PermissionCode"
+    WHERE source."DeletedAt" IS NULL
+),
+missing AS (
+    SELECT
+        candidate."RoleTemplateId",
+        candidate.target_code,
+        ROW_NUMBER() OVER (
+            ORDER BY candidate."RoleTemplateId", candidate.target_code
+        ) AS rn
+    FROM candidates candidate
+    LEFT JOIN public.role_template_permissions existing
+        ON existing."RoleTemplateId" = candidate."RoleTemplateId"
+       AND existing."PermissionCode" = candidate.target_code
+    WHERE existing."Id" IS NULL
+),
+base AS (
+    SELECT COALESCE(MAX("Id"), 820000000000000000) AS max_id
+    FROM public.role_template_permissions
+)
+INSERT INTO public.role_template_permissions
+(
+    "Id", "RoleTemplateId", "PermissionCode", "CreatedAt", "UpdatedAt", "DeletedAt",
+    "CreatedBy", "UpdatedBy", "DeletedBy"
+)
+SELECT
+    base.max_id + missing.rn,
+    missing."RoleTemplateId",
+    missing.target_code,
+    NOW(),
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL
+FROM missing
+CROSS JOIN base;
+
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:marketing:full-reduction:view', 'tenant:marketing:calendar:view'),
+        ('tenant:marketing:full-reduction:create', 'tenant:marketing:calendar:manage'),
+        ('tenant:marketing:full-reduction:update', 'tenant:marketing:calendar:manage'),
+        ('tenant:marketing:full-reduction:delete', 'tenant:marketing:calendar:manage')
+)
+UPDATE public.role_template_permissions target
+SET
+    "DeletedAt" = NULL,
+    "DeletedBy" = NULL,
+    "UpdatedAt" = NOW()
+FROM public.role_template_permissions source
+INNER JOIN code_mapping mapping
+    ON mapping.source_code = source."PermissionCode"
+WHERE
+    source."RoleTemplateId" = target."RoleTemplateId"
+    AND target."PermissionCode" = mapping.target_code;
+
+-- 4) 给租户角色补齐营销日历权限（按满减权限映射）
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:marketing:full-reduction:view', 'tenant:marketing:calendar:view'),
+        ('tenant:marketing:full-reduction:create', 'tenant:marketing:calendar:manage'),
+        ('tenant:marketing:full-reduction:update', 'tenant:marketing:calendar:manage'),
+        ('tenant:marketing:full-reduction:delete', 'tenant:marketing:calendar:manage')
+),
+source_rows AS (
+    SELECT DISTINCT
+        source."RoleId",
+        source."TenantId",
+        source."Portal",
+        mapping.target_code
+    FROM public.role_permissions source
+    INNER JOIN public.permissions source_permission
+        ON source_permission."Id" = source."PermissionId"
+    INNER JOIN code_mapping mapping
+        ON mapping.source_code = source_permission."Code"
+    WHERE source."DeletedAt" IS NULL
+      AND source."Portal" = 1
+),
+candidates AS (
+    SELECT DISTINCT
+        source_row."RoleId",
+        source_row."TenantId",
+        source_row."Portal",
+        target_permission."Id" AS target_permission_id
+    FROM source_rows source_row
+    INNER JOIN public.permissions target_permission
+        ON target_permission."Code" = source_row.target_code
+),
+missing AS (
+    SELECT
+        candidate."RoleId",
+        candidate."TenantId",
+        candidate."Portal",
+        candidate.target_permission_id,
+        ROW_NUMBER() OVER (
+            ORDER BY candidate."TenantId", candidate."RoleId", candidate.target_permission_id
+        ) AS rn
+    FROM candidates candidate
+    LEFT JOIN public.role_permissions existing
+        ON existing."RoleId" = candidate."RoleId"
+       AND existing."PermissionId" = candidate.target_permission_id
+       AND existing."Portal" = candidate."Portal"
+       AND (
+            (existing."TenantId" IS NULL AND candidate."TenantId" IS NULL)
+            OR existing."TenantId" = candidate."TenantId"
+       )
+    WHERE existing."Id" IS NULL
+),
+base AS (
+    SELECT COALESCE(MAX("Id"), 830000000000000000) AS max_id
+    FROM public.role_permissions
+)
+INSERT INTO public.role_permissions
+(
+    "Id", "RoleId", "PermissionId", "CreatedAt", "UpdatedAt", "DeletedAt",
+    "CreatedBy", "UpdatedBy", "DeletedBy", "TenantId", "Portal"
+)
+SELECT
+    base.max_id + missing.rn,
+    missing."RoleId",
+    missing.target_permission_id,
+    NOW(),
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    missing."TenantId",
+    missing."Portal"
+FROM missing
+CROSS JOIN base;
+
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:marketing:full-reduction:view', 'tenant:marketing:calendar:view'),
+        ('tenant:marketing:full-reduction:create', 'tenant:marketing:calendar:manage'),
+        ('tenant:marketing:full-reduction:update', 'tenant:marketing:calendar:manage'),
+        ('tenant:marketing:full-reduction:delete', 'tenant:marketing:calendar:manage')
+)
+UPDATE public.role_permissions target
+SET
+    "DeletedAt" = NULL,
+    "DeletedBy" = NULL,
+    "UpdatedAt" = NOW()
+FROM public.role_permissions source
+INNER JOIN public.permissions source_permission
+    ON source_permission."Id" = source."PermissionId"
+INNER JOIN code_mapping mapping
+    ON mapping.source_code = source_permission."Code"
+INNER JOIN public.permissions target_permission
+    ON target_permission."Code" = mapping.target_code
+WHERE
+    source."Portal" = 1
+    AND target."Portal" = source."Portal"
+    AND target."RoleId" = source."RoleId"
+    AND target."PermissionId" = target_permission."Id"
+    AND (
+        (target."TenantId" IS NULL AND source."TenantId" IS NULL)
+        OR target."TenantId" = source."TenantId"
+    );
+
+COMMIT;

deploy/postgres/seed_tenant_customer_permissions.sql

@@ -0,0 +1,305 @@
+-- 文件职责：补齐 Tenant 端客户管理权限与菜单权限绑定（可重复执行）。
+-- 执行范围：takeout_identity 数据库（Portal=1，Tenant 端）。
+
+BEGIN;
+
+-- 1) 新增/修正客户管理权限码
+WITH customer_permissions(code, name, sort_order) AS (
+    VALUES
+        ('tenant:customer:list:view', '查看客户列表', 40),
+        ('tenant:customer:list:manage', '管理客户列表', 41),
+        ('tenant:customer:profile:view', '查看客户画像', 42),
+        ('tenant:customer:analysis:view', '查看客户分析', 43)
+),
+missing AS (
+    SELECT
+        source.code,
+        source.name,
+        source.sort_order,
+        ROW_NUMBER() OVER (ORDER BY source.sort_order, source.code) AS rn
+    FROM customer_permissions source
+    LEFT JOIN public.permissions existing
+        ON existing."Code" = source.code
+    WHERE existing."Id" IS NULL
+),
+base AS (
+    SELECT COALESCE(MAX("Id"), 820000000000000000) AS max_id
+    FROM public.permissions
+),
+parent AS (
+    SELECT COALESCE(
+        (
+            SELECT "ParentId"
+            FROM public.permissions
+            WHERE "Code" = 'tenant:order:list:view'
+            LIMIT 1
+        ),
+        820000000000000004
+    ) AS parent_id
+)
+INSERT INTO public.permissions
+(
+    "Id", "Name", "Code", "Description", "CreatedAt", "UpdatedAt", "DeletedAt",
+    "CreatedBy", "UpdatedBy", "DeletedBy", "ParentId", "SortOrder", "Type", "Portal"
+)
+SELECT
+    base.max_id + missing.rn,
+    missing.name,
+    missing.code,
+    NULL,
+    NOW(),
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    parent.parent_id,
+    missing.sort_order,
+    'leaf',
+    1
+FROM missing
+CROSS JOIN base
+CROSS JOIN parent;
+
+WITH customer_permissions(code, name, sort_order) AS (
+    VALUES
+        ('tenant:customer:list:view', '查看客户列表', 40),
+        ('tenant:customer:list:manage', '管理客户列表', 41),
+        ('tenant:customer:profile:view', '查看客户画像', 42),
+        ('tenant:customer:analysis:view', '查看客户分析', 43)
+),
+parent AS (
+    SELECT COALESCE(
+        (
+            SELECT "ParentId"
+            FROM public.permissions
+            WHERE "Code" = 'tenant:order:list:view'
+            LIMIT 1
+        ),
+        820000000000000004
+    ) AS parent_id
+)
+UPDATE public.permissions target
+SET
+    "Name" = source.name,
+    "ParentId" = parent.parent_id,
+    "SortOrder" = source.sort_order,
+    "Type" = 'leaf',
+    "Portal" = 1,
+    "DeletedAt" = NULL,
+    "DeletedBy" = NULL,
+    "UpdatedAt" = NOW()
+FROM customer_permissions source
+CROSS JOIN parent
+WHERE target."Code" = source.code;
+
+-- 2) 绑定客户管理菜单权限
+UPDATE public.menu_definitions
+SET
+    "RequiredPermissions" = 'tenant:customer:list:view',
+    "MetaPermissions" = 'tenant:customer:list:view,tenant:customer:list:manage',
+    "AuthListJson" = '[{"title":"导出","authMark":"tenant:customer:list:manage"}]',
+    "UpdatedAt" = NOW()
+WHERE
+    "Portal" = 1
+    AND ("Name" = 'CustomerList' OR "Component" = '/customer/list/index');
+
+UPDATE public.menu_definitions
+SET
+    "RequiredPermissions" = 'tenant:customer:profile:view',
+    "MetaPermissions" = 'tenant:customer:profile:view',
+    "AuthListJson" = NULL,
+    "UpdatedAt" = NOW()
+WHERE
+    "Portal" = 1
+    AND ("Name" = 'CustomerProfile' OR "Component" = '/customer/profile/index');
+
+UPDATE public.menu_definitions
+SET
+    "RequiredPermissions" = 'tenant:customer:analysis:view',
+    "MetaPermissions" = 'tenant:customer:analysis:view',
+    "AuthListJson" = NULL,
+    "UpdatedAt" = NOW()
+WHERE
+    "Portal" = 1
+    AND ("Name" = 'CustomerAnalysis' OR "Component" = '/customer/analysis/index');
+
+-- 3) 给角色模板补齐客户管理权限（按订单列表权限映射）
+-- 说明：本轮映射 list(view/manage)+profile(view)+analysis(view)。
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:order:list:view', 'tenant:customer:list:view'),
+        ('tenant:order:list:view', 'tenant:customer:profile:view'),
+        ('tenant:order:list:view', 'tenant:customer:analysis:view'),
+        ('tenant:order:list:update', 'tenant:customer:list:manage')
+),
+candidates AS (
+    SELECT DISTINCT
+        source."RoleTemplateId",
+        mapping.target_code
+    FROM public.role_template_permissions source
+    INNER JOIN code_mapping mapping
+        ON mapping.source_code = source."PermissionCode"
+    WHERE source."DeletedAt" IS NULL
+),
+missing AS (
+    SELECT
+        candidate."RoleTemplateId",
+        candidate.target_code,
+        ROW_NUMBER() OVER (
+            ORDER BY candidate."RoleTemplateId", candidate.target_code
+        ) AS rn
+    FROM candidates candidate
+    LEFT JOIN public.role_template_permissions existing
+        ON existing."RoleTemplateId" = candidate."RoleTemplateId"
+       AND existing."PermissionCode" = candidate.target_code
+    WHERE existing."Id" IS NULL
+),
+base AS (
+    SELECT COALESCE(MAX("Id"), 820000000000000000) AS max_id
+    FROM public.role_template_permissions
+)
+INSERT INTO public.role_template_permissions
+(
+    "Id", "RoleTemplateId", "PermissionCode", "CreatedAt", "UpdatedAt", "DeletedAt",
+    "CreatedBy", "UpdatedBy", "DeletedBy"
+)
+SELECT
+    base.max_id + missing.rn,
+    missing."RoleTemplateId",
+    missing.target_code,
+    NOW(),
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL
+FROM missing
+CROSS JOIN base;
+
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:order:list:view', 'tenant:customer:list:view'),
+        ('tenant:order:list:view', 'tenant:customer:profile:view'),
+        ('tenant:order:list:view', 'tenant:customer:analysis:view'),
+        ('tenant:order:list:update', 'tenant:customer:list:manage')
+)
+UPDATE public.role_template_permissions target
+SET
+    "DeletedAt" = NULL,
+    "DeletedBy" = NULL,
+    "UpdatedAt" = NOW()
+FROM public.role_template_permissions source
+INNER JOIN code_mapping mapping
+    ON mapping.source_code = source."PermissionCode"
+WHERE
+    source."RoleTemplateId" = target."RoleTemplateId"
+    AND target."PermissionCode" = mapping.target_code;
+
+-- 4) 给租户角色补齐客户管理权限（按订单列表权限映射）
+-- 说明：本轮映射 list(view/manage)+profile(view)+analysis(view)。
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:order:list:view', 'tenant:customer:list:view'),
+        ('tenant:order:list:view', 'tenant:customer:profile:view'),
+        ('tenant:order:list:view', 'tenant:customer:analysis:view'),
+        ('tenant:order:list:update', 'tenant:customer:list:manage')
+),
+source_rows AS (
+    SELECT DISTINCT
+        source."RoleId",
+        source."TenantId",
+        source."Portal",
+        mapping.target_code
+    FROM public.role_permissions source
+    INNER JOIN public.permissions source_permission
+        ON source_permission."Id" = source."PermissionId"
+    INNER JOIN code_mapping mapping
+        ON mapping.source_code = source_permission."Code"
+    WHERE source."DeletedAt" IS NULL
+      AND source."Portal" = 1
+),
+candidates AS (
+    SELECT DISTINCT
+        source_row."RoleId",
+        source_row."TenantId",
+        source_row."Portal",
+        target_permission."Id" AS target_permission_id
+    FROM source_rows source_row
+    INNER JOIN public.permissions target_permission
+        ON target_permission."Code" = source_row.target_code
+),
+missing AS (
+    SELECT
+        candidate."RoleId",
+        candidate."TenantId",
+        candidate."Portal",
+        candidate.target_permission_id,
+        ROW_NUMBER() OVER (
+            ORDER BY candidate."TenantId", candidate."RoleId", candidate.target_permission_id
+        ) AS rn
+    FROM candidates candidate
+    LEFT JOIN public.role_permissions existing
+        ON existing."RoleId" = candidate."RoleId"
+       AND existing."PermissionId" = candidate.target_permission_id
+       AND existing."Portal" = candidate."Portal"
+       AND (
+            (existing."TenantId" IS NULL AND candidate."TenantId" IS NULL)
+            OR existing."TenantId" = candidate."TenantId"
+       )
+    WHERE existing."Id" IS NULL
+),
+base AS (
+    SELECT COALESCE(MAX("Id"), 830000000000000000) AS max_id
+    FROM public.role_permissions
+)
+INSERT INTO public.role_permissions
+(
+    "Id", "RoleId", "PermissionId", "CreatedAt", "UpdatedAt", "DeletedAt",
+    "CreatedBy", "UpdatedBy", "DeletedBy", "TenantId", "Portal"
+)
+SELECT
+    base.max_id + missing.rn,
+    missing."RoleId",
+    missing.target_permission_id,
+    NOW(),
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    missing."TenantId",
+    missing."Portal"
+FROM missing
+CROSS JOIN base;
+
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:order:list:view', 'tenant:customer:list:view'),
+        ('tenant:order:list:view', 'tenant:customer:profile:view'),
+        ('tenant:order:list:view', 'tenant:customer:analysis:view'),
+        ('tenant:order:list:update', 'tenant:customer:list:manage')
+)
+UPDATE public.role_permissions target
+SET
+    "DeletedAt" = NULL,
+    "DeletedBy" = NULL,
+    "UpdatedAt" = NOW()
+FROM public.role_permissions source
+INNER JOIN public.permissions source_permission
+    ON source_permission."Id" = source."PermissionId"
+INNER JOIN code_mapping mapping
+    ON mapping.source_code = source_permission."Code"
+INNER JOIN public.permissions target_permission
+    ON target_permission."Code" = mapping.target_code
+WHERE
+    source."Portal" = 1
+    AND target."Portal" = source."Portal"
+    AND target."RoleId" = source."RoleId"
+    AND target."PermissionId" = target_permission."Id"
+    AND (
+        (target."TenantId" IS NULL AND source."TenantId" IS NULL)
+        OR target."TenantId" = source."TenantId"
+    );
+
+COMMIT;

deploy/postgres/seed_tenant_member_permissions.sql

@@ -0,0 +1,281 @@
+-- 文件职责：补齐 Tenant 端会员管理权限与菜单权限绑定（可重复执行）。
+-- 执行范围：takeout_identity 数据库（Portal=1，Tenant 端）。
+
+BEGIN;
+
+-- 1) 新增/修正会员管理权限码
+WITH member_permissions(code, name, sort_order) AS (
+    VALUES
+        ('tenant:member:view', '查看会员管理', 44),
+        ('tenant:member:manage', '管理会员管理', 45)
+),
+missing AS (
+    SELECT
+        source.code,
+        source.name,
+        source.sort_order,
+        ROW_NUMBER() OVER (ORDER BY source.sort_order, source.code) AS rn
+    FROM member_permissions source
+    LEFT JOIN public.permissions existing
+        ON existing."Code" = source.code
+    WHERE existing."Id" IS NULL
+),
+base AS (
+    SELECT COALESCE(MAX("Id"), 820000000000000000) AS max_id
+    FROM public.permissions
+),
+parent AS (
+    SELECT COALESCE(
+        (
+            SELECT "ParentId"
+            FROM public.permissions
+            WHERE "Code" = 'tenant:order:list:view'
+            LIMIT 1
+        ),
+        820000000000000004
+    ) AS parent_id
+)
+INSERT INTO public.permissions
+(
+    "Id", "Name", "Code", "Description", "CreatedAt", "UpdatedAt", "DeletedAt",
+    "CreatedBy", "UpdatedBy", "DeletedBy", "ParentId", "SortOrder", "Type", "Portal"
+)
+SELECT
+    base.max_id + missing.rn,
+    missing.name,
+    missing.code,
+    NULL,
+    NOW(),
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    parent.parent_id,
+    missing.sort_order,
+    'leaf',
+    1
+FROM missing
+CROSS JOIN base
+CROSS JOIN parent;
+
+WITH member_permissions(code, name, sort_order) AS (
+    VALUES
+        ('tenant:member:view', '查看会员管理', 44),
+        ('tenant:member:manage', '管理会员管理', 45)
+),
+parent AS (
+    SELECT COALESCE(
+        (
+            SELECT "ParentId"
+            FROM public.permissions
+            WHERE "Code" = 'tenant:order:list:view'
+            LIMIT 1
+        ),
+        820000000000000004
+    ) AS parent_id
+)
+UPDATE public.permissions target
+SET
+    "Name" = source.name,
+    "ParentId" = parent.parent_id,
+    "SortOrder" = source.sort_order,
+    "Type" = 'leaf',
+    "Portal" = 1,
+    "DeletedAt" = NULL,
+    "DeletedBy" = NULL,
+    "UpdatedAt" = NOW()
+FROM member_permissions source
+CROSS JOIN parent
+WHERE target."Code" = source.code;
+
+-- 2) 绑定会员管理菜单权限
+UPDATE public.menu_definitions
+SET
+    "RequiredPermissions" = 'tenant:member:view',
+    "MetaPermissions" = 'tenant:member:view,tenant:member:manage',
+    "AuthListJson" = '[{"title":"编辑","authMark":"tenant:member:manage"}]',
+    "UpdatedAt" = NOW()
+WHERE
+    "Portal" = 1
+    AND ("Name" = 'MemberMgmt' OR "Component" = '/member/list/index');
+
+UPDATE public.menu_definitions
+SET
+    "RequiredPermissions" = 'tenant:member:view',
+    "MetaPermissions" = 'tenant:member:view,tenant:member:manage',
+    "AuthListJson" = NULL,
+    "UpdatedAt" = NOW()
+WHERE
+    "Portal" = 1
+    AND ("Name" = 'Member' OR "Path" = '/member');
+
+-- 3) 给角色模板补齐会员管理权限（按订单列表权限映射）
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:order:list:view', 'tenant:member:view'),
+        ('tenant:order:list:update', 'tenant:member:manage')
+),
+candidates AS (
+    SELECT DISTINCT
+        source."RoleTemplateId",
+        mapping.target_code
+    FROM public.role_template_permissions source
+    INNER JOIN code_mapping mapping
+        ON mapping.source_code = source."PermissionCode"
+    WHERE source."DeletedAt" IS NULL
+),
+missing AS (
+    SELECT
+        candidate."RoleTemplateId",
+        candidate.target_code,
+        ROW_NUMBER() OVER (
+            ORDER BY candidate."RoleTemplateId", candidate.target_code
+        ) AS rn
+    FROM candidates candidate
+    LEFT JOIN public.role_template_permissions existing
+        ON existing."RoleTemplateId" = candidate."RoleTemplateId"
+       AND existing."PermissionCode" = candidate.target_code
+    WHERE existing."Id" IS NULL
+),
+base AS (
+    SELECT COALESCE(MAX("Id"), 820000000000000000) AS max_id
+    FROM public.role_template_permissions
+)
+INSERT INTO public.role_template_permissions
+(
+    "Id", "RoleTemplateId", "PermissionCode", "CreatedAt", "UpdatedAt", "DeletedAt",
+    "CreatedBy", "UpdatedBy", "DeletedBy"
+)
+SELECT
+    base.max_id + missing.rn,
+    missing."RoleTemplateId",
+    missing.target_code,
+    NOW(),
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL
+FROM missing
+CROSS JOIN base;
+
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:order:list:view', 'tenant:member:view'),
+        ('tenant:order:list:update', 'tenant:member:manage')
+)
+UPDATE public.role_template_permissions target
+SET
+    "DeletedAt" = NULL,
+    "DeletedBy" = NULL,
+    "UpdatedAt" = NOW()
+FROM public.role_template_permissions source
+INNER JOIN code_mapping mapping
+    ON mapping.source_code = source."PermissionCode"
+WHERE
+    source."RoleTemplateId" = target."RoleTemplateId"
+    AND target."PermissionCode" = mapping.target_code;
+
+-- 4) 给租户角色补齐会员管理权限（按订单列表权限映射）
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:order:list:view', 'tenant:member:view'),
+        ('tenant:order:list:update', 'tenant:member:manage')
+),
+source_rows AS (
+    SELECT DISTINCT
+        source."RoleId",
+        source."TenantId",
+        source."Portal",
+        mapping.target_code
+    FROM public.role_permissions source
+    INNER JOIN public.permissions source_permission
+        ON source_permission."Id" = source."PermissionId"
+    INNER JOIN code_mapping mapping
+        ON mapping.source_code = source_permission."Code"
+    WHERE source."DeletedAt" IS NULL
+      AND source."Portal" = 1
+),
+candidates AS (
+    SELECT DISTINCT
+        source_row."RoleId",
+        source_row."TenantId",
+        source_row."Portal",
+        target_permission."Id" AS target_permission_id
+    FROM source_rows source_row
+    INNER JOIN public.permissions target_permission
+        ON target_permission."Code" = source_row.target_code
+),
+missing AS (
+    SELECT
+        candidate."RoleId",
+        candidate."TenantId",
+        candidate."Portal",
+        candidate.target_permission_id,
+        ROW_NUMBER() OVER (
+            ORDER BY candidate."TenantId", candidate."RoleId", candidate.target_permission_id
+        ) AS rn
+    FROM candidates candidate
+    LEFT JOIN public.role_permissions existing
+        ON existing."RoleId" = candidate."RoleId"
+       AND existing."PermissionId" = candidate.target_permission_id
+       AND existing."Portal" = candidate."Portal"
+       AND (
+            (existing."TenantId" IS NULL AND candidate."TenantId" IS NULL)
+            OR existing."TenantId" = candidate."TenantId"
+       )
+    WHERE existing."Id" IS NULL
+),
+base AS (
+    SELECT COALESCE(MAX("Id"), 830000000000000000) AS max_id
+    FROM public.role_permissions
+)
+INSERT INTO public.role_permissions
+(
+    "Id", "RoleId", "PermissionId", "CreatedAt", "UpdatedAt", "DeletedAt",
+    "CreatedBy", "UpdatedBy", "DeletedBy", "TenantId", "Portal"
+)
+SELECT
+    base.max_id + missing.rn,
+    missing."RoleId",
+    missing.target_permission_id,
+    NOW(),
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    missing."TenantId",
+    missing."Portal"
+FROM missing
+CROSS JOIN base;
+
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:order:list:view', 'tenant:member:view'),
+        ('tenant:order:list:update', 'tenant:member:manage')
+)
+UPDATE public.role_permissions target
+SET
+    "DeletedAt" = NULL,
+    "DeletedBy" = NULL,
+    "UpdatedAt" = NOW()
+FROM public.role_permissions source
+INNER JOIN public.permissions source_permission
+    ON source_permission."Id" = source."PermissionId"
+INNER JOIN code_mapping mapping
+    ON mapping.source_code = source_permission."Code"
+INNER JOIN public.permissions target_permission
+    ON target_permission."Code" = mapping.target_code
+WHERE
+    source."Portal" = 1
+    AND target."Portal" = source."Portal"
+    AND target."RoleId" = source."RoleId"
+    AND target."PermissionId" = target_permission."Id"
+    AND (
+        (target."TenantId" IS NULL AND source."TenantId" IS NULL)
+        OR target."TenantId" = source."TenantId"
+    );
+
+COMMIT;

deploy/postgres/seed_tenant_member_stored_card_permissions.sql

@@ -0,0 +1,287 @@
+-- 文件职责：补齐 Tenant 端会员储值卡权限与菜单权限绑定（可重复执行）。
+-- 执行范围：takeout_identity 数据库（Portal=1，Tenant 端）。
+
+BEGIN;
+
+-- 1) 新增/修正会员储值卡权限码
+WITH stored_card_permissions(code, name, sort_order) AS (
+    VALUES
+        ('tenant:member:stored-card:view', '查看会员储值卡', 46),
+        ('tenant:member:stored-card:manage', '管理会员储值卡', 47)
+),
+missing AS (
+    SELECT
+        source.code,
+        source.name,
+        source.sort_order,
+        ROW_NUMBER() OVER (ORDER BY source.sort_order, source.code) AS rn
+    FROM stored_card_permissions source
+    LEFT JOIN public.permissions existing
+        ON existing."Code" = source.code
+    WHERE existing."Id" IS NULL
+),
+base AS (
+    SELECT COALESCE(MAX("Id"), 820000000000000000) AS max_id
+    FROM public.permissions
+),
+parent AS (
+    SELECT COALESCE(
+        (
+            SELECT "Id"
+            FROM public.permissions
+            WHERE "Code" = 'tenant:member:view'
+            LIMIT 1
+        ),
+        (
+            SELECT "ParentId"
+            FROM public.permissions
+            WHERE "Code" = 'tenant:order:list:view'
+            LIMIT 1
+        ),
+        820000000000000004
+    ) AS parent_id
+)
+INSERT INTO public.permissions
+(
+    "Id", "Name", "Code", "Description", "CreatedAt", "UpdatedAt", "DeletedAt",
+    "CreatedBy", "UpdatedBy", "DeletedBy", "ParentId", "SortOrder", "Type", "Portal"
+)
+SELECT
+    base.max_id + missing.rn,
+    missing.name,
+    missing.code,
+    NULL,
+    NOW(),
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    parent.parent_id,
+    missing.sort_order,
+    'leaf',
+    1
+FROM missing
+CROSS JOIN base
+CROSS JOIN parent;
+
+WITH stored_card_permissions(code, name, sort_order) AS (
+    VALUES
+        ('tenant:member:stored-card:view', '查看会员储值卡', 46),
+        ('tenant:member:stored-card:manage', '管理会员储值卡', 47)
+),
+parent AS (
+    SELECT COALESCE(
+        (
+            SELECT "Id"
+            FROM public.permissions
+            WHERE "Code" = 'tenant:member:view'
+            LIMIT 1
+        ),
+        (
+            SELECT "ParentId"
+            FROM public.permissions
+            WHERE "Code" = 'tenant:order:list:view'
+            LIMIT 1
+        ),
+        820000000000000004
+    ) AS parent_id
+)
+UPDATE public.permissions target
+SET
+    "Name" = source.name,
+    "ParentId" = parent.parent_id,
+    "SortOrder" = source.sort_order,
+    "Type" = 'leaf',
+    "Portal" = 1,
+    "DeletedAt" = NULL,
+    "DeletedBy" = NULL,
+    "UpdatedAt" = NOW()
+FROM stored_card_permissions source
+CROSS JOIN parent
+WHERE target."Code" = source.code;
+
+-- 2) 绑定会员储值卡菜单权限
+UPDATE public.menu_definitions
+SET
+    "RequiredPermissions" = 'tenant:member:stored-card:view',
+    "MetaPermissions" = 'tenant:member:stored-card:view,tenant:member:stored-card:manage',
+    "AuthListJson" = '[{"title":"编辑","authMark":"tenant:member:stored-card:manage"}]',
+    "UpdatedAt" = NOW()
+WHERE
+    "Portal" = 1
+    AND (
+        "Name" = 'StoredCard'
+        OR "Path" = 'stored-card'
+        OR "Component" = '/member/stored-card/index'
+    );
+
+-- 3) 给角色模板补齐会员储值卡权限（按订单列表权限映射）
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:order:list:view', 'tenant:member:stored-card:view'),
+        ('tenant:order:list:update', 'tenant:member:stored-card:manage')
+),
+candidates AS (
+    SELECT DISTINCT
+        source."RoleTemplateId",
+        mapping.target_code
+    FROM public.role_template_permissions source
+    INNER JOIN code_mapping mapping
+        ON mapping.source_code = source."PermissionCode"
+    WHERE source."DeletedAt" IS NULL
+),
+missing AS (
+    SELECT
+        candidate."RoleTemplateId",
+        candidate.target_code,
+        ROW_NUMBER() OVER (
+            ORDER BY candidate."RoleTemplateId", candidate.target_code
+        ) AS rn
+    FROM candidates candidate
+    LEFT JOIN public.role_template_permissions existing
+        ON existing."RoleTemplateId" = candidate."RoleTemplateId"
+       AND existing."PermissionCode" = candidate.target_code
+    WHERE existing."Id" IS NULL
+),
+base AS (
+    SELECT COALESCE(MAX("Id"), 820000000000000000) AS max_id
+    FROM public.role_template_permissions
+)
+INSERT INTO public.role_template_permissions
+(
+    "Id", "RoleTemplateId", "PermissionCode", "CreatedAt", "UpdatedAt", "DeletedAt",
+    "CreatedBy", "UpdatedBy", "DeletedBy"
+)
+SELECT
+    base.max_id + missing.rn,
+    missing."RoleTemplateId",
+    missing.target_code,
+    NOW(),
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL
+FROM missing
+CROSS JOIN base;
+
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:order:list:view', 'tenant:member:stored-card:view'),
+        ('tenant:order:list:update', 'tenant:member:stored-card:manage')
+)
+UPDATE public.role_template_permissions target
+SET
+    "DeletedAt" = NULL,
+    "DeletedBy" = NULL,
+    "UpdatedAt" = NOW()
+FROM public.role_template_permissions source
+INNER JOIN code_mapping mapping
+    ON mapping.source_code = source."PermissionCode"
+WHERE
+    source."RoleTemplateId" = target."RoleTemplateId"
+    AND target."PermissionCode" = mapping.target_code;
+
+-- 4) 给租户角色补齐会员储值卡权限（按订单列表权限映射）
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:order:list:view', 'tenant:member:stored-card:view'),
+        ('tenant:order:list:update', 'tenant:member:stored-card:manage')
+),
+source_rows AS (
+    SELECT DISTINCT
+        source."RoleId",
+        source."TenantId",
+        source."Portal",
+        mapping.target_code
+    FROM public.role_permissions source
+    INNER JOIN public.permissions source_permission
+        ON source_permission."Id" = source."PermissionId"
+    INNER JOIN code_mapping mapping
+        ON mapping.source_code = source_permission."Code"
+    WHERE source."DeletedAt" IS NULL
+      AND source."Portal" = 1
+),
+candidates AS (
+    SELECT DISTINCT
+        source_row."RoleId",
+        source_row."TenantId",
+        source_row."Portal",
+        target_permission."Id" AS target_permission_id
+    FROM source_rows source_row
+    INNER JOIN public.permissions target_permission
+        ON target_permission."Code" = source_row.target_code
+),
+missing AS (
+    SELECT
+        candidate."RoleId",
+        candidate."TenantId",
+        candidate."Portal",
+        candidate.target_permission_id,
+        ROW_NUMBER() OVER (
+            ORDER BY candidate."TenantId", candidate."RoleId", candidate.target_permission_id
+        ) AS rn
+    FROM candidates candidate
+    LEFT JOIN public.role_permissions existing
+        ON existing."RoleId" = candidate."RoleId"
+       AND existing."PermissionId" = candidate.target_permission_id
+       AND existing."Portal" = candidate."Portal"
+       AND (
+            (existing."TenantId" IS NULL AND candidate."TenantId" IS NULL)
+            OR existing."TenantId" = candidate."TenantId"
+       )
+    WHERE existing."Id" IS NULL
+),
+base AS (
+    SELECT COALESCE(MAX("Id"), 830000000000000000) AS max_id
+    FROM public.role_permissions
+)
+INSERT INTO public.role_permissions
+(
+    "Id", "RoleId", "PermissionId", "CreatedAt", "UpdatedAt", "DeletedAt",
+    "CreatedBy", "UpdatedBy", "DeletedBy", "TenantId", "Portal"
+)
+SELECT
+    base.max_id + missing.rn,
+    missing."RoleId",
+    missing.target_permission_id,
+    NOW(),
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    missing."TenantId",
+    missing."Portal"
+FROM missing
+CROSS JOIN base;
+
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:order:list:view', 'tenant:member:stored-card:view'),
+        ('tenant:order:list:update', 'tenant:member:stored-card:manage')
+)
+UPDATE public.role_permissions target
+SET
+    "DeletedAt" = NULL,
+    "DeletedBy" = NULL,
+    "UpdatedAt" = NOW()
+FROM public.role_permissions source
+INNER JOIN public.permissions source_permission
+    ON source_permission."Id" = source."PermissionId"
+INNER JOIN code_mapping mapping
+    ON mapping.source_code = source_permission."Code"
+INNER JOIN public.permissions target_permission
+    ON target_permission."Code" = mapping.target_code
+WHERE
+    source."Portal" = 1
+    AND target."Portal" = source."Portal"
+    AND target."RoleId" = source."RoleId"
+    AND target."PermissionId" = target_permission."Id"
+    AND (
+        (target."TenantId" IS NULL AND source."TenantId" IS NULL)
+        OR target."TenantId" = source."TenantId"
+    );
+
+COMMIT;

deploy/postgres/seed_tenant_new_customer_permissions.sql

@@ -0,0 +1,255 @@
+-- 文件职责：补齐 Tenant 端新客有礼权限与菜单权限绑定（可重复执行）。
+-- 执行范围：takeout_identity 数据库（Portal=1，Tenant 端）。
+
+BEGIN;
+
+-- 1) 新增/修正营销中心新客有礼权限码
+WITH new_customer_permissions(code, name, sort_order) AS (
+    VALUES
+        ('tenant:marketing:new-customer:view', '查看新客有礼', 34),
+        ('tenant:marketing:new-customer:manage', '管理新客有礼', 35)
+),
+missing AS (
+    SELECT
+        source.code,
+        source.name,
+        source.sort_order,
+        ROW_NUMBER() OVER (ORDER BY source.sort_order, source.code) AS rn
+    FROM new_customer_permissions source
+    LEFT JOIN public.permissions existing
+        ON existing."Code" = source.code
+    WHERE existing."Id" IS NULL
+),
+base AS (
+    SELECT COALESCE(MAX("Id"), 820000000000000000) AS max_id
+    FROM public.permissions
+)
+INSERT INTO public.permissions
+(
+    "Id", "Name", "Code", "Description", "CreatedAt", "UpdatedAt", "DeletedAt",
+    "CreatedBy", "UpdatedBy", "DeletedBy", "ParentId", "SortOrder", "Type", "Portal"
+)
+SELECT
+    base.max_id + missing.rn,
+    missing.name,
+    missing.code,
+    NULL,
+    NOW(),
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    820000000000000005,
+    missing.sort_order,
+    'leaf',
+    1
+FROM missing
+CROSS JOIN base;
+
+WITH new_customer_permissions(code, name, sort_order) AS (
+    VALUES
+        ('tenant:marketing:new-customer:view', '查看新客有礼', 34),
+        ('tenant:marketing:new-customer:manage', '管理新客有礼', 35)
+)
+UPDATE public.permissions target
+SET
+    "Name" = source.name,
+    "ParentId" = 820000000000000005,
+    "SortOrder" = source.sort_order,
+    "Type" = 'leaf',
+    "Portal" = 1,
+    "DeletedAt" = NULL,
+    "DeletedBy" = NULL,
+    "UpdatedAt" = NOW()
+FROM new_customer_permissions source
+WHERE target."Code" = source.code;
+
+-- 2) 绑定新客有礼菜单的访问权限与按钮权限
+UPDATE public.menu_definitions
+SET
+    "RequiredPermissions" = 'tenant:marketing:new-customer:view',
+    "MetaPermissions" = 'tenant:marketing:new-customer:view,tenant:marketing:new-customer:manage',
+    "AuthListJson" = '[{"title":"管理","authMark":"tenant:marketing:new-customer:manage"}]',
+    "UpdatedAt" = NOW()
+WHERE
+    "Portal" = 1
+    AND ("Path" = 'new-customer' OR "Component" = '/marketing/new-customer/index');
+
+-- 3) 给角色模板补齐新客有礼权限（按满减权限映射）
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:marketing:full-reduction:view', 'tenant:marketing:new-customer:view'),
+        ('tenant:marketing:full-reduction:create', 'tenant:marketing:new-customer:manage'),
+        ('tenant:marketing:full-reduction:update', 'tenant:marketing:new-customer:manage'),
+        ('tenant:marketing:full-reduction:delete', 'tenant:marketing:new-customer:manage')
+),
+candidates AS (
+    SELECT DISTINCT
+        source."RoleTemplateId",
+        mapping.target_code
+    FROM public.role_template_permissions source
+    INNER JOIN code_mapping mapping
+        ON mapping.source_code = source."PermissionCode"
+    WHERE source."DeletedAt" IS NULL
+),
+missing AS (
+    SELECT
+        candidate."RoleTemplateId",
+        candidate.target_code,
+        ROW_NUMBER() OVER (
+            ORDER BY candidate."RoleTemplateId", candidate.target_code
+        ) AS rn
+    FROM candidates candidate
+    LEFT JOIN public.role_template_permissions existing
+        ON existing."RoleTemplateId" = candidate."RoleTemplateId"
+       AND existing."PermissionCode" = candidate.target_code
+    WHERE existing."Id" IS NULL
+),
+base AS (
+    SELECT COALESCE(MAX("Id"), 820000000000000000) AS max_id
+    FROM public.role_template_permissions
+)
+INSERT INTO public.role_template_permissions
+(
+    "Id", "RoleTemplateId", "PermissionCode", "CreatedAt", "UpdatedAt", "DeletedAt",
+    "CreatedBy", "UpdatedBy", "DeletedBy"
+)
+SELECT
+    base.max_id + missing.rn,
+    missing."RoleTemplateId",
+    missing.target_code,
+    NOW(),
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL
+FROM missing
+CROSS JOIN base;
+
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:marketing:full-reduction:view', 'tenant:marketing:new-customer:view'),
+        ('tenant:marketing:full-reduction:create', 'tenant:marketing:new-customer:manage'),
+        ('tenant:marketing:full-reduction:update', 'tenant:marketing:new-customer:manage'),
+        ('tenant:marketing:full-reduction:delete', 'tenant:marketing:new-customer:manage')
+)
+UPDATE public.role_template_permissions target
+SET
+    "DeletedAt" = NULL,
+    "DeletedBy" = NULL,
+    "UpdatedAt" = NOW()
+FROM public.role_template_permissions source
+INNER JOIN code_mapping mapping
+    ON mapping.source_code = source."PermissionCode"
+WHERE
+    source."RoleTemplateId" = target."RoleTemplateId"
+    AND target."PermissionCode" = mapping.target_code;
+
+-- 4) 给租户角色补齐新客有礼权限（按满减权限映射）
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:marketing:full-reduction:view', 'tenant:marketing:new-customer:view'),
+        ('tenant:marketing:full-reduction:create', 'tenant:marketing:new-customer:manage'),
+        ('tenant:marketing:full-reduction:update', 'tenant:marketing:new-customer:manage'),
+        ('tenant:marketing:full-reduction:delete', 'tenant:marketing:new-customer:manage')
+),
+source_rows AS (
+    SELECT DISTINCT
+        source."RoleId",
+        source."TenantId",
+        source."Portal",
+        mapping.target_code
+    FROM public.role_permissions source
+    INNER JOIN public.permissions source_permission
+        ON source_permission."Id" = source."PermissionId"
+    INNER JOIN code_mapping mapping
+        ON mapping.source_code = source_permission."Code"
+    WHERE source."DeletedAt" IS NULL
+      AND source."Portal" = 1
+),
+candidates AS (
+    SELECT DISTINCT
+        source_row."RoleId",
+        source_row."TenantId",
+        source_row."Portal",
+        target_permission."Id" AS target_permission_id
+    FROM source_rows source_row
+    INNER JOIN public.permissions target_permission
+        ON target_permission."Code" = source_row.target_code
+),
+missing AS (
+    SELECT
+        candidate."RoleId",
+        candidate."TenantId",
+        candidate."Portal",
+        candidate.target_permission_id,
+        ROW_NUMBER() OVER (
+            ORDER BY candidate."TenantId", candidate."RoleId", candidate.target_permission_id
+        ) AS rn
+    FROM candidates candidate
+    LEFT JOIN public.role_permissions existing
+        ON existing."RoleId" = candidate."RoleId"
+       AND existing."PermissionId" = candidate.target_permission_id
+       AND existing."Portal" = candidate."Portal"
+       AND (
+            (existing."TenantId" IS NULL AND candidate."TenantId" IS NULL)
+            OR existing."TenantId" = candidate."TenantId"
+       )
+    WHERE existing."Id" IS NULL
+),
+base AS (
+    SELECT COALESCE(MAX("Id"), 830000000000000000) AS max_id
+    FROM public.role_permissions
+)
+INSERT INTO public.role_permissions
+(
+    "Id", "RoleId", "PermissionId", "CreatedAt", "UpdatedAt", "DeletedAt",
+    "CreatedBy", "UpdatedBy", "DeletedBy", "TenantId", "Portal"
+)
+SELECT
+    base.max_id + missing.rn,
+    missing."RoleId",
+    missing.target_permission_id,
+    NOW(),
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    missing."TenantId",
+    missing."Portal"
+FROM missing
+CROSS JOIN base;
+
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:marketing:full-reduction:view', 'tenant:marketing:new-customer:view'),
+        ('tenant:marketing:full-reduction:create', 'tenant:marketing:new-customer:manage'),
+        ('tenant:marketing:full-reduction:update', 'tenant:marketing:new-customer:manage'),
+        ('tenant:marketing:full-reduction:delete', 'tenant:marketing:new-customer:manage')
+)
+UPDATE public.role_permissions target
+SET
+    "DeletedAt" = NULL,
+    "DeletedBy" = NULL,
+    "UpdatedAt" = NOW()
+FROM public.role_permissions source
+INNER JOIN public.permissions source_permission
+    ON source_permission."Id" = source."PermissionId"
+INNER JOIN code_mapping mapping
+    ON mapping.source_code = source_permission."Code"
+INNER JOIN public.permissions target_permission
+    ON target_permission."Code" = mapping.target_code
+WHERE
+    source."Portal" = 1
+    AND target."Portal" = source."Portal"
+    AND target."RoleId" = source."RoleId"
+    AND target."PermissionId" = target_permission."Id"
+    AND (
+        (target."TenantId" IS NULL AND source."TenantId" IS NULL)
+        OR target."TenantId" = source."TenantId"
+    );
+
+COMMIT;

deploy/postgres/seed_tenant_punch_card_permissions.sql

@@ -0,0 +1,255 @@
+-- 文件职责：补齐 Tenant 端次卡管理权限与菜单权限绑定（可重复执行）。
+-- 执行范围：takeout_identity 数据库（Portal=1，Tenant 端）。
+
+BEGIN;
+
+-- 1) 新增/修正营销中心次卡管理权限码
+WITH punch_card_permissions(code, name, sort_order) AS (
+    VALUES
+        ('tenant:marketing:punch-card:view', '查看次卡管理', 36),
+        ('tenant:marketing:punch-card:manage', '管理次卡管理', 37)
+),
+missing AS (
+    SELECT
+        source.code,
+        source.name,
+        source.sort_order,
+        ROW_NUMBER() OVER (ORDER BY source.sort_order, source.code) AS rn
+    FROM punch_card_permissions source
+    LEFT JOIN public.permissions existing
+        ON existing."Code" = source.code
+    WHERE existing."Id" IS NULL
+),
+base AS (
+    SELECT COALESCE(MAX("Id"), 820000000000000000) AS max_id
+    FROM public.permissions
+)
+INSERT INTO public.permissions
+(
+    "Id", "Name", "Code", "Description", "CreatedAt", "UpdatedAt", "DeletedAt",
+    "CreatedBy", "UpdatedBy", "DeletedBy", "ParentId", "SortOrder", "Type", "Portal"
+)
+SELECT
+    base.max_id + missing.rn,
+    missing.name,
+    missing.code,
+    NULL,
+    NOW(),
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    820000000000000005,
+    missing.sort_order,
+    'leaf',
+    1
+FROM missing
+CROSS JOIN base;
+
+WITH punch_card_permissions(code, name, sort_order) AS (
+    VALUES
+        ('tenant:marketing:punch-card:view', '查看次卡管理', 36),
+        ('tenant:marketing:punch-card:manage', '管理次卡管理', 37)
+)
+UPDATE public.permissions target
+SET
+    "Name" = source.name,
+    "ParentId" = 820000000000000005,
+    "SortOrder" = source.sort_order,
+    "Type" = 'leaf',
+    "Portal" = 1,
+    "DeletedAt" = NULL,
+    "DeletedBy" = NULL,
+    "UpdatedAt" = NOW()
+FROM punch_card_permissions source
+WHERE target."Code" = source.code;
+
+-- 2) 绑定次卡管理菜单的访问权限与按钮权限
+UPDATE public.menu_definitions
+SET
+    "RequiredPermissions" = 'tenant:marketing:punch-card:view',
+    "MetaPermissions" = 'tenant:marketing:punch-card:view,tenant:marketing:punch-card:manage',
+    "AuthListJson" = '[{"title":"管理","authMark":"tenant:marketing:punch-card:manage"}]',
+    "UpdatedAt" = NOW()
+WHERE
+    "Portal" = 1
+    AND ("Path" = 'punch-card' OR "Component" = '/marketing/punch-card/index');
+
+-- 3) 给角色模板补齐次卡管理权限（按满减权限映射）
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:marketing:full-reduction:view', 'tenant:marketing:punch-card:view'),
+        ('tenant:marketing:full-reduction:create', 'tenant:marketing:punch-card:manage'),
+        ('tenant:marketing:full-reduction:update', 'tenant:marketing:punch-card:manage'),
+        ('tenant:marketing:full-reduction:delete', 'tenant:marketing:punch-card:manage')
+),
+candidates AS (
+    SELECT DISTINCT
+        source."RoleTemplateId",
+        mapping.target_code
+    FROM public.role_template_permissions source
+    INNER JOIN code_mapping mapping
+        ON mapping.source_code = source."PermissionCode"
+    WHERE source."DeletedAt" IS NULL
+),
+missing AS (
+    SELECT
+        candidate."RoleTemplateId",
+        candidate.target_code,
+        ROW_NUMBER() OVER (
+            ORDER BY candidate."RoleTemplateId", candidate.target_code
+        ) AS rn
+    FROM candidates candidate
+    LEFT JOIN public.role_template_permissions existing
+        ON existing."RoleTemplateId" = candidate."RoleTemplateId"
+       AND existing."PermissionCode" = candidate.target_code
+    WHERE existing."Id" IS NULL
+),
+base AS (
+    SELECT COALESCE(MAX("Id"), 820000000000000000) AS max_id
+    FROM public.role_template_permissions
+)
+INSERT INTO public.role_template_permissions
+(
+    "Id", "RoleTemplateId", "PermissionCode", "CreatedAt", "UpdatedAt", "DeletedAt",
+    "CreatedBy", "UpdatedBy", "DeletedBy"
+)
+SELECT
+    base.max_id + missing.rn,
+    missing."RoleTemplateId",
+    missing.target_code,
+    NOW(),
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL
+FROM missing
+CROSS JOIN base;
+
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:marketing:full-reduction:view', 'tenant:marketing:punch-card:view'),
+        ('tenant:marketing:full-reduction:create', 'tenant:marketing:punch-card:manage'),
+        ('tenant:marketing:full-reduction:update', 'tenant:marketing:punch-card:manage'),
+        ('tenant:marketing:full-reduction:delete', 'tenant:marketing:punch-card:manage')
+)
+UPDATE public.role_template_permissions target
+SET
+    "DeletedAt" = NULL,
+    "DeletedBy" = NULL,
+    "UpdatedAt" = NOW()
+FROM public.role_template_permissions source
+INNER JOIN code_mapping mapping
+    ON mapping.source_code = source."PermissionCode"
+WHERE
+    source."RoleTemplateId" = target."RoleTemplateId"
+    AND target."PermissionCode" = mapping.target_code;
+
+-- 4) 给租户角色补齐次卡管理权限（按满减权限映射）
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:marketing:full-reduction:view', 'tenant:marketing:punch-card:view'),
+        ('tenant:marketing:full-reduction:create', 'tenant:marketing:punch-card:manage'),
+        ('tenant:marketing:full-reduction:update', 'tenant:marketing:punch-card:manage'),
+        ('tenant:marketing:full-reduction:delete', 'tenant:marketing:punch-card:manage')
+),
+source_rows AS (
+    SELECT DISTINCT
+        source."RoleId",
+        source."TenantId",
+        source."Portal",
+        mapping.target_code
+    FROM public.role_permissions source
+    INNER JOIN public.permissions source_permission
+        ON source_permission."Id" = source."PermissionId"
+    INNER JOIN code_mapping mapping
+        ON mapping.source_code = source_permission."Code"
+    WHERE source."DeletedAt" IS NULL
+      AND source."Portal" = 1
+),
+candidates AS (
+    SELECT DISTINCT
+        source_row."RoleId",
+        source_row."TenantId",
+        source_row."Portal",
+        target_permission."Id" AS target_permission_id
+    FROM source_rows source_row
+    INNER JOIN public.permissions target_permission
+        ON target_permission."Code" = source_row.target_code
+),
+missing AS (
+    SELECT
+        candidate."RoleId",
+        candidate."TenantId",
+        candidate."Portal",
+        candidate.target_permission_id,
+        ROW_NUMBER() OVER (
+            ORDER BY candidate."TenantId", candidate."RoleId", candidate.target_permission_id
+        ) AS rn
+    FROM candidates candidate
+    LEFT JOIN public.role_permissions existing
+        ON existing."RoleId" = candidate."RoleId"
+       AND existing."PermissionId" = candidate.target_permission_id
+       AND existing."Portal" = candidate."Portal"
+       AND (
+            (existing."TenantId" IS NULL AND candidate."TenantId" IS NULL)
+            OR existing."TenantId" = candidate."TenantId"
+       )
+    WHERE existing."Id" IS NULL
+),
+base AS (
+    SELECT COALESCE(MAX("Id"), 830000000000000000) AS max_id
+    FROM public.role_permissions
+)
+INSERT INTO public.role_permissions
+(
+    "Id", "RoleId", "PermissionId", "CreatedAt", "UpdatedAt", "DeletedAt",
+    "CreatedBy", "UpdatedBy", "DeletedBy", "TenantId", "Portal"
+)
+SELECT
+    base.max_id + missing.rn,
+    missing."RoleId",
+    missing.target_permission_id,
+    NOW(),
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    missing."TenantId",
+    missing."Portal"
+FROM missing
+CROSS JOIN base;
+
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:marketing:full-reduction:view', 'tenant:marketing:punch-card:view'),
+        ('tenant:marketing:full-reduction:create', 'tenant:marketing:punch-card:manage'),
+        ('tenant:marketing:full-reduction:update', 'tenant:marketing:punch-card:manage'),
+        ('tenant:marketing:full-reduction:delete', 'tenant:marketing:punch-card:manage')
+)
+UPDATE public.role_permissions target
+SET
+    "DeletedAt" = NULL,
+    "DeletedBy" = NULL,
+    "UpdatedAt" = NOW()
+FROM public.role_permissions source
+INNER JOIN public.permissions source_permission
+    ON source_permission."Id" = source."PermissionId"
+INNER JOIN code_mapping mapping
+    ON mapping.source_code = source_permission."Code"
+INNER JOIN public.permissions target_permission
+    ON target_permission."Code" = mapping.target_code
+WHERE
+    source."Portal" = 1
+    AND target."Portal" = source."Portal"
+    AND target."RoleId" = source."RoleId"
+    AND target."PermissionId" = target_permission."Id"
+    AND (
+        (target."TenantId" IS NULL AND source."TenantId" IS NULL)
+        OR target."TenantId" = source."TenantId"
+    );
+
+COMMIT;

deploy/postgres/seed_tenant_seckill_permissions.sql

@@ -0,0 +1,263 @@
+-- 文件职责：补齐 Tenant 端秒杀活动权限与菜单权限绑定（可重复执行）。
+-- 执行范围：takeout_identity 数据库（Portal=1，Tenant 端）。
+
+BEGIN;
+
+-- 1) 新增/修正营销中心秒杀权限码
+WITH seckill_permissions(code, name, sort_order) AS (
+    VALUES
+        ('tenant:marketing:seckill:view', '查看秒杀活动', 29),
+        ('tenant:marketing:seckill:create', '创建秒杀活动', 30),
+        ('tenant:marketing:seckill:update', '编辑秒杀活动', 31),
+        ('tenant:marketing:seckill:delete', '删除秒杀活动', 32),
+        ('tenant:marketing:seckill:status', '切换秒杀状态', 33)
+),
+missing AS (
+    SELECT
+        s.code,
+        s.name,
+        s.sort_order,
+        ROW_NUMBER() OVER (ORDER BY s.sort_order, s.code) AS rn
+    FROM seckill_permissions s
+    LEFT JOIN public.permissions p
+        ON p."Code" = s.code
+    WHERE p."Id" IS NULL
+),
+base AS (
+    SELECT COALESCE(MAX("Id"), 820000000000000000) AS max_id
+    FROM public.permissions
+)
+INSERT INTO public.permissions
+(
+    "Id", "Name", "Code", "Description", "CreatedAt", "UpdatedAt", "DeletedAt",
+    "CreatedBy", "UpdatedBy", "DeletedBy", "ParentId", "SortOrder", "Type", "Portal"
+)
+SELECT
+    base.max_id + missing.rn,
+    missing.name,
+    missing.code,
+    NULL,
+    NOW(),
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    820000000000000005,
+    missing.sort_order,
+    'leaf',
+    1
+FROM missing
+CROSS JOIN base;
+
+WITH seckill_permissions(code, name, sort_order) AS (
+    VALUES
+        ('tenant:marketing:seckill:view', '查看秒杀活动', 29),
+        ('tenant:marketing:seckill:create', '创建秒杀活动', 30),
+        ('tenant:marketing:seckill:update', '编辑秒杀活动', 31),
+        ('tenant:marketing:seckill:delete', '删除秒杀活动', 32),
+        ('tenant:marketing:seckill:status', '切换秒杀状态', 33)
+)
+UPDATE public.permissions p
+SET
+    "Name" = s.name,
+    "ParentId" = 820000000000000005,
+    "SortOrder" = s.sort_order,
+    "Type" = 'leaf',
+    "Portal" = 1,
+    "DeletedAt" = NULL,
+    "DeletedBy" = NULL,
+    "UpdatedAt" = NOW()
+FROM seckill_permissions s
+WHERE p."Code" = s.code;
+
+-- 2) 绑定秒杀菜单的访问权限与按钮权限
+UPDATE public.menu_definitions
+SET
+    "RequiredPermissions" = 'tenant:marketing:seckill:view',
+    "MetaPermissions" = 'tenant:marketing:seckill:view,tenant:marketing:seckill:create,tenant:marketing:seckill:update,tenant:marketing:seckill:delete,tenant:marketing:seckill:status',
+    "AuthListJson" = '[{"title":"创建","authMark":"tenant:marketing:seckill:create"},{"title":"编辑","authMark":"tenant:marketing:seckill:update"},{"title":"删除","authMark":"tenant:marketing:seckill:delete"},{"title":"停启用","authMark":"tenant:marketing:seckill:status"}]',
+    "UpdatedAt" = NOW()
+WHERE
+    "Portal" = 1
+    AND ("Path" = 'seckill' OR "Component" = '/marketing/seckill/index');
+
+-- 3) 给角色模板补齐秒杀权限（按满减权限映射）
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:marketing:full-reduction:view', 'tenant:marketing:seckill:view'),
+        ('tenant:marketing:full-reduction:create', 'tenant:marketing:seckill:create'),
+        ('tenant:marketing:full-reduction:update', 'tenant:marketing:seckill:update'),
+        ('tenant:marketing:full-reduction:delete', 'tenant:marketing:seckill:delete'),
+        ('tenant:marketing:full-reduction:update', 'tenant:marketing:seckill:status')
+),
+candidates AS (
+    SELECT DISTINCT
+        rtp."RoleTemplateId",
+        mapping.target_code
+    FROM public.role_template_permissions rtp
+    INNER JOIN code_mapping mapping
+        ON mapping.source_code = rtp."PermissionCode"
+    WHERE rtp."DeletedAt" IS NULL
+),
+missing AS (
+    SELECT
+        c."RoleTemplateId",
+        c.target_code,
+        ROW_NUMBER() OVER (ORDER BY c."RoleTemplateId", c.target_code) AS rn
+    FROM candidates c
+    LEFT JOIN public.role_template_permissions existing
+        ON existing."RoleTemplateId" = c."RoleTemplateId"
+       AND existing."PermissionCode" = c.target_code
+    WHERE existing."Id" IS NULL
+),
+base AS (
+    SELECT COALESCE(MAX("Id"), 820000000000000000) AS max_id
+    FROM public.role_template_permissions
+)
+INSERT INTO public.role_template_permissions
+(
+    "Id", "RoleTemplateId", "PermissionCode", "CreatedAt", "UpdatedAt", "DeletedAt",
+    "CreatedBy", "UpdatedBy", "DeletedBy"
+)
+SELECT
+    base.max_id + missing.rn,
+    missing."RoleTemplateId",
+    missing.target_code,
+    NOW(),
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL
+FROM missing
+CROSS JOIN base;
+
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:marketing:full-reduction:view', 'tenant:marketing:seckill:view'),
+        ('tenant:marketing:full-reduction:create', 'tenant:marketing:seckill:create'),
+        ('tenant:marketing:full-reduction:update', 'tenant:marketing:seckill:update'),
+        ('tenant:marketing:full-reduction:delete', 'tenant:marketing:seckill:delete'),
+        ('tenant:marketing:full-reduction:update', 'tenant:marketing:seckill:status')
+)
+UPDATE public.role_template_permissions target
+SET
+    "DeletedAt" = NULL,
+    "DeletedBy" = NULL,
+    "UpdatedAt" = NOW()
+FROM public.role_template_permissions source
+INNER JOIN code_mapping mapping
+    ON mapping.source_code = source."PermissionCode"
+WHERE
+    source."RoleTemplateId" = target."RoleTemplateId"
+    AND target."PermissionCode" = mapping.target_code;
+
+-- 4) 给租户角色补齐秒杀权限（按满减权限映射）
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:marketing:full-reduction:view', 'tenant:marketing:seckill:view'),
+        ('tenant:marketing:full-reduction:create', 'tenant:marketing:seckill:create'),
+        ('tenant:marketing:full-reduction:update', 'tenant:marketing:seckill:update'),
+        ('tenant:marketing:full-reduction:delete', 'tenant:marketing:seckill:delete'),
+        ('tenant:marketing:full-reduction:update', 'tenant:marketing:seckill:status')
+),
+source_rows AS (
+    SELECT DISTINCT
+        rp."RoleId",
+        rp."TenantId",
+        rp."Portal",
+        mapping.target_code
+    FROM public.role_permissions rp
+    INNER JOIN public.permissions source_permission
+        ON source_permission."Id" = rp."PermissionId"
+    INNER JOIN code_mapping mapping
+        ON mapping.source_code = source_permission."Code"
+    WHERE rp."DeletedAt" IS NULL
+      AND rp."Portal" = 1
+),
+candidates AS (
+    SELECT DISTINCT
+        s."RoleId",
+        s."TenantId",
+        s."Portal",
+        target_permission."Id" AS target_permission_id
+    FROM source_rows s
+    INNER JOIN public.permissions target_permission
+        ON target_permission."Code" = s.target_code
+),
+missing AS (
+    SELECT
+        c."RoleId",
+        c."TenantId",
+        c."Portal",
+        c.target_permission_id,
+        ROW_NUMBER() OVER (
+            ORDER BY c."TenantId", c."RoleId", c.target_permission_id
+        ) AS rn
+    FROM candidates c
+    LEFT JOIN public.role_permissions existing
+        ON existing."RoleId" = c."RoleId"
+       AND existing."PermissionId" = c.target_permission_id
+       AND existing."Portal" = c."Portal"
+       AND (
+            (existing."TenantId" IS NULL AND c."TenantId" IS NULL)
+            OR existing."TenantId" = c."TenantId"
+       )
+    WHERE existing."Id" IS NULL
+),
+base AS (
+    SELECT COALESCE(MAX("Id"), 830000000000000000) AS max_id
+    FROM public.role_permissions
+)
+INSERT INTO public.role_permissions
+(
+    "Id", "RoleId", "PermissionId", "CreatedAt", "UpdatedAt", "DeletedAt",
+    "CreatedBy", "UpdatedBy", "DeletedBy", "TenantId", "Portal"
+)
+SELECT
+    base.max_id + missing.rn,
+    missing."RoleId",
+    missing.target_permission_id,
+    NOW(),
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    missing."TenantId",
+    missing."Portal"
+FROM missing
+CROSS JOIN base;
+
+WITH code_mapping(source_code, target_code) AS (
+    VALUES
+        ('tenant:marketing:full-reduction:view', 'tenant:marketing:seckill:view'),
+        ('tenant:marketing:full-reduction:create', 'tenant:marketing:seckill:create'),
+        ('tenant:marketing:full-reduction:update', 'tenant:marketing:seckill:update'),
+        ('tenant:marketing:full-reduction:delete', 'tenant:marketing:seckill:delete'),
+        ('tenant:marketing:full-reduction:update', 'tenant:marketing:seckill:status')
+)
+UPDATE public.role_permissions target
+SET
+    "DeletedAt" = NULL,
+    "DeletedBy" = NULL,
+    "UpdatedAt" = NOW()
+FROM public.role_permissions source
+INNER JOIN public.permissions source_permission
+    ON source_permission."Id" = source."PermissionId"
+INNER JOIN code_mapping mapping
+    ON mapping.source_code = source_permission."Code"
+INNER JOIN public.permissions target_permission
+    ON target_permission."Code" = mapping.target_code
+WHERE
+    source."Portal" = 1
+    AND target."Portal" = source."Portal"
+    AND target."RoleId" = source."RoleId"
+    AND target."PermissionId" = target_permission."Id"
+    AND (
+        (target."TenantId" IS NULL AND source."TenantId" IS NULL)
+        OR target."TenantId" = source."TenantId"
+    );
+
+COMMIT;