2.2 권한 enum/매핑 정의(리소스/액션), 마이그레이션

prisma/schema.prisma

@@ -81,6 +81,24 @@ enum TargetType {
   SYSTEM
 }
 
+// RBAC 리소스/액션 정의
+enum Resource {
+  BOARD
+  POST
+  COMMENT
+  USER
+  ADMIN
+}
+
+enum Action {
+  READ
+  CREATE
+  UPDATE
+  DELETE
+  MODERATE
+  ADMINISTER
+}
+
 // ==== Models ====
 
 // 게시판 정의(관리자 생성/정렬)
@@ -214,13 +232,30 @@ model Role {
   name        String  @unique
   description String?
 
-  userRoles UserRole[]
+  userRoles    UserRole[]
+  permissions  RolePermission[]
 
   createdAt DateTime @default(now())
 
   @@map("roles")
 }
 
+// 역할별 권한 매핑 (리소스×액션)
+model RolePermission {
+  id        String   @id @default(cuid())
+  roleId    String
+  resource  Resource
+  action    Action
+  allowed   Boolean  @default(true)
+  createdAt DateTime @default(now())
+
+  role      Role     @relation(fields: [roleId], references: [roleId], onDelete: Cascade)
+
+  @@unique([roleId, resource, action])
+  @@index([resource, action])
+  @@map("role_permissions")
+}
+
 // 사용자-역할 매핑 (다대다)
 model UserRole {
   id     String @id @default(cuid())