Casbin rules allow CRUD templates operations to groupd_admin

Author: vsilent

migrations/20260103103000_casbin_marketplace_admin_creator_rules.down.sql

@@ -0,0 +1,4 @@
+DELETE FROM public.casbin_rule WHERE ptype = 'p' AND v0 = 'group_admin' AND v1 = '/api/templates' AND v2 = 'POST';
+DELETE FROM public.casbin_rule WHERE ptype = 'p' AND v0 = 'group_admin' AND v1 = '/api/templates/:id' AND v2 = 'PUT';
+DELETE FROM public.casbin_rule WHERE ptype = 'p' AND v0 = 'group_admin' AND v1 = '/api/templates/:id/submit' AND v2 = 'POST';
+DELETE FROM public.casbin_rule WHERE ptype = 'p' AND v0 = 'group_admin' AND v1 = '/api/templates/mine' AND v2 = 'GET';

migrations/20260103103000_casbin_marketplace_admin_creator_rules.up.sql

@@ -0,0 +1,6 @@
+-- Allow admin service accounts (e.g., root) to call marketplace creator endpoints
+-- Admins previously lacked creator privileges which caused 403 responses
+INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_admin', '/api/templates', 'POST', '', '', '');
+INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_admin', '/api/templates/:id', 'PUT', '', '', '');
+INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_admin', '/api/templates/:id/submit', 'POST', '', '', '');
+INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_admin', '/api/templates/mine', 'GET', '', '', '');