修改查询权限接口

3b49a589 · 杨明橙 · dbf5a693 · 3b49a589 · 3b49a589
Commit 3b49a589 authored May 24, 2023 by 杨明橙
Show whitespace changes
Inline Side-by-side

Showing with 91 additions and 59 deletions

permission.py api/permission.py +47 -30

permission.py service/permission.py +44 -29

No files found.
--- a/api/permission.py
+++ b/api/permission.py
@@ -17,7 +17,7 @@ router = APIRouter()
 @router.post('/user/',
             response_model=BaseResponse,
             summary='添加账号权限',
-             description='添加账号权限')
+             description='给用户添加角色')
 async def create_permission(
        create_user_info: CreateUserInfo,
        user: User = Depends(get_current_user),
@@ -25,7 +25,7 @@ async def create_permission(
        permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
 ):
    # 检查是否有权限添加用户
-    assert 'admin' not in create_user_info.roles, FundPermissionError()
+    assert 'admin' not in create_user_info.roles, FundPermissionError()  # 不可添加admin
    is_auth = await check_permission([f'member_permission.{role}.add' for role in create_user_info.roles],
                                     create_user_info.fund_id,
                                     user.email, permission_user_collect,
@@ -41,8 +41,8 @@ async def create_permission(

 @router.get('/user/',
            response_model=BaseResponse,
-            summary='查询账号权限',
-            description='查询账号权限')
+            summary='查询账号权限及角色',
+            description='查询账号权限及角色')
 async def query_account_permission(
        fund_id: str,
        user: User = Depends(get_current_user),
@@ -56,13 +56,14 @@ async def query_account_permission(
    role_db_data = await permission_role_collect.find({'fund_id': fund_id, "name": {"$in": roles}}).to_list(length=None)
    result_role_data = [{"name": item["name"], "label": item["label"]} for item in role_db_data]
    permissions_tree = build_permission_tree(permissions)
+
    return Response(data={'permission': permissions_tree, "roles": result_role_data})


-@router.get('/all/',
+@router.get('/control/',
            response_model=BaseResponse,
-            summary='查询所有权限',
-            description='查询所有权限')
+            summary='查询可管理的角色权限',
+            description='查询可管理的角色权限')
 async def query_fund_id_permission(
        fund_id: str,
        user: User = Depends(get_current_user),
@@ -70,31 +71,47 @@ async def query_fund_id_permission(
        permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
        permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
 ):
-    assert await check_permission(['role_permission.role.edit'], fund_id=fund_id, email=user.email,
+    permissions, roles = await find_user_permission(fund_id=fund_id,
+                                                    email=user.email,
                                                    permission_user_collect=permission_user_collect,
-                                  permission_role_collect=permission_role_collect), FundPermissionError()
-    permissions_tree = await find_all_sys_permission(fund_id=fund_id, all_permission_collect=all_permission_collect)
-    return Response(data={'permission': permissions_tree['data']})
-
+                                                    permission_role_collect=permission_role_collect)
+    assert ('admin' in roles or 'fund_manager' in roles), FundPermissionError()

-@router.get('/roles/',
-            response_model=BaseResponse,
-            summary='查询所有角色',
-            description='查询所有角色')
-async def query_fund_id_permission(
-        fund_id: str,
-        user: User = Depends(get_current_user),
-        permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
-        permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
-):
-    assert await check_permission(['role_permission.role.edit'], fund_id=fund_id, email=user.email,
-                                  permission_user_collect=permission_user_collect,
-                                  permission_role_collect=permission_role_collect), FundPermissionError()
    roles_data = await find_all_roles(fund_id=fund_id, permission_role_collect=permission_role_collect)
-    return Response(
-        data={item['name']: {"label": item["label"], "remark": item["remark"],
+    roles_data = [item for item in roles_data if (item['name'] not in roles and item["name"] != 'admin')]
+
+    permissions_tree = await find_all_sys_permission(fund_id=fund_id, all_permission_collect=all_permission_collect)
+    return Response(data={'permission': permissions_tree['data'],
+                          'roles': {item['name']: {"label": item["label"], "remark": item["remark"],
                                                   "permissions": build_permission_tree(item["permissions"])} for item
-              in roles_data})
+                                    in roles_data}})
+
+#
+# @router.get('/roles/',
+#             response_model=BaseResponse,
+#             summary='查询所有角色',
+#             description='查询所有角色')
+# async def query_fund_id_permission(
+#         fund_id: str,
+#         user: User = Depends(get_current_user),
+#         permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
+#         permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
+# ):
+#     # assert await check_permission(['role_permission.role.edit'], fund_id=fund_id, email=user.email,
+#     #                               permission_user_collect=permission_user_collect,
+#     #                               permission_role_collect=permission_role_collect), FundPermissionError()
+#
+#     permissions, roles = await find_user_permission(fund_id=fund_id,
+#                                                     email=user.email,
+#                                                     permission_user_collect=permission_user_collect,
+#                                                     permission_role_collect=permission_role_collect)
+#     assert ('admin' in roles or 'fund_manager' in roles), FundPermissionError()
+#
+#     roles_data = await find_all_roles(fund_id=fund_id, permission_role_collect=permission_role_collect)
+#     return Response(
+#         data={item['name']: {"label": item["label"], "remark": item["remark"],
+#                              "permissions": build_permission_tree(item["permissions"])} for item
+#               in roles_data})

 # @router.post('/role',
 #              response_model=BaseResponse,

--- a/service/permission.py
+++ b/service/permission.py
@@ -419,28 +419,28 @@ sys_default_permission = {
            }
        }
    },
-    "role_permission": {
-        "label": "角色管理权限",
-        "children": {
-            "role_permission.role": {
-                "label": "角色管理",
-                "children": {
-                    "role_permission.role.add": {
-                        "label": "添加"
-                    },
-                    "role_permission.role.delete": {
-                        "label": "删除"
-                    },
-                    "role_permission.role.edit": {
-                        "label": "修改"
-                    },
-                    "role_permission.role.query": {
-                        "label": "查询"
-                    }
-                }
-            }
-        }
-    }
+    # "role_permission": {
+    #     "label": "角色管理权限",
+    #     "children": {
+    #         "role_permission.role": {
+    #             "label": "角色管理",
+    #             "children": {
+    #                 "role_permission.role.add": {
+    #                     "label": "添加"
+    #                 },
+    #                 "role_permission.role.delete": {
+    #                     "label": "删除"
+    #                 },
+    #                 "role_permission.role.edit": {
+    #                     "label": "修改"
+    #                 },
+    #                 "role_permission.role.query": {
+    #                     "label": "查询"
+    #                 }
+    #             }
+    #         }
+    #     }
+    # }
 }

 default_role_table = [
@@ -461,9 +461,18 @@ default_role_table = [
                        'data_permission.adjust_bill.delete', 'data_permission.adjust_bill.edit',
                        'data_permission.adjust_bill.query', 'data_permission.nav.recalculate',
                        'data_permission.nav.add',
-                        'data_permission.nav.delete', 'data_permission.nav.edit', 'data_permission.nav.query',
-                        'role_permission.role.add', 'role_permission.role.delete', 'role_permission.role.edit',
-                        'role_permission.role.query', 'member_permission.fund_manager_assistant.add',
+                        'data_permission.nav.delete',
+                        'data_permission.nav.edit',
+                        'data_permission.nav.query',
+                        # 'role_permission.role.add',
+                        # 'role_permission.role.delete',
+                        # 'role_permission.role.edit',
+                        # 'role_permission.role.query',
+                        'member_permission.fund_manager.add',
+                        'member_permission.fund_manager.delete',
+                        'member_permission.fund_manager.edit',
+                        'member_permission.fund_manager.query',
+                        'member_permission.fund_manager_assistant.add',
                        'member_permission.fund_manager_assistant.delete',
                        'member_permission.fund_manager_assistant.edit',
                        'member_permission.fund_manager_assistant.query']
@@ -486,8 +495,11 @@ default_role_table = [
                        'data_permission.adjust_bill.query', 'data_permission.nav.recalculate',
                        'data_permission.nav.add',
                        'data_permission.nav.delete', 'data_permission.nav.edit', 'data_permission.nav.query',
-                        'role_permission.role.add', 'role_permission.role.delete', 'role_permission.role.edit',
-                        'role_permission.role.query', 'member_permission.fund_manager_assistant.add',
+                        # 'role_permission.role.add',
+                        # 'role_permission.role.delete',
+                        # 'role_permission.role.edit',
+                        # 'role_permission.role.query',
+                        'member_permission.fund_manager_assistant.add',
                        'member_permission.fund_manager_assistant.delete',
                        'member_permission.fund_manager_assistant.edit',
                        'member_permission.fund_manager_assistant.query']
@@ -510,8 +522,11 @@ default_role_table = [
                        'data_permission.adjust_bill.query', 'data_permission.nav.recalculate',
                        'data_permission.nav.add',
                        'data_permission.nav.delete', 'data_permission.nav.edit', 'data_permission.nav.query',
-                        'role_permission.role.add', 'role_permission.role.delete', 'role_permission.role.edit',
-                        'role_permission.role.query']
+                        # 'role_permission.role.add',
+                        # 'role_permission.role.delete',
+                        # 'role_permission.role.edit',
+                        # 'role_permission.role.query'
+                        ]
    }
 ]