Skip to content

P
PyFund
Commit 629021f0 authored by 陈涛's avatar 陈涛
Browse files
Options

Merge remote-tracking branch 'origin/main'

parents 86339fda cedccfff
Show whitespace changes
Inline Side-by-side
Showing with 136 additions and 313 deletions
api/bill.py
View file @ 629021f0
......@@ -2,7 +2,8 @@ from typing import Union, List, Any
from fastapi import APIRouter, Depends, Query
from motor.core import AgnosticCollection
from dependencies import get_current_user, get_fund_collect, get_bill_collect
from dependencies import get_current_user, get_fund_collect, get_bill_collect, get_permission_user_collect, \
get_permission_role_collect
from model import Response, Page, PageResponse, SortParams, FilterTime
from model.bill import PCFBill, ExchangeBill, AdjustBill, StakingBill
from model.node import BaseNode
......@@ -13,9 +14,17 @@ from schema.node import BindNode
from service.beacon import BeaconChaService
from service.bill import update_bill
from service.fund import query_fund_assets_and_nodes, update_fund
from service.permission import check_permission
from tools.jwt_tools import User
router = APIRouter()
bill_type_to_permission = {
"sub": 'sub_redeem_bill',
"redemption": 'sub_redeem_bill',
"exchange": 'swap_bill',
"staking": 'staking_bill',
"adjust": 'adjust_bill'
}
@router.post('/pcf/',
......@@ -28,13 +37,19 @@ async def create_pcf(
user: User = Depends(get_current_user),
fund_collect: AgnosticCollection = Depends(get_fund_collect),
bill_collect: AgnosticCollection = Depends(get_bill_collect),
permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
):
await check_permission(['data_permission.sub_redeem_bill.add'],
create_pcf_bill.fund_id,
user.email, permission_user_collect,
permission_role_collect)
delta_volume = create_pcf_bill.volume if create_pcf_bill.bill_type == PCFBillType.sub else -create_pcf_bill.volume
assets, adjust_assets, pending_assets, staking_assets, nodes = await query_fund_assets_and_nodes(fund_collect,
create_pcf_bill.fund_id,
user.id,
FundStatus.active)
assets, adjust_assets, pending_assets, staking_assets, nodes = await query_fund_assets_and_nodes(
fund_collect=fund_collect,
fund_id=create_pcf_bill.fund_id,
fund_status=FundStatus.active)
assets.setdefault(create_pcf_bill.currency, 0)
# 如果是赎回 判断余额是否够
assert assets[create_pcf_bill.currency] + delta_volume >= 0, "余额不足"
......@@ -55,11 +70,17 @@ async def create_exchange(
user: User = Depends(get_current_user),
fund_collect: AgnosticCollection = Depends(get_fund_collect),
bill_collect: AgnosticCollection = Depends(get_bill_collect),
permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
):
assets, adjust_assets, pending_assets, staking_assets, nodes = await query_fund_assets_and_nodes(fund_collect,
await check_permission(['data_permission.swap_bill.add'],
create_exchange_bill.fund_id,
user.id,
FundStatus.active)
user.email, permission_user_collect,
permission_role_collect)
assets, adjust_assets, pending_assets, staking_assets, nodes = await query_fund_assets_and_nodes(
fund_collect=fund_collect,
fund_id=create_exchange_bill.fund_id,
fund_status=FundStatus.active)
assets.setdefault(create_exchange_bill.output_currency, 0)
assets.setdefault(create_exchange_bill.input_currency, 0)
assert assets[
......@@ -87,11 +108,18 @@ async def create_adjust(
user: User = Depends(get_current_user),
fund_collect: AgnosticCollection = Depends(get_fund_collect),
bill_collect: AgnosticCollection = Depends(get_bill_collect),
permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
):
assets, adjust_assets, pending_assets, staking_assets, nodes = await query_fund_assets_and_nodes(fund_collect,
await check_permission(['data_permission.adjust_bill.add'],
create_adjust_bill.fund_id,
user.id,
FundStatus.active)
user.email, permission_user_collect,
permission_role_collect)
assets, adjust_assets, pending_assets, staking_assets, nodes = await query_fund_assets_and_nodes(
fund_collect=fund_collect,
fund_id=create_adjust_bill.fund_id,
fund_status=FundStatus.active)
adjust_assets.setdefault(create_adjust_bill.currency, 0)
adjust_assets.setdefault('fund_share', 0)
adjust_assets[create_adjust_bill.currency] += create_adjust_bill.volume
......@@ -114,10 +142,16 @@ async def create_staking_api(
user: User = Depends(get_current_user),
bill_collect: AgnosticCollection = Depends(get_bill_collect),
fund_collect: AgnosticCollection = Depends(get_fund_collect),
beacon_service: BeaconChaService = Depends(BeaconChaService)
beacon_service: BeaconChaService = Depends(BeaconChaService),
permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
):
await check_permission(['data_permission.staking_bill.add'],
create_staking_bill.fund_id,
user.email, permission_user_collect,
permission_role_collect)
assets, adjust_assets, pending_assets, staking_assets, nodes = await query_fund_assets_and_nodes(fund_collect,
user_id=user.id,
fund_id=create_staking_bill.fund_id,
fund_status=FundStatus.active)
assert assets.get(create_staking_bill.currency, 0) >= create_staking_bill.volume, '余额不足'
......@@ -158,11 +192,16 @@ async def update_pcf_bill(
user: User = Depends(get_current_user),
fund_collect: AgnosticCollection = Depends(get_fund_collect),
bill_collect: AgnosticCollection = Depends(get_bill_collect),
permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
):
await check_permission(['data_permission.sub_redeem_bill.edit'],
fund_id,
user.email, permission_user_collect,
permission_role_collect)
response = await update_bill(
bill_id=bill_id,
fund_id=fund_id,
user_id=user.id,
update_data=update_item,
fund_collect=fund_collect,
bill_collect=bill_collect,
......@@ -183,11 +222,16 @@ async def update_exchange_bill(
user: User = Depends(get_current_user),
fund_collect: AgnosticCollection = Depends(get_fund_collect),
bill_collect: AgnosticCollection = Depends(get_bill_collect),
permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
):
await check_permission(['data_permission.swap_bill.edit'],
fund_id,
user.email, permission_user_collect,
permission_role_collect)
response = await update_bill(
bill_id=bill_id,
fund_id=fund_id,
user_id=user.id,
update_data=update_item,
fund_collect=fund_collect,
bill_collect=bill_collect,
......@@ -208,11 +252,16 @@ async def update_adjust_bill(
user: User = Depends(get_current_user),
fund_collect: AgnosticCollection = Depends(get_fund_collect),
bill_collect: AgnosticCollection = Depends(get_bill_collect),
permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
):
await check_permission(['data_permission.adjust_bill.edit'],
fund_id,
user.email, permission_user_collect,
permission_role_collect)
response = await update_bill(
bill_id=bill_id,
fund_id=fund_id,
user_id=user.id,
update_data=update_item,
fund_collect=fund_collect,
bill_collect=bill_collect,
......@@ -233,11 +282,16 @@ async def update_staking_bill(
user: User = Depends(get_current_user),
fund_collect: AgnosticCollection = Depends(get_fund_collect),
bill_collect: AgnosticCollection = Depends(get_bill_collect),
permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
):
await check_permission(['data_permission.staking_bill.edit'],
fund_id,
user.email, permission_user_collect,
permission_role_collect)
response = await update_bill(
bill_id=bill_id,
fund_id=fund_id,
user_id=user.id,
update_data=update_item,
fund_collect=fund_collect,
bill_collect=bill_collect,
......@@ -259,8 +313,15 @@ async def query_bill(
page: Page = Depends(Page),
user: User = Depends(get_current_user),
bill_collect: AgnosticCollection = Depends(get_bill_collect),
permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
):
query = {"fund_id": fund_id, "user_id": user.id, "bill_type": {'$in': query}}
await check_permission([f'data_permission.{bill_type_to_permission[item.value]}.query' for item in query],
fund_id,
user.email, permission_user_collect,
permission_role_collect)
query = {"fund_id": fund_id, "bill_type": {'$in': query}}
if filter_time.start_time and filter_time.end_time:
query.update({'record_time': filter_time.to_mongodb_query()})
count = await bill_collect.count_documents(query)
......@@ -282,8 +343,15 @@ async def query_bill(
bill_id: str,
bill_type: AllBillType,
bill_collect: AgnosticCollection = Depends(get_bill_collect),
user: User = Depends(get_current_user)
user: User = Depends(get_current_user),
permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
):
query = {"fund_id": fund_id, "user_id": user.id, "bill_type": bill_type, "id": bill_id}
await check_permission([f'data_permission.{bill_type_to_permission[bill_type.value]}.delete'],
fund_id,
user.email, permission_user_collect,
permission_role_collect)
query = {"fund_id": fund_id, "bill_type": bill_type, "id": bill_id}
await bill_collect.delete_one(query)
return Response()
api/fund.py
View file @ 629021f0
......@@ -93,13 +93,18 @@ async def update(
fund_id: str,
update_fund_data: UpdateFund,
user: User = Depends(get_current_user),
permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect),
fund_collect: AgnosticCollection = Depends(get_fund_collect)
):
# 验证权限
await check_permission(['data_permission.fund.update_info'], fund_id, user.email, permission_user_collect,
permission_role_collect)
db_update_data = update_fund_data.dict(exclude_unset=True)
db_update_data.update({
"update_time": int(datetime.datetime.utcnow().timestamp())
})
data = await fund_collect.find_one_and_update({'id': fund_id, 'user_id': user.id}, {'$set': db_update_data},
data = await fund_collect.find_one_and_update({'id': fund_id}, {'$set': db_update_data},
return_document=ReturnDocument.AFTER)
assert data, NotFundError()
response_model = fund_type_map[data['fund_type']]
......@@ -116,11 +121,10 @@ async def get(
permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
):
# 验证权限
if not await check_permission(['data_permission.fund.query_info'], fund_id, user.email, permission_user_collect,
permission_role_collect):
raise FundPermissionError()
await check_permission(['data_permission.fund.query_info'], fund_id, user.email, permission_user_collect,
permission_role_collect)
data = await fund_collect.find_one({'id': fund_id, 'user_id': user.id})
data = await fund_collect.find_one({'id': fund_id})
assert data, NotFundError()
response_model = fund_type_map[data['fund_type']]
......@@ -149,7 +153,7 @@ async def get(
fund_id = item['fund_id']
task = g.create_task(
check_permission(['data_permission.fund.query_info'], fund_id, user.email, permission_user_collect,
permission_role_collect))
permission_role_collect, raise_exception=False))
tasks[fund_id] = task
auth_fund_list = [k for k, v in tasks.items() if v.result()]
......
api/permission.py
View file @ 629021f0
......@@ -28,17 +28,14 @@ async def create_permission(
):
# 检查是否有权限添加用户
assert 'admin' not in create_user_info.roles, FundPermissionError() # 不可添加admin
is_auth = await check_permission([f'member_permission.{role}.add' for role in create_user_info.roles],
await check_permission([f'member_permission.{role}.add' for role in create_user_info.roles],
create_user_info.fund_id,
user.email, permission_user_collect,
permission_role_collect)
if is_auth:
query = {"fund_id": create_user_info.fund_id, "email": create_user_info.email}
update = {"$addToSet": {"roles": {"$each": create_user_info.roles}}}
await permission_user_collect.update_one(query, update, upsert=True)
return Response(data='')
else:
raise FundPermissionError()
@router.delete('/user/',
......@@ -53,17 +50,14 @@ async def delete_permission(
):
# 检查是否有权限添加用户
assert 'admin' not in delete_user_info.roles, FundPermissionError('无法删除 admin') # 不可删除admin
is_auth = await check_permission([f'member_permission.{role}.add' for role in delete_user_info.roles],
await check_permission([f'member_permission.{role}.add' for role in delete_user_info.roles],
delete_user_info.fund_id,
user.email, permission_user_collect,
permission_role_collect)
if is_auth:
query = {"fund_id": delete_user_info.fund_id, "email": delete_user_info.email}
update = {"$pull": {"roles": {"$each": delete_user_info.roles}}}
update = {"$pull": {"roles": {"$in": delete_user_info.roles}}}
await permission_user_collect.update_one(query, update, upsert=True)
return Response(data='')
else:
raise FundPermissionError()
@router.get('/user/',
......@@ -135,7 +129,7 @@ async def query_fund_all_users(
@router.post('/auth/',
response_model=Response[List[AllUsers]],
response_model=BaseResponse,
summary='添加角色权限',
description='添加角色权限')
async def add_role_permission(
......@@ -159,7 +153,7 @@ async def add_role_permission(
@router.delete('/auth/',
response_model=Response[List[AllUsers]],
response_model=BaseResponse,
summary='删除角色权限',
description='删除角色权限')
async def remove_role_permission(
......@@ -176,7 +170,7 @@ async def remove_role_permission(
assert ('admin' in roles or 'fund_manager' in roles), FundPermissionError()
query = {"fund_id": update_role.fund_id, "name": update_role.name}
update = {"$pull": {"permissions": {"$each": update_role.permissions}}}
update = {"$pull": {"permissions": {"$in": update_role.permissions}}}
await permission_role_collect.update_one(query, update, upsert=True)
return Response(data='')
......
service/bill.py
View file @ 629021f0
......@@ -47,10 +47,10 @@ async def create_staking(
async def update_bill(
bill_id: str, fund_id: str, user_id: str, update_data: [], fund_collect, bill_collect,
bill_id: str, fund_id: str, update_data: [], fund_collect, bill_collect,
res_model: Type[DataT]
) -> Response[DataT]:
fund = await fund_collect.find_one({'id': fund_id, 'user_id': user_id})
fund = await fund_collect.find_one({'id': fund_id})
assert fund, NotFundError()
db_update_data = update_data.dict(exclude_unset=True)
db_update_data.update({
......
service/permission.py
View file @ 629021f0
......@@ -2,259 +2,9 @@ import json
from motor.core import AgnosticCollection
from exception.token import FundPermissionError
from schema.permission import CreateRole, CreateUserInfo
# sys_permission_table = [
# {
# "code": 'data_permission',
# "label": "数据管理权限",
# "children": [
# # 基金管理
# {
# "code": "data_permission.fund",
# "label": '基金管理',
# "children": [
# {
# "code": "data_permission.fund.query_info",
# "label": "查询基金基础信息"
# },
# {
# "code": "data_permission.fund.update_info",
# "label": "更新基金基础信息"
# },
# {
# "code": "data_permission.fund.query_list",
# "label": "查询基金列表"
# },
# {
# "code": "data_permission.fund.query_asset",
# "label": "访问账目页面"
# },
# ]
# },
# # 质押节点
# {
# "code": "data_permission.node",
# "label": '质押节点',
# "children": [
# {
# "code": "data_permission.node.bind_node",
# "label": "绑定节点"
# },
# {
# "code": "data_permission.node.untie_node",
# "label": "解绑节点"
# },
# {
# "code": "data_permission.node.query_node",
# "label": "查询节点"
# }
# ]
# },
# # 账目-申购/赎回
# {
# "code": "data_permission.sub_redeem_bill",
# "label": '账目-申购/赎回',
# "children": [
# {
# "code": "data_permission.sub_redeem_bill.add",
# "label": "添加"
# },
# {
# "code": "data_permission.sub_redeem_bill.delete",
# "label": "删除"
# },
# {
# "code": "data_permission.sub_redeem_bill.edit",
# "label": "修改"
# },
# {
# "code": "data_permission.sub_redeem_bill.query",
# "label": "查询"
# },
# ]
# },
# # 账目-换币
# {
# "code": "data_permission.swap_bill",
# "label": '账目-换币',
# "children": [
# {
# "code": "data_permission.swap_bill.add",
# "label": "添加"
# },
# {
# "code": "data_permission.swap_bill.delete",
# "label": "删除"
# },
# {
# "code": "data_permission.swap_bill.edit",
# "label": "修改"
# },
# {
# "code": "data_permission.swap_bill.query",
# "label": "查询"
# },
# ]
# },
# # 账目-质押
# {
# "code": "data_permission.staking_bill",
# "label": '账目-质押',
# "children": [
# {
# "code": "data_permission.staking_bill.add",
# "label": "添加"
# },
# {
# "code": "data_permission.staking_bill.delete",
# "label": "删除"
# },
# {
# "code": "data_permission.staking_bill.edit",
# "label": "修改"
# },
# {
# "code": "data_permission.staking_bill.query",
# "label": "查询"
# },
# ]
# },
# # 账目-调整账户
# {
# "code": "data_permission.adjust_bill",
# "label": '账目-调整账户',
# "children": [
# {
# "code": "data_permission.adjust_bill.add",
# "label": "添加"
# },
# {
# "code": "data_permission.adjust_bill.delete",
# "label": "删除"
# },
# {
# "code": "data_permission.adjust_bill.edit",
# "label": "修改"
# },
# {
# "code": "data_permission.adjust_bill.query",
# "label": "查询"
# },
# ]
# },
# # 净值管理
# {
# "code": "data_permission.nav",
# "label": '净值管理',
# "children": [
# {
# "code": "data_permission.nav.recalculate",
# "label": "基金重新计算净值"
# },
# {
# "code": "data_permission.nav.add",
# "label": "新增"
# },
# {
# "code": "data_permission.nav.delete",
# "label": "删除"
# },
# {
# "code": "data_permission.nav.edit",
# "label": "修改"
# },
# {
# "code": "data_permission.nav.query",
# "label": "查询"
# },
# ]
# },
# ]
# },
# {
# "code": 'role_permission',
# "label": "角色管理权限",
# "children": [
# # 角色的管理
# {
# "code": "role_permission.role",
# "label": '角色管理',
# "children": [
# {
# "code": "role_permission.role.add",
# "label": "添加"
# },
# {
# "code": "role_permission.role.delete",
# "label": "删除"
# },
# {
# "code": "role_permission.role.edit",
# "label": "修改"
# },
# {
# "code": "role_permission.role.query",
# "label": "查询"
# },
# ]
# },
# ]
# },
# {
# "code": 'member_permission',
# "label": "人员管理权限",
# "children": [
# # 基金经理人员的管理
# {
# "code": "member_permission.fund_manager",
# "label": '基金经理',
# "children": [
# {
# "code": "member_permission.fund_manager.add",
# "label": "添加"
# },
# {
# "code": "member_permission.fund_manager.delete",
# "label": "删除"
# },
# {
# "code": "member_permission.fund_manager.edit",
# "label": "修改"
# },
# {
# "code": "member_permission.fund_manager.query",
# "label": "查询"
# },
# ]
# },
# # 基金经理助理
# {
# "code": "member_permission.fund_manager_assistant",
# "label": '基金经理助理',
# "children": [
# {
# "code": "member_permission.fund_manager_assistant.add",
# "label": "添加"
# },
# {
# "code": "member_permission.fund_manager_assistant.delete",
# "label": "删除"
# },
# {
# "code": "member_permission.fund_manager_assistant.edit",
# "label": "修改"
# },
# {
# "code": "member_permission.fund_manager_assistant.query",
# "label": "查询"
# },
# ]
# },
# ]
# }
# ]
sys_default_permission = {
"data_permission": {
"label": "数据管理权限",
......@@ -268,11 +18,11 @@ sys_default_permission = {
"data_permission.fund.update_info": {
"label": "更新基金基础信息"
},
"data_permission.fund.query_list": {
"label": "查询基金列表"
},
# "data_permission.fund.query_list": {
# "label": "查询基金列表"
# },
"data_permission.fund.query_asset": {
"label": "访问账目页面"
"label": "查询资产"
}
}
},
......@@ -570,7 +320,7 @@ async def find_all_roles(fund_id, permission_role_collect: AgnosticCollection):
async def check_permission(for_check_permission_list, fund_id, email, permission_user_collect,
permission_role_collect):
permission_role_collect, raise_exception=True):
"""
验证的权限同时都满足 返回True 否则返回False
:param for_check_permission_list:
......@@ -578,18 +328,25 @@ async def check_permission(for_check_permission_list, fund_id, email, permission
:param email:
:param permission_user_collect:
:param permission_role_collect:
:param raise_exception: 是否抛出异常
:return:
"""
this_fund_role = await permission_user_collect.find_one({'email': email, 'fund_id': fund_id})
if not this_fund_role:
return False
if raise_exception:
raise FundPermissionError()
else:
return FundPermissionError
else:
permission_list, roles = await find_user_permission(fund_id, email, permission_user_collect,
permission_role_collect)
if all(x in permission_list for x in for_check_permission_list):
return True
else:
return False
if raise_exception:
raise FundPermissionError()
else:
return FundPermissionError
async def find_user_permission(fund_id, email, permission_user_collect, permission_role_collect):
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment