Skip to content

P
PyFund
Commit 629021f0 authored by 陈涛's avatar 陈涛
Browse files
Options

Merge remote-tracking branch 'origin/main'

parents 86339fda cedccfff
Expand all Show whitespace changes
Inline Side-by-side
Showing with 136 additions and 313 deletions
api/bill.py
View file @ 629021f0
This diff is collapsed.
api/fund.py
View file @ 629021f0
......@@ -93,13 +93,18 @@ async def update(
fund_id: str,
update_fund_data: UpdateFund,
user: User = Depends(get_current_user),
permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect),
fund_collect: AgnosticCollection = Depends(get_fund_collect)
):
# 验证权限
await check_permission(['data_permission.fund.update_info'], fund_id, user.email, permission_user_collect,
permission_role_collect)
db_update_data = update_fund_data.dict(exclude_unset=True)
db_update_data.update({
"update_time": int(datetime.datetime.utcnow().timestamp())
})
data = await fund_collect.find_one_and_update({'id': fund_id, 'user_id': user.id}, {'$set': db_update_data},
data = await fund_collect.find_one_and_update({'id': fund_id}, {'$set': db_update_data},
return_document=ReturnDocument.AFTER)
assert data, NotFundError()
response_model = fund_type_map[data['fund_type']]
......@@ -116,11 +121,10 @@ async def get(
permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
):
# 验证权限
if not await check_permission(['data_permission.fund.query_info'], fund_id, user.email, permission_user_collect,
permission_role_collect):
raise FundPermissionError()
await check_permission(['data_permission.fund.query_info'], fund_id, user.email, permission_user_collect,
permission_role_collect)
data = await fund_collect.find_one({'id': fund_id, 'user_id': user.id})
data = await fund_collect.find_one({'id': fund_id})
assert data, NotFundError()
response_model = fund_type_map[data['fund_type']]
......@@ -149,7 +153,7 @@ async def get(
fund_id = item['fund_id']
task = g.create_task(
check_permission(['data_permission.fund.query_info'], fund_id, user.email, permission_user_collect,
permission_role_collect))
permission_role_collect, raise_exception=False))
tasks[fund_id] = task
auth_fund_list = [k for k, v in tasks.items() if v.result()]
......
api/permission.py
View file @ 629021f0
......@@ -28,17 +28,14 @@ async def create_permission(
):
# 检查是否有权限添加用户
assert 'admin' not in create_user_info.roles, FundPermissionError() # 不可添加admin
is_auth = await check_permission([f'member_permission.{role}.add' for role in create_user_info.roles],
await check_permission([f'member_permission.{role}.add' for role in create_user_info.roles],
create_user_info.fund_id,
user.email, permission_user_collect,
permission_role_collect)
if is_auth:
query = {"fund_id": create_user_info.fund_id, "email": create_user_info.email}
update = {"$addToSet": {"roles": {"$each": create_user_info.roles}}}
await permission_user_collect.update_one(query, update, upsert=True)
return Response(data='')
else:
raise FundPermissionError()
@router.delete('/user/',
......@@ -53,17 +50,14 @@ async def delete_permission(
):
# 检查是否有权限添加用户
assert 'admin' not in delete_user_info.roles, FundPermissionError('无法删除 admin') # 不可删除admin
is_auth = await check_permission([f'member_permission.{role}.add' for role in delete_user_info.roles],
await check_permission([f'member_permission.{role}.add' for role in delete_user_info.roles],
delete_user_info.fund_id,
user.email, permission_user_collect,
permission_role_collect)
if is_auth:
query = {"fund_id": delete_user_info.fund_id, "email": delete_user_info.email}
update = {"$pull": {"roles": {"$each": delete_user_info.roles}}}
update = {"$pull": {"roles": {"$in": delete_user_info.roles}}}
await permission_user_collect.update_one(query, update, upsert=True)
return Response(data='')
else:
raise FundPermissionError()
@router.get('/user/',
......@@ -135,7 +129,7 @@ async def query_fund_all_users(
@router.post('/auth/',
response_model=Response[List[AllUsers]],
response_model=BaseResponse,
summary='添加角色权限',
description='添加角色权限')
async def add_role_permission(
......@@ -159,7 +153,7 @@ async def add_role_permission(
@router.delete('/auth/',
response_model=Response[List[AllUsers]],
response_model=BaseResponse,
summary='删除角色权限',
description='删除角色权限')
async def remove_role_permission(
......@@ -176,7 +170,7 @@ async def remove_role_permission(
assert ('admin' in roles or 'fund_manager' in roles), FundPermissionError()
query = {"fund_id": update_role.fund_id, "name": update_role.name}
update = {"$pull": {"permissions": {"$each": update_role.permissions}}}
update = {"$pull": {"permissions": {"$in": update_role.permissions}}}
await permission_role_collect.update_one(query, update, upsert=True)
return Response(data='')
......
service/bill.py
View file @ 629021f0
......@@ -47,10 +47,10 @@ async def create_staking(
async def update_bill(
bill_id: str, fund_id: str, user_id: str, update_data: [], fund_collect, bill_collect,
bill_id: str, fund_id: str, update_data: [], fund_collect, bill_collect,
res_model: Type[DataT]
) -> Response[DataT]:
fund = await fund_collect.find_one({'id': fund_id, 'user_id': user_id})
fund = await fund_collect.find_one({'id': fund_id})
assert fund, NotFundError()
db_update_data = update_data.dict(exclude_unset=True)
db_update_data.update({
......
service/permission.py
View file @ 629021f0
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment