修改账单接口相关权限验证

873f54d8 · 杨明橙 · df3c5cc6 · 873f54d8 · 873f54d8 · 873f54d8
Commit 873f54d8 authored Jun 15, 2023 by 杨明橙
Expand all Hide whitespace changes
Inline Side-by-side

Showing with 108 additions and 287 deletions

bill.py api/bill.py +76 -3

fund.py api/fund.py +5 -8

permission.py api/permission.py +16 -22

permission.py service/permission.py +11 -254

No files found.
--- a/api/bill.py
+++ b/api/bill.py
@@ -2,7 +2,8 @@ from typing import Union, List, Any

 from fastapi import APIRouter, Depends, Query
 from motor.core import AgnosticCollection
-from dependencies import get_current_user, get_fund_collect, get_bill_collect
+from dependencies import get_current_user, get_fund_collect, get_bill_collect, get_permission_user_collect, \
+    get_permission_role_collect
 from model import Response, Page, PageResponse, SortParams, FilterTime
 from model.bill import PCFBill, ExchangeBill, AdjustBill, StakingBill
 from model.node import BaseNode
@@ -13,9 +14,17 @@ from schema.node import BindNode
 from service.beacon import BeaconChaService
 from service.bill import update_bill
 from service.fund import query_fund_assets_and_nodes, update_fund
+from service.permission import check_permission
 from tools.jwt_tools import User

 router = APIRouter()
+bill_type_to_permission = {
+    "sub": 'sub_redeem_bill',
+    "redemption": 'sub_redeem_bill',
+    "exchange": 'swap_bill',
+    "staking": 'staking_bill',
+    "adjust": 'adjust_bill'
+}


 @router.post('/pcf/',
@@ -28,7 +37,13 @@ async def create_pcf(
        user: User = Depends(get_current_user),
        fund_collect: AgnosticCollection = Depends(get_fund_collect),
        bill_collect: AgnosticCollection = Depends(get_bill_collect),
+        permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
+        permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
 ):
+    await check_permission(['data_permission.sub_redeem_bill.add'],
+                           create_pcf_bill.fund_id,
+                           user.email, permission_user_collect,
+                           permission_role_collect)
    delta_volume = create_pcf_bill.volume if create_pcf_bill.bill_type == PCFBillType.sub else -create_pcf_bill.volume

    assets, adjust_assets, pending_assets, staking_assets, nodes = await query_fund_assets_and_nodes(fund_collect,
@@ -55,7 +70,13 @@ async def create_exchange(
        user: User = Depends(get_current_user),
        fund_collect: AgnosticCollection = Depends(get_fund_collect),
        bill_collect: AgnosticCollection = Depends(get_bill_collect),
+        permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
+        permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
 ):
+    await check_permission(['data_permission.swap_bill.add'],
+                           create_exchange_bill.fund_id,
+                           user.email, permission_user_collect,
+                           permission_role_collect)
    assets, adjust_assets, pending_assets, staking_assets, nodes = await query_fund_assets_and_nodes(fund_collect,
                                                                                                     create_exchange_bill.fund_id,
                                                                                                     user.id,
@@ -87,7 +108,14 @@ async def create_adjust(
        user: User = Depends(get_current_user),
        fund_collect: AgnosticCollection = Depends(get_fund_collect),
        bill_collect: AgnosticCollection = Depends(get_bill_collect),
+        permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
+        permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
 ):
+    await check_permission(['data_permission.adjust_bill.add'],
+                           create_adjust_bill.fund_id,
+                           user.email, permission_user_collect,
+                           permission_role_collect)
+
    assets, adjust_assets, pending_assets, staking_assets, nodes = await query_fund_assets_and_nodes(fund_collect,
                                                                                                     create_adjust_bill.fund_id,
                                                                                                     user.id,
@@ -114,8 +142,15 @@ async def create_staking_api(
        user: User = Depends(get_current_user),
        bill_collect: AgnosticCollection = Depends(get_bill_collect),
        fund_collect: AgnosticCollection = Depends(get_fund_collect),
-        beacon_service: BeaconChaService = Depends(BeaconChaService)
+        beacon_service: BeaconChaService = Depends(BeaconChaService),
+        permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
+        permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
 ):
+    await check_permission(['data_permission.staking_bill.add'],
+                           create_staking_bill.fund_id,
+                           user.email, permission_user_collect,
+                           permission_role_collect)
+
    assets, adjust_assets, pending_assets, staking_assets, nodes = await query_fund_assets_and_nodes(fund_collect,
                                                                                                     user_id=user.id,
                                                                                                     fund_id=create_staking_bill.fund_id,
@@ -158,7 +193,13 @@ async def update_pcf_bill(
        user: User = Depends(get_current_user),
        fund_collect: AgnosticCollection = Depends(get_fund_collect),
        bill_collect: AgnosticCollection = Depends(get_bill_collect),
+        permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
+        permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
 ):
+    await check_permission(['data_permission.sub_redeem_bill.edit'],
+                           fund_id,
+                           user.email, permission_user_collect,
+                           permission_role_collect)
    response = await update_bill(
        bill_id=bill_id,
        fund_id=fund_id,
@@ -183,7 +224,13 @@ async def update_exchange_bill(
        user: User = Depends(get_current_user),
        fund_collect: AgnosticCollection = Depends(get_fund_collect),
        bill_collect: AgnosticCollection = Depends(get_bill_collect),
+        permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
+        permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
 ):
+    await check_permission(['data_permission.swap_bill.edit'],
+                           fund_id,
+                           user.email, permission_user_collect,
+                           permission_role_collect)
    response = await update_bill(
        bill_id=bill_id,
        fund_id=fund_id,
@@ -208,7 +255,13 @@ async def update_adjust_bill(
        user: User = Depends(get_current_user),
        fund_collect: AgnosticCollection = Depends(get_fund_collect),
        bill_collect: AgnosticCollection = Depends(get_bill_collect),
+        permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
+        permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
 ):
+    await check_permission(['data_permission.adjust_bill.edit'],
+                           fund_id,
+                           user.email, permission_user_collect,
+                           permission_role_collect)
    response = await update_bill(
        bill_id=bill_id,
        fund_id=fund_id,
@@ -233,7 +286,13 @@ async def update_staking_bill(
        user: User = Depends(get_current_user),
        fund_collect: AgnosticCollection = Depends(get_fund_collect),
        bill_collect: AgnosticCollection = Depends(get_bill_collect),
+        permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
+        permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
 ):
+    await check_permission(['data_permission.staking_bill.edit'],
+                           fund_id,
+                           user.email, permission_user_collect,
+                           permission_role_collect)
    response = await update_bill(
        bill_id=bill_id,
        fund_id=fund_id,
@@ -259,7 +318,14 @@ async def query_bill(
        page: Page = Depends(Page),
        user: User = Depends(get_current_user),
        bill_collect: AgnosticCollection = Depends(get_bill_collect),
+        permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
+        permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
 ):
+    await check_permission([f'data_permission.{bill_type_to_permission[item.value]}.query' for item in query],
+                           fund_id,
+                           user.email, permission_user_collect,
+                           permission_role_collect)
+
    query = {"fund_id": fund_id, "user_id": user.id, "bill_type": {'$in': query}}
    if filter_time.start_time and filter_time.end_time:
        query.update({'record_time': filter_time.to_mongodb_query()})
@@ -282,8 +348,15 @@ async def query_bill(
        bill_id: str,
        bill_type: AllBillType,
        bill_collect: AgnosticCollection = Depends(get_bill_collect),
-        user: User = Depends(get_current_user)
+        user: User = Depends(get_current_user),
+        permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
+        permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
 ):
+    await check_permission([f'data_permission.{bill_type_to_permission[bill_type.value]}.delete'],
+                           fund_id,
+                           user.email, permission_user_collect,
+                           permission_role_collect)
+
    query = {"fund_id": fund_id, "user_id": user.id, "bill_type": bill_type, "id": bill_id}
    await bill_collect.delete_one(query)
    return Response()
--- a/api/fund.py
+++ b/api/fund.py
@@ -98,10 +98,8 @@ async def update(
        fund_collect: AgnosticCollection = Depends(get_fund_collect)
 ):
    # 验证权限
-    if not await check_permission(['data_permission.fund.update_info'], fund_id, user.email, permission_user_collect,
-                                  permission_role_collect):
-        raise FundPermissionError()
-
+    await check_permission(['data_permission.fund.update_info'], fund_id, user.email, permission_user_collect,
+                           permission_role_collect)
    db_update_data = update_fund_data.dict(exclude_unset=True)
    db_update_data.update({
        "update_time": int(datetime.datetime.utcnow().timestamp())
@@ -123,9 +121,8 @@ async def get(
        permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
 ):
    # 验证权限
-    if not await check_permission(['data_permission.fund.query_info'], fund_id, user.email, permission_user_collect,
-                                  permission_role_collect):
-        raise FundPermissionError()
+    await check_permission(['data_permission.fund.query_info'], fund_id, user.email, permission_user_collect,
+                           permission_role_collect)

    data = await fund_collect.find_one({'id': fund_id})
    assert data, NotFundError()
@@ -156,7 +153,7 @@ async def get(
            fund_id = item['fund_id']
            task = g.create_task(
                check_permission(['data_permission.fund.query_info'], fund_id, user.email, permission_user_collect,
-                                 permission_role_collect))
+                                 permission_role_collect, raise_exception=False))
            tasks[fund_id] = task
    auth_fund_list = [k for k, v in tasks.items() if v.result()]


--- a/api/permission.py
+++ b/api/permission.py
@@ -28,17 +28,14 @@ async def create_permission(
 ):
    # 检查是否有权限添加用户
    assert 'admin' not in create_user_info.roles, FundPermissionError()  # 不可添加admin
-    is_auth = await check_permission([f'member_permission.{role}.add' for role in create_user_info.roles],
-                                     create_user_info.fund_id,
-                                     user.email, permission_user_collect,
-                                     permission_role_collect)
-    if is_auth:
-        query = {"fund_id": create_user_info.fund_id, "email": create_user_info.email}
-        update = {"$addToSet": {"roles": {"$each": create_user_info.roles}}}
-        await permission_user_collect.update_one(query, update, upsert=True)
-        return Response(data='')
-    else:
-        raise FundPermissionError()
+    await check_permission([f'member_permission.{role}.add' for role in create_user_info.roles],
+                           create_user_info.fund_id,
+                           user.email, permission_user_collect,
+                           permission_role_collect)
+    query = {"fund_id": create_user_info.fund_id, "email": create_user_info.email}
+    update = {"$addToSet": {"roles": {"$each": create_user_info.roles}}}
+    await permission_user_collect.update_one(query, update, upsert=True)
+    return Response(data='')


 @router.delete('/user/',
@@ -53,17 +50,14 @@ async def delete_permission(
 ):
    # 检查是否有权限添加用户
    assert 'admin' not in delete_user_info.roles, FundPermissionError('无法删除 admin')  # 不可删除admin
-    is_auth = await check_permission([f'member_permission.{role}.add' for role in delete_user_info.roles],
-                                     delete_user_info.fund_id,
-                                     user.email, permission_user_collect,
-                                     permission_role_collect)
-    if is_auth:
-        query = {"fund_id": delete_user_info.fund_id, "email": delete_user_info.email}
-        update = {"$pull": {"roles": {"$in": delete_user_info.roles}}}
-        await permission_user_collect.update_one(query, update, upsert=True)
-        return Response(data='')
-    else:
-        raise FundPermissionError()
+    await check_permission([f'member_permission.{role}.add' for role in delete_user_info.roles],
+                           delete_user_info.fund_id,
+                           user.email, permission_user_collect,
+                           permission_role_collect)
+    query = {"fund_id": delete_user_info.fund_id, "email": delete_user_info.email}
+    update = {"$pull": {"roles": {"$in": delete_user_info.roles}}}
+    await permission_user_collect.update_one(query, update, upsert=True)
+    return Response(data='')


 @router.get('/user/',

--- a/service/permission.py
+++ b/service/permission.py