Skip to content

P
PyFund
Commit 8b853a65 authored by 杨明橙's avatar 杨明橙
Browse files
Options

查询基金 添加权限验证

parent e10b6aea
Hide whitespace changes
Inline Side-by-side
Showing with 458 additions and 340 deletions
api/fund.py
View file @ 8b853a65
import asyncio
import datetime
from typing import Union, Optional
......@@ -6,14 +7,16 @@ from apscheduler.schedulers.asyncio import AsyncIOScheduler
from fastapi import APIRouter, Depends, Query, Request
from motor.core import AgnosticCollection
from pymongo import ReturnDocument
from starlette.background import BackgroundTasks
from exception.db import NotFundError
from exception.token import FundPermissionError
from model import Response, PageResponse, Page
from model.fund import FundType, StakingFund, NormalFund, FundStatus
from dependencies import get_current_user, get_fund_collect, get_scheduler
from dependencies import get_current_user, get_fund_collect, get_scheduler, get_permission_user_collect, \
get_permission_role_collect
from schema.fund import CreateFund, UpdateFund
from service.scheduler import delete_nav_task, calculate_nav_task, get_next_execute_time
from service.permission import create_default_role_and_user, check_permission
from service.scheduler import delete_nav_task, calculate_nav_task
from tools.jwt_tools import User
router = APIRouter()
......@@ -31,7 +34,9 @@ async def create(
request: Request,
create_fund: CreateFund,
user: User = Depends(get_current_user),
fund_collect: AgnosticCollection = Depends(get_fund_collect)
fund_collect: AgnosticCollection = Depends(get_fund_collect),
permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
):
create_model = fund_type_map[create_fund.fund_type](**create_fund.dict(), nodes=[], **user.db_save())
create_model.nav = create_model.base_nav
......@@ -40,6 +45,8 @@ async def create(
response_model = fund_type_map[data['fund_type']]
await fund_collect.insert_one(data)
# await calculate_nav_task(data['id'], scheduler, fund_collect, user.id)
await create_default_role_and_user(data['id'], user.email, permission_user_collect, permission_role_collect)
scheduler = request.app.state.scheduler
job_id = f"calculate_nav_{data['id']}"
time_obj = datetime.datetime.strptime(data["settlement_time"], "%H:%M")
......@@ -51,7 +58,7 @@ async def create(
minute=time_obj.minute,
args=[data["id"]],
id=job_id,
misfire_grace_time=60*60
misfire_grace_time=60 * 60
)
return Response[response_model](data=response_model(**data))
......@@ -95,8 +102,15 @@ async def update(
async def get(
fund_id: str,
user: User = Depends(get_current_user),
fund_collect: AgnosticCollection = Depends(get_fund_collect)
fund_collect: AgnosticCollection = Depends(get_fund_collect),
permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
):
# 验证权限
if not await check_permission('data_permission.fund.query_info', fund_id, user.email, permission_user_collect,
permission_role_collect):
raise FundPermissionError()
data = await fund_collect.find_one({'id': fund_id, 'user_id': user.id})
assert data, NotFundError()
......@@ -114,9 +128,23 @@ async def get(
fund_type: Optional[FundType] = Query(default=None, description='基金类型'),
fund_status: FundStatus = None,
user: User = Depends(get_current_user),
fund_collect: AgnosticCollection = Depends(get_fund_collect)
fund_collect: AgnosticCollection = Depends(get_fund_collect),
permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
):
query = {"user_id": user.id}
relation_funds = await permission_user_collect.find({"email": user.email}).to_list(length=None)
tasks = {}
async with asyncio.TaskGroup() as g:
for item in relation_funds:
fund_id = item['fund_id']
task = g.create_task(
check_permission('data_permission.fund.query_info', fund_id, user.email, permission_user_collect,
permission_role_collect))
tasks[fund_id] = task
auth_fund_list = [k for k, v in tasks.items() if v.result()]
query = {"id": {'$in': auth_fund_list}}
if fund_type:
query.update({"fund_type": fund_type})
if fund_status:
......
api/permission.py
View file @ 8b853a65
from motor.core import AgnosticCollection
import dependencies
from exception.db import ExistDataError, NotFundError
from model import BaseResponse, Response, PageResponse, Page
from fastapi import APIRouter, Depends, Query
from model.permission import Role, UserInfo
from schema.permission import CreateRole, CreateUserInfo
from schema.beacon import Validator, ValidatorDeposit, ValidatorBlock, ValidatorIncome, Epoch
from service.beacon import BeaconChaService
from dependencies import get_current_user, get_permission_user_collect, get_permission_role_collect
from exception.token import FundPermissionError
from model import BaseResponse, Response
from fastapi import APIRouter, Depends
from service.permission import check_permission
from tools.jwt_tools import User
router = APIRouter()
# @router.post('/',
@router.post('/user/',
response_model=BaseResponse,
summary='添加账号权限',
description='添加账号权限')
async def get_permission(
fund_id, email, role,
user: User = Depends(get_current_user),
permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
):
# 检查是否有权限添加用户
is_auth = await check_permission(f'member_permission.{role}.add', fund_id, user.email, permission_user_collect,
permission_role_collect)
if is_auth:
query = {"fund_id": fund_id, "email": email}
update = {"$addToSet": {"role": role}}
await permission_user_collect.update_one(query, update, upsert=True)
return Response(data='')
else:
raise FundPermissionError()
# @router.post('/role',
# response_model=BaseResponse,
# summary='添加权限',
# description='添加权限')
# async def add_permission(
# permission: CreatePermission,
# summary='添加角色',
# description='添加角色')
# async def add_role(
# role: CreateRole,
# # user: User = Depends(dependencies.get_current_user),
# permission_collect: AgnosticCollection = Depends(dependencies.get_permission_collect)
# ):
# data = await permission_collect.find_one({'name': permission.name, 'group': permission.group})
# data = await permission_collect.find_one({'name': role.name, 'fund_id': role.fund_id})
# if not data:
# db_data = Permission(**permission.dict())
# db_data = Role(**role.dict())
# await permission_collect.insert_one(db_data.dict())
# return Response[Permission](data=db_data)
# return Response[Role](data=db_data)
# else:
# raise ExistDataError(message='该分组下已存在此权限')
@router.post('/role',
response_model=BaseResponse,
summary='添加角色',
description='添加角色')
async def add_role(
role: CreateRole,
# user: User = Depends(dependencies.get_current_user),
permission_collect: AgnosticCollection = Depends(dependencies.get_permission_collect)
):
data = await permission_collect.find_one({'name': role.name, 'org_id': role.org_id})
if not data:
db_data = Role(**role.dict())
await permission_collect.insert_one(db_data.dict())
return Response[Role](data=db_data)
else:
raise ExistDataError(message='该机构下已存在此角色')
# raise ExistDataError(message='该机构下已存在此角色')
dependencies.py
View file @ 8b853a65
......@@ -55,8 +55,14 @@ def get_nav_collect(mongodb_manager: AioMongodbManager = Depends(get_mongodb_man
return mongodb_manager.get_client(name='pyfund', db='pyfund', collect='nav')
def get_permission_collect(mongodb_manager: AioMongodbManager = Depends(get_mongodb_manager)) -> AgnosticCollection:
return mongodb_manager.get_client(name='pyfund', db='pyfund', collect='permission')
def get_permission_user_collect(
mongodb_manager: AioMongodbManager = Depends(get_mongodb_manager)) -> AgnosticCollection:
return mongodb_manager.get_client(name='pyfund', db='pyfund', collect='permission_user')
def get_permission_role_collect(
mongodb_manager: AioMongodbManager = Depends(get_mongodb_manager)) -> AgnosticCollection:
return mongodb_manager.get_client(name='pyfund', db='pyfund', collect='permission_role')
# 获取redis Client
......
exception/token.py
View file @ 8b853a65
......@@ -3,3 +3,8 @@ from exception import MyException
class TokenError(MyException):
pass
class FundPermissionError(MyException):
message = '权限错误'
status = 400
model/permission.py
View file @ 8b853a65
......@@ -3,16 +3,16 @@ from pydantic import Field
from model import MyBaseModel
class PermissionTable(MyBaseModel):
fund_id: str = Field(..., description='基金id')
data: Dict[str, List[str]] = Field({}, description='权限表')
# class PermissionTable(MyBaseModel):
# fund_id: str = Field(..., description='基金id')
# data: Dict[str, List[str]] = Field({}, description='权限表')
class Role(MyBaseModel):
name: str = Field(..., description='角色名')
fund_id: str = Field(..., description='基金id')
system: bool = Field(False, description='系统创建')
permissions: Dict[str, List[str]] = Field({}, description='拥有权限')
permissions: List[str] = Field([], description='拥有的权限')
remark: str = Field(None, description='备注')
......
schema/permission.py
View file @ 8b853a65
......@@ -3,305 +3,31 @@ from typing import List, Dict
from pydantic import Field, BaseModel
class PermissionItem:
def __init__(self, code, label, children):
self.code = code
self.label = label
self.children = children
# class PermissionItem:
# def __init__(self, code, label, children):
# self.code = code
# self.label = label
# self.children = children
#
# def dict(self):
# return {
# "code": self.code,
# "label": self.label,
# "children": self.children
# }
def dict(self):
return {
"code": self.code,
"label": self.label,
"children": self.children
}
default_permission_table = [
{
"code": 'data_permission',
"label": "数据管理权限",
"children": [
# 基金管理
{
"code": "fund",
"label": '基金管理',
"children": [
{
"code": "query_info",
"label": "查询基金基础信息"
},
{
"code": "update_info",
"label": "更新基金基础信息"
},
{
"code": "query_list",
"label": "查询基金列表"
},
{
"code": "bill_page",
"label": "访问账目页面"
},
]
},
# 质押节点
{
"code": "node",
"label": '质押节点',
"children": [
{
"code": "bind_node",
"label": "绑定节点"
},
{
"code": "untie_node",
"label": "解绑节点"
},
{
"code": "query_node",
"label": "查询节点"
}
]
},
# 账目-申购/赎回
{
"code": "sub_redeem_bill",
"label": '账目-申购/赎回',
"children": [
{
"code": "add",
"label": "添加"
},
{
"code": "delete",
"label": "删除"
},
{
"code": "edit",
"label": "修改"
},
{
"code": "query",
"label": "查询"
},
]
},
# 账目-换币
{
"code": "swap_bill",
"label": '账目-换币',
"children": [
{
"code": "add",
"label": "添加"
},
{
"code": "delete",
"label": "删除"
},
{
"code": "edit",
"label": "修改"
},
{
"code": "query",
"label": "查询"
},
]
},
# 账目-质押
{
"code": "staking_bill",
"label": '账目-质押',
"children": [
{
"code": "add",
"label": "添加"
},
{
"code": "delete",
"label": "删除"
},
{
"code": "edit",
"label": "修改"
},
{
"code": "query",
"label": "查询"
},
]
},
# 账目-调整账户
{
"code": "adjust_bill",
"label": '账目-调整账户',
"children": [
{
"code": "add",
"label": "添加"
},
{
"code": "delete",
"label": "删除"
},
{
"code": "edit",
"label": "修改"
},
{
"code": "query",
"label": "查询"
},
]
},
# 净值管理
{
"code": "nav",
"label": '净值管理',
"children": [
{
"code": "recalculate",
"label": "基金重新计算净值"
},
{
"code": "add",
"label": "新增"
},
{
"code": "delete",
"label": "删除"
},
{
"code": "edit",
"label": "修改"
},
{
"code": "query",
"label": "查询"
},
]
},
]
},
{
"code": 'role_permission',
"label": "角色管理权限",
"children": [
# 角色的管理
{
"code": "role",
"label": '角色管理',
"children": [
{
"code": "add",
"label": "添加"
},
{
"code": "delete",
"label": "删除"
},
{
"code": "edit",
"label": "修改"
},
{
"code": "query",
"label": "查询"
},
]
},
]
},
{
"code": 'member_permission',
"label": "人员管理权限",
"children": [
# 基金经理人员的管理
{
"code": "fund_manager",
"label": '基金经理',
"children": [
{
"code": "add",
"label": "添加"
},
{
"code": "delete",
"label": "删除"
},
{
"code": "edit",
"label": "修改"
},
{
"code": "query",
"label": "查询"
},
]
},
# 基金经理助理
{
"code": "fund_manager_assistant",
"label": '基金经理助理',
"children": [
{
"code": "add",
"label": "添加"
},
{
"code": "delete",
"label": "删除"
},
{
"code": "edit",
"label": "修改"
},
{
"code": "query",
"label": "查询"
},
]
},
]
}
]
default_role_table = [
{
"name": 'admin',
"label": "基金创建人",
"role": ['all']
},
{
"name": 'fund_manager',
"label": "基金经理",
"role": ['all']
},
{
"name": 'fund_manager_assistant',
"label": "基金经理助理",
"role": []
}
]
data = []
for item in default_permission_table:
for i in item['children']:
base_code = i['code']
for x in i['children']:
data.append(f'{base_code}.{x["code"]}')
print(data)
# 接口请求模型 创建
class CreatePermissionTable(BaseModel):
fund_id: str = Field(..., description='基金id')
data: Dict[str, List[str]] = Field(default_permission_table, description='权限表')
# class CreatePermissionTable(BaseModel):
# fund_id: str = Field(..., description='基金id')
# data: Dict[str, List[str]] = Field(..., description='权限表')
class CreateRole(BaseModel):
name: str = Field(..., description='角色名')
label: str = Field(..., description='展示名')
fund_id: str = Field(..., description='基金id')
permissions: Dict[str, List[str]] = Field({}, description='拥有权限')
permissions: List[str] = Field(..., description='拥有的权限')
remark: str = Field(None, description='备注')
......
service/permission.py 0 → 100644
View file @ 8b853a65
from motor.core import AgnosticCollection
from schema.permission import CreateRole, CreateUserInfo
sys_permission_table = [
{
"code": 'data_permission',
"label": "数据管理权限",
"children": [
# 基金管理
{
"code": "data_permission.fund",
"label": '基金管理',
"children": [
{
"code": "data_permission.fund.query_info",
"label": "查询基金基础信息"
},
{
"code": "data_permission.fund.update_info",
"label": "更新基金基础信息"
},
{
"code": "data_permission.fund.query_list",
"label": "查询基金列表"
},
{
"code": "data_permission.fund.query_asset",
"label": "访问账目页面"
},
]
},
# 质押节点
{
"code": "data_permission.node",
"label": '质押节点',
"children": [
{
"code": "data_permission.node.bind_node",
"label": "绑定节点"
},
{
"code": "data_permission.node.untie_node",
"label": "解绑节点"
},
{
"code": "data_permission.node.query_node",
"label": "查询节点"
}
]
},
# 账目-申购/赎回
{
"code": "data_permission.sub_redeem_bill",
"label": '账目-申购/赎回',
"children": [
{
"code": "data_permission.sub_redeem_bill.add",
"label": "添加"
},
{
"code": "data_permission.sub_redeem_bill.delete",
"label": "删除"
},
{
"code": "data_permission.sub_redeem_bill.edit",
"label": "修改"
},
{
"code": "data_permission.sub_redeem_bill.query",
"label": "查询"
},
]
},
# 账目-换币
{
"code": "data_permission.swap_bill",
"label": '账目-换币',
"children": [
{
"code": "data_permission.swap_bill.add",
"label": "添加"
},
{
"code": "data_permission.swap_bill.delete",
"label": "删除"
},
{
"code": "data_permission.swap_bill.edit",
"label": "修改"
},
{
"code": "data_permission.swap_bill.query",
"label": "查询"
},
]
},
# 账目-质押
{
"code": "data_permission.staking_bill",
"label": '账目-质押',
"children": [
{
"code": "data_permission.staking_bill.add",
"label": "添加"
},
{
"code": "data_permission.staking_bill.delete",
"label": "删除"
},
{
"code": "data_permission.staking_bill.edit",
"label": "修改"
},
{
"code": "data_permission.staking_bill.query",
"label": "查询"
},
]
},
# 账目-调整账户
{
"code": "data_permission.adjust_bill",
"label": '账目-调整账户',
"children": [
{
"code": "data_permission.adjust_bill.add",
"label": "添加"
},
{
"code": "data_permission.adjust_bill.delete",
"label": "删除"
},
{
"code": "data_permission.adjust_bill.edit",
"label": "修改"
},
{
"code": "data_permission.adjust_bill.query",
"label": "查询"
},
]
},
# 净值管理
{
"code": "data_permission.nav",
"label": '净值管理',
"children": [
{
"code": "data_permission.nav.recalculate",
"label": "基金重新计算净值"
},
{
"code": "data_permission.nav.add",
"label": "新增"
},
{
"code": "data_permission.nav.delete",
"label": "删除"
},
{
"code": "data_permission.nav.edit",
"label": "修改"
},
{
"code": "data_permission.nav.query",
"label": "查询"
},
]
},
]
},
{
"code": 'role_permission',
"label": "角色管理权限",
"children": [
# 角色的管理
{
"code": "role_permission.role",
"label": '角色管理',
"children": [
{
"code": "role_permission.role.add",
"label": "添加"
},
{
"code": "role_permission.role.delete",
"label": "删除"
},
{
"code": "role_permission.role.edit",
"label": "修改"
},
{
"code": "role_permission.role.query",
"label": "查询"
},
]
},
]
},
{
"code": 'member_permission',
"label": "人员管理权限",
"children": [
# 基金经理人员的管理
{
"code": "member_permission.fund_manager",
"label": '基金经理',
"children": [
{
"code": "member_permission.fund_manager.add",
"label": "添加"
},
{
"code": "member_permission.fund_manager.delete",
"label": "删除"
},
{
"code": "member_permission.fund_manager.edit",
"label": "修改"
},
{
"code": "member_permission.fund_manager.query",
"label": "查询"
},
]
},
# 基金经理助理
{
"code": "member_permission.fund_manager_assistant",
"label": '基金经理助理',
"children": [
{
"code": "member_permission.fund_manager_assistant.add",
"label": "添加"
},
{
"code": "member_permission.fund_manager_assistant.delete",
"label": "删除"
},
{
"code": "member_permission.fund_manager_assistant.edit",
"label": "修改"
},
{
"code": "member_permission.fund_manager_assistant.query",
"label": "查询"
},
]
},
]
}
]
default_role_table = [
{
"name": 'admin',
"label": "基金创建人",
"permissions": ['all']
},
{
"name": 'fund_manager',
"label": "基金经理",
"permissions": ['data_permission.fund.query_info', 'data_permission.fund.update_info',
'data_permission.fund.query_asset',
'data_permission.node.bind_node',
'data_permission.node.untie_node', 'data_permission.node.query_node',
'data_permission.sub_redeem_bill.add', 'data_permission.sub_redeem_bill.delete',
'data_permission.sub_redeem_bill.edit', 'data_permission.sub_redeem_bill.query',
'data_permission.swap_bill.add', 'data_permission.swap_bill.delete',
'data_permission.swap_bill.edit',
'data_permission.swap_bill.query', 'data_permission.staking_bill.add',
'data_permission.staking_bill.delete', 'data_permission.staking_bill.edit',
'data_permission.staking_bill.query', 'data_permission.adjust_bill.add',
'data_permission.adjust_bill.delete', 'data_permission.adjust_bill.edit',
'data_permission.adjust_bill.query', 'data_permission.nav.recalculate',
'data_permission.nav.add',
'data_permission.nav.delete', 'data_permission.nav.edit', 'data_permission.nav.query',
'role_permission.role.add', 'role_permission.role.delete', 'role_permission.role.edit',
'role_permission.role.query', 'member_permission.fund_manager_assistant.add',
'member_permission.fund_manager_assistant.delete',
'member_permission.fund_manager_assistant.edit',
'member_permission.fund_manager_assistant.query']
},
{
"name": 'fund_manager_assistant',
"label": "基金经理助理",
"permissions": ['data_permission.fund.query_info', 'data_permission.fund.update_info',
'data_permission.fund.query_asset',
'data_permission.node.bind_node',
'data_permission.node.untie_node', 'data_permission.node.query_node',
'data_permission.sub_redeem_bill.add', 'data_permission.sub_redeem_bill.delete',
'data_permission.sub_redeem_bill.edit', 'data_permission.sub_redeem_bill.query',
'data_permission.swap_bill.add', 'data_permission.swap_bill.delete',
'data_permission.swap_bill.edit',
'data_permission.swap_bill.query', 'data_permission.staking_bill.add',
'data_permission.staking_bill.delete', 'data_permission.staking_bill.edit',
'data_permission.staking_bill.query', 'data_permission.adjust_bill.add',
'data_permission.adjust_bill.delete', 'data_permission.adjust_bill.edit',
'data_permission.adjust_bill.query', 'data_permission.nav.recalculate',
'data_permission.nav.add',
'data_permission.nav.delete', 'data_permission.nav.edit', 'data_permission.nav.query',
'role_permission.role.add', 'role_permission.role.delete', 'role_permission.role.edit',
'role_permission.role.query']
}
]
data = []
for item in sys_permission_table:
for i in item['children']:
for x in i['children']:
data.append(x["code"])
permission_tree = {}
label_map = {}
for item in sys_permission_table:
label_map[item['code']] = item['label']
permission_tree[item["code"]] = {}
for children in item["children"]:
label_map[children['code']] = children['label']
for i in children["children"]:
label_map[i['code']] = i['label']
permission_tree[item["code"]].setdefault(children["code"], [])
permission_tree[item["code"]][children["code"]].append(i['code'])
print(data)
print(permission_tree)
print(label_map)
async def create_default_role_and_user(fund_id, admin_email, permission_user_collect: AgnosticCollection,
permission_role_collect: AgnosticCollection):
admin_user = CreateUserInfo(fund_id=fund_id, email=admin_email, role=['admin'])
await permission_user_collect.insert_one(admin_user.dict())
default_roles = [CreateRole(**item, fund_id=fund_id, remark='系统创建').dict() for item in default_role_table]
await permission_role_collect.insert_many(default_roles)
async def check_permission(permission, fund_id, email, permission_user_collect, permission_role_collect):
this_fund_role = await permission_user_collect.find_one({'email': email, 'fund_id': fund_id})
if not this_fund_role:
return False
else:
data = await permission_role_collect.find(
{'fund_id': fund_id, 'name': {'$in': this_fund_role['role']}}).to_list(length=None)
permission_list = [item for sublist in data for item in sublist['permissions']]
if 'all' in permission_list:
return True
elif permission in permission_list:
return True
else:
return False
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment