Skip to content

P
PyFund
Commit a64dcbc9 authored by 杨明橙's avatar 杨明橙
Browse files
Options

添加查询权限接口

parent e01ae898
Hide whitespace changes
Inline Side-by-side
Showing with 101 additions and 27 deletions
api/permission.py
View file @ a64dcbc9
from motor.core import AgnosticCollection
from dependencies import get_current_user, get_permission_user_collect, get_permission_role_collect
from dependencies import get_current_user, get_permission_user_collect, get_permission_role_collect, \
get_permission_label_map
from exception.token import FundPermissionError
from model import BaseResponse, Response
from fastapi import APIRouter, Depends
from schema.permission import CreateUserInfo
from service.permission import check_permission
from service.permission import check_permission, find_user_permission, build_permission_tree
from tools.jwt_tools import User
router = APIRouter()
......@@ -16,7 +17,7 @@ router = APIRouter()
response_model=BaseResponse,
summary='添加账号权限',
description='添加账号权限')
async def get_permission(
async def create_permission(
create_user_info: CreateUserInfo,
user: User = Depends(get_current_user),
permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
......@@ -36,6 +37,26 @@ async def get_permission(
else:
raise FundPermissionError()
@router.get('/user/',
response_model=BaseResponse,
summary='查询账号权限',
description='查询账号权限')
async def create_permission(
fund_id: str,
user: User = Depends(get_current_user),
permission_label_map: dict = Depends(get_permission_label_map),
permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
):
permissions, roles = await find_user_permission(fund_id=fund_id,
email=user.email,
permission_user_collect=permission_user_collect,
permission_role_collect=permission_role_collect)
role_db_data = await permission_role_collect.find({'fund_id': fund_id, "name": {"$in": roles}}).to_list(length=None)
result_role_data = [{"name": item["name"], "label": item["label"]} for item in role_db_data]
permissions_tree = build_permission_tree(permissions, permission_label_map)
return Response(data={'permission': permissions_tree, "roles": result_role_data})
# @router.post('/role',
# response_model=BaseResponse,
# summary='添加角色',
......
dependencies.py
View file @ a64dcbc9
......@@ -12,9 +12,17 @@ from starlette.requests import Request
from tools.jwt_tools import User
def get_permission_tree(request: Request) -> dict:
return request.app.state.permission_tree
def get_permission_label_map(request: Request) -> dict:
return request.app.state.label_map
def get_current_user(credentials: HTTPAuthorizationCredentials = Security(jwt_tools.security)) -> User:
if settings.env == 'LOCAL':
return User(id='659092a5-df9e-43fd-b51d-79d4c7ff09ad', email='local_test@qq.com')
return User(id=credentials.credentials, email='wangzian@matrixone.io')
return jwt_tools.get_current_user(credentials)
......
main.py
View file @ a64dcbc9
......@@ -16,6 +16,7 @@ from db import register_mongodb, register_redis
from exception import MyException
from model import ErrorResponse
from service.beacon import BeaconChaService
from service.permission import make_permission_tree_and_label_map
from service.price import CMCPrice
from service.scheduler import update_staking_node_status_task
from tools.jwt_tools import get_identify_key
......@@ -85,6 +86,8 @@ async def startup():
misfire_grace_time=600 * 3
)
app.state.permission_tree, app.state.label_map = make_permission_tree_and_label_map()
app.state.scheduler.add_job(
update_staking_node_status_task,
args=(BeaconChaService(), app.state.mongodb_manager,),
......
model/permission.py
View file @ a64dcbc9
from typing import List, Dict
from typing import List
from pydantic import Field
from model import MyBaseModel
......
service/permission.py
View file @ a64dcbc9
......@@ -306,27 +306,29 @@ default_role_table = [
}
]
data = []
for item in sys_permission_table:
for i in item['children']:
for x in i['children']:
data.append(x["code"])
permission_tree = {}
label_map = {}
for item in sys_permission_table:
label_map[item['code']] = item['label']
permission_tree[item["code"]] = {}
for children in item["children"]:
label_map[children['code']] = children['label']
for i in children["children"]:
label_map[i['code']] = i['label']
permission_tree[item["code"]].setdefault(children["code"], [])
permission_tree[item["code"]][children["code"]].append(i['code'])
def make_all_permission_data():
data = []
for item in sys_permission_table:
for i in item['children']:
for x in i['children']:
data.append(x["code"])
return data
print(data)
print(permission_tree)
print(label_map)
def make_permission_tree_and_label_map():
label_map = {}
permission_tree = {}
for item in sys_permission_table:
label_map[item['code']] = item['label']
permission_tree[item["code"]] = {}
for children in item["children"]:
label_map[children['code']] = children['label']
for i in children["children"]:
label_map[i['code']] = i['label']
permission_tree[item["code"]].setdefault(children["code"], [])
permission_tree[item["code"]][children["code"]].append(i['code'])
return permission_tree, label_map
async def create_default_role_and_user(fund_id, admin_email, permission_user_collect: AgnosticCollection,
......@@ -352,12 +354,52 @@ async def check_permission(for_check_permission_list, fund_id, email, permission
if not this_fund_role:
return False
else:
data = await permission_role_collect.find(
{'fund_id': fund_id, 'name': {'$in': this_fund_role['role']}}).to_list(length=None)
permission_list = [item for sublist in data for item in sublist['permissions']]
permission_list, roles = await find_user_permission(fund_id, email, permission_user_collect,
permission_role_collect)
if 'all' in permission_list:
return True
elif all(x in permission_list for x in for_check_permission_list):
return True
else:
return False
async def find_user_permission(fund_id, email, permission_user_collect, permission_role_collect):
this_fund_role = await permission_user_collect.find_one({'email': email, 'fund_id': fund_id})
if not this_fund_role:
return [], []
else:
if 'admin' in this_fund_role['roles']:
permission_list = all_permission_data
else:
data = await permission_role_collect.find(
{'fund_id': fund_id, 'name': {'$in': this_fund_role['roles']}}).to_list(length=None)
permission_list = list({item for sublist in data for item in sublist['permissions']})
return permission_list, this_fund_role['roles']
def build_permission_tree(permissions, permission_label_map):
final = {
"data_permission": {"label": "数据管理权限", "children": {}},
"member_permission": {"label": "人员管理权限", "children": {}},
"role_permission": {"label": "角色管理权限", "children": {}}
}
for permission in permissions:
parts = permission.split('.')
final.setdefault(parts[0], {'label': permission_label_map[parts[0]], 'children': {}})
final[parts[0]]['children'].setdefault(f'{parts[0]}.{parts[1]}',
{'label': permission_label_map[f'{parts[0]}.{parts[1]}'],
'children': {}})
final[parts[0]]['children'][f'{parts[0]}.{parts[1]}']['children'][permission] = {
'label': permission_label_map[permission]}
return final
all_permission_data = make_all_permission_data()
if __name__ == '__main__':
import collections
# print(make_permission_tree_and_label_map())
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment