Merge remote-tracking branch 'origin/main'

ed8fbd02 · 陈涛 · d519456a · a64dcbc9 · ed8fbd02 · ed8fbd02
Commit ed8fbd02 authored May 22, 2023 by 陈涛
Showing with 101 additions and 27 deletions

permission.py api/permission.py +24 -3

dependencies.py dependencies.py +9 -1

main.py main.py +3 -0

permission.py model/permission.py +1 -1

permission.py service/permission.py +64 -22

No files found.
--- a/api/permission.py
+++ b/api/permission.py
 from motor.core import AgnosticCollection
-from dependencies import get_current_user, get_permission_user_collect, get_permission_role_collect
+from dependencies import get_current_user, get_permission_user_collect, get_permission_role_collect, \
+    get_permission_label_map
 from exception.token import FundPermissionError
 from model import BaseResponse, Response
 from fastapi import APIRouter, Depends
 from schema.permission import CreateUserInfo
-from service.permission import check_permission
+from service.permission import check_permission, find_user_permission, build_permission_tree
 from tools.jwt_tools import User
 router = APIRouter()
@@ -16,7 +17,7 @@ router = APIRouter()
             response_model=BaseResponse,
             summary='添加账号权限',
             description='添加账号权限')
-async def get_permission(
+async def create_permission(
        create_user_info: CreateUserInfo,
        user: User = Depends(get_current_user),
        permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
@@ -36,6 +37,26 @@ async def get_permission(
    else:
        raise FundPermissionError()
+@router.get('/user/',
+            response_model=BaseResponse,
+            summary='查询账号权限',
+            description='查询账号权限')
+async def create_permission(
+        fund_id: str,
+        user: User = Depends(get_current_user),
+        permission_label_map: dict = Depends(get_permission_label_map),
+        permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
+        permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
+):
+    permissions, roles = await find_user_permission(fund_id=fund_id,
+                                                    email=user.email,
+                                                    permission_user_collect=permission_user_collect,
+                                                    permission_role_collect=permission_role_collect)
+    role_db_data = await permission_role_collect.find({'fund_id': fund_id, "name": {"$in": roles}}).to_list(length=None)
+    result_role_data = [{"name": item["name"], "label": item["label"]} for item in role_db_data]
+    permissions_tree = build_permission_tree(permissions, permission_label_map)
+    return Response(data={'permission': permissions_tree, "roles": result_role_data})
 # @router.post('/role',
 #              response_model=BaseResponse,
 #              summary='添加角色',

--- a/dependencies.py
+++ b/dependencies.py
@@ -12,9 +12,17 @@ from starlette.requests import Request
 from tools.jwt_tools import User
+def get_permission_tree(request: Request) -> dict:
+    return request.app.state.permission_tree
+def get_permission_label_map(request: Request) -> dict:
+    return request.app.state.label_map
 def get_current_user(credentials: HTTPAuthorizationCredentials = Security(jwt_tools.security)) -> User:
    if settings.env == 'LOCAL':
-        return User(id='659092a5-df9e-43fd-b51d-79d4c7ff09ad', email='local_test@qq.com')
+        return User(id=credentials.credentials, email='wangzian@matrixone.io')
    return jwt_tools.get_current_user(credentials)

--- a/main.py
+++ b/main.py
@@ -16,6 +16,7 @@ from db import register_mongodb, register_redis
 from exception import MyException
 from model import ErrorResponse
 from service.beacon import BeaconChaService
+from service.permission import make_permission_tree_and_label_map
 from service.price import CMCPrice
 from service.scheduler import update_staking_node_status_task
 from tools.jwt_tools import get_identify_key
@@ -85,6 +86,8 @@ async def startup():
        misfire_grace_time=600 * 3
    )
+    app.state.permission_tree, app.state.label_map = make_permission_tree_and_label_map()
    app.state.scheduler.add_job(
        update_staking_node_status_task,
        args=(BeaconChaService(), app.state.mongodb_manager,),

--- a/model/permission.py
+++ b/model/permission.py
-from typing import List, Dict
+from typing import List
 from pydantic import Field
 from model import MyBaseModel

--- a/service/permission.py
+++ b/service/permission.py
@@ -306,15 +306,20 @@ default_role_table = [
    }
 ]
-data = []
-for item in sys_permission_table:
+def make_all_permission_data():
+    data = []
+    for item in sys_permission_table:
        for i in item['children']:
            for x in i['children']:
                data.append(x["code"])
+    return data
-permission_tree = {}
+def make_permission_tree_and_label_map():
-label_map = {}
+    label_map = {}
-for item in sys_permission_table:
+    permission_tree = {}
+    for item in sys_permission_table:
        label_map[item['code']] = item['label']
        permission_tree[item["code"]] = {}
        for children in item["children"]:
@@ -323,10 +328,7 @@ for item in sys_permission_table:
                label_map[i['code']] = i['label']
                permission_tree[item["code"]].setdefault(children["code"], [])
                permission_tree[item["code"]][children["code"]].append(i['code'])
+    return permission_tree, label_map
-print(data)
-print(permission_tree)
-print(label_map)
 async def create_default_role_and_user(fund_id, admin_email, permission_user_collect: AgnosticCollection,
@@ -352,12 +354,52 @@ async def check_permission(for_check_permission_list, fund_id, email, permission
    if not this_fund_role:
        return False
    else:
-        data = await permission_role_collect.find(
+        permission_list, roles = await find_user_permission(fund_id, email, permission_user_collect,
-            {'fund_id': fund_id, 'name': {'$in': this_fund_role['role']}}).to_list(length=None)
+                                                            permission_role_collect)
-        permission_list = [item for sublist in data for item in sublist['permissions']]
        if 'all' in permission_list:
            return True
        elif all(x in permission_list for x in for_check_permission_list):
            return True
        else:
            return False
+async def find_user_permission(fund_id, email, permission_user_collect, permission_role_collect):
+    this_fund_role = await permission_user_collect.find_one({'email': email, 'fund_id': fund_id})
+    if not this_fund_role:
+        return [], []
+    else:
+        if 'admin' in this_fund_role['roles']:
+            permission_list = all_permission_data
+        else:
+            data = await permission_role_collect.find(
+                {'fund_id': fund_id, 'name': {'$in': this_fund_role['roles']}}).to_list(length=None)
+            permission_list = list({item for sublist in data for item in sublist['permissions']})
+        return permission_list, this_fund_role['roles']
+def build_permission_tree(permissions, permission_label_map):
+    final = {
+        "data_permission": {"label": "数据管理权限", "children": {}},
+        "member_permission": {"label": "人员管理权限", "children": {}},
+        "role_permission": {"label": "角色管理权限", "children": {}}
+    }
+    for permission in permissions:
+        parts = permission.split('.')
+        final.setdefault(parts[0], {'label': permission_label_map[parts[0]], 'children': {}})
+        final[parts[0]]['children'].setdefault(f'{parts[0]}.{parts[1]}',
+                                               {'label': permission_label_map[f'{parts[0]}.{parts[1]}'],
+                                                'children': {}})
+        final[parts[0]]['children'][f'{parts[0]}.{parts[1]}']['children'][permission] = {
+            'label': permission_label_map[permission]}
+    return final
+all_permission_data = make_all_permission_data()
+if __name__ == '__main__':
+    import collections
+    # print(make_permission_tree_and_label_map())