查询基金添加权限验证

f70f87e8 · 杨明橙 · 8b853a65 · f70f87e8 · f70f87e8 · f70f87e8
Commit f70f87e8 authored May 19, 2023 by 杨明橙
Hide whitespace changes
Inline Side-by-side

Showing with 25 additions and 10 deletions

fund.py api/fund.py +2 -2

permission.py api/permission.py +9 -4

permission.py schema/permission.py +1 -1

permission.py service/permission.py +13 -3

No files found.
--- a/api/fund.py
+++ b/api/fund.py
@@ -107,7 +107,7 @@ async def get(
        permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
 ):
    # 验证权限
-    if not await check_permission('data_permission.fund.query_info', fund_id, user.email, permission_user_collect,
+    if not await check_permission(['data_permission.fund.query_info'], fund_id, user.email, permission_user_collect,
                                  permission_role_collect):
        raise FundPermissionError()
@@ -139,7 +139,7 @@ async def get(
        for item in relation_funds:
            fund_id = item['fund_id']
            task = g.create_task(
-                check_permission('data_permission.fund.query_info', fund_id, user.email, permission_user_collect,
+                check_permission(['data_permission.fund.query_info'], fund_id, user.email, permission_user_collect,
                                 permission_role_collect))
            tasks[fund_id] = task
    auth_fund_list = [k for k, v in tasks.items() if v.result()]

--- a/api/permission.py
+++ b/api/permission.py
@@ -4,6 +4,8 @@ from dependencies import get_current_user, get_permission_user_collect, get_perm
 from exception.token import FundPermissionError
 from model import BaseResponse, Response
 from fastapi import APIRouter, Depends
+from schema.permission import CreateUserInfo
 from service.permission import check_permission
 from tools.jwt_tools import User
@@ -15,17 +17,20 @@ router = APIRouter()
             summary='添加账号权限',
             description='添加账号权限')
 async def get_permission(
-        fund_id, email, role,
+        create_user_info: CreateUserInfo,
        user: User = Depends(get_current_user),
        permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
        permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect)
 ):
    # 检查是否有权限添加用户
-    is_auth = await check_permission(f'member_permission.{role}.add', fund_id, user.email, permission_user_collect,
+    assert 'admin' not in create_user_info.roles, FundPermissionError()
+    is_auth = await check_permission([f'member_permission.{role}.add' for role in create_user_info.roles],
+                                     create_user_info.fund_id,
+                                     user.email, permission_user_collect,
                                     permission_role_collect)
    if is_auth:
-        query = {"fund_id": fund_id, "email": email}
+        query = {"fund_id": create_user_info.fund_id, "email": create_user_info.email}
-        update = {"$addToSet": {"role": role}}
+        update = {"$addToSet": {"role": {"$each": create_user_info.roles}}}
        await permission_user_collect.update_one(query, update, upsert=True)
        return Response(data='')
    else:

--- a/schema/permission.py
+++ b/schema/permission.py
@@ -34,4 +34,4 @@ class CreateRole(BaseModel):
 class CreateUserInfo(BaseModel):
    fund_id: str = Field(..., description='基金id')
    email: str = Field(..., description='用户中心email')
-    role: List[str] = Field([], description='角色')
+    roles: List[str] = Field(..., description='角色')
--- a/service/permission.py
+++ b/service/permission.py
@@ -331,13 +331,23 @@ print(label_map)
 async def create_default_role_and_user(fund_id, admin_email, permission_user_collect: AgnosticCollection,
                                       permission_role_collect: AgnosticCollection):
-    admin_user = CreateUserInfo(fund_id=fund_id, email=admin_email, role=['admin'])
+    admin_user = CreateUserInfo(fund_id=fund_id, email=admin_email, roles=['admin'])
    await permission_user_collect.insert_one(admin_user.dict())
    default_roles = [CreateRole(**item, fund_id=fund_id, remark='系统创建').dict() for item in default_role_table]
    await permission_role_collect.insert_many(default_roles)
-async def check_permission(permission, fund_id, email, permission_user_collect, permission_role_collect):
+async def check_permission(for_check_permission_list, fund_id, email, permission_user_collect,
+                           permission_role_collect):
+    """
+    验证的权限同时都满足 返回True 否则返回False
+    :param for_check_permission_list:
+    :param fund_id:
+    :param email:
+    :param permission_user_collect:
+    :param permission_role_collect:
+    :return:
+    """
    this_fund_role = await permission_user_collect.find_one({'email': email, 'fund_id': fund_id})
    if not this_fund_role:
        return False
@@ -347,7 +357,7 @@ async def check_permission(permission, fund_id, email, permission_user_collect,
        permission_list = [item for sublist in data for item in sublist['permissions']]
        if 'all' in permission_list:
            return True
-        elif permission in permission_list:
+        elif all(x in permission_list for x in for_check_permission_list):
            return True
        else:
            return False