修复创建多对多的问题

取消用户直接绑定权限

Author: Chise1

fast_tmp/admin/depends.py

@@ -48,16 +48,14 @@ async def __get_user_or_none(access_token: Optional[str] = Cookie(None)) -> Opti
                 return None
         except Exception:
             return None
-        user = await User.filter(username=username).first()
-        if user is not None and user.is_active:
-            return user
+        return await User.filter(username=username).first()
     return None
 
 
-async def get_user(request: Request, user: Optional[User] = Depends(__get_user_or_none)):
+async def get_staff(request: Request, user: Optional[User] = Depends(__get_user_or_none)):
     """
     found user and write to request
     """
-    if not user or not user.is_active:
+    if not user or not user.is_active or not user.is_staff:
         raise NoAuthError()
     request.scope["user"] = user

fast_tmp/admin/endpoint.py

@@ -3,14 +3,14 @@
 from fastapi import APIRouter, Depends
 from starlette.requests import Request
 
-from fast_tmp.admin.depends import get_user
+from fast_tmp.admin.depends import get_staff
 from fast_tmp.responses import BaseRes, ListDataWithPage
 from fast_tmp.site import ModelAdmin, get_model_site
 
 router = APIRouter()
 
 
-@router.get("/{resource}/list", dependencies=[Depends(get_user)])
+@router.get("/{resource}/list", dependencies=[Depends(get_staff)])
 async def list_view(
     request: Request,
     page_model: ModelAdmin = Depends(get_model_site),
@@ -26,7 +26,7 @@ async def list_view(
     )
 
 
-@router.get("/{resource}/prefetch/{field_name}", dependencies=[Depends(get_user)])
+@router.get("/{resource}/prefetch/{field_name}", dependencies=[Depends(get_staff)])
 async def prefetch_view(
     request: Request,
     field_name: str,
@@ -42,7 +42,7 @@ async def prefetch_view(
     return BaseRes(data=datas)
 
 
-@router.get("/{resource}/select/{field_name}", dependencies=[Depends(get_user)])
+@router.get("/{resource}/select/{field_name}", dependencies=[Depends(get_staff)])
 async def select_view(
     request: Request,
     field_name: str,
@@ -58,7 +58,7 @@ async def select_view(
     return BaseRes(data=datas)
 
 
-@router.post("/{resource}/patch/{pk}", dependencies=[Depends(get_user)])
+@router.post("/{resource}/patch/{pk}", dependencies=[Depends(get_staff)])
 async def patch_data(
     request: Request,
     pk: str,
@@ -72,7 +72,7 @@ async def patch_data(
     return BaseRes().dict()
 
 
-@router.put("/{resource}/update/{pk}", dependencies=[Depends(get_user)])
+@router.put("/{resource}/update/{pk}", dependencies=[Depends(get_staff)])
 async def update_data(
     request: Request,
     pk: str,
@@ -83,7 +83,7 @@ async def update_data(
     return BaseRes(data=data)
 
 
-@router.get("/{resource}/update/{pk}", dependencies=[Depends(get_user)])
+@router.get("/{resource}/update/{pk}", dependencies=[Depends(get_staff)])
 async def update_view(
     request: Request,
     pk: str,
@@ -93,7 +93,7 @@ async def update_view(
     return BaseRes(data=data)
 
 
-@router.post("/{resource}/create", dependencies=[Depends(get_user)])
+@router.post("/{resource}/create", dependencies=[Depends(get_staff)])
 async def create(
     request: Request,
     page_model: ModelAdmin = Depends(get_model_site),
@@ -103,7 +103,7 @@ async def create(
     return BaseRes(data=data)
 
 
-@router.delete("/{resource}/delete/{pk}", dependencies=[Depends(get_user)])
+@router.delete("/{resource}/delete/{pk}", dependencies=[Depends(get_staff)])
 async def delete_func(
     request: Request,
     pk: str,
@@ -113,9 +113,9 @@ async def delete_func(
     return BaseRes()
 
 
-@router.get("/{resource}/schema", dependencies=[Depends(get_user)])
+@router.get("/{resource}/schema", dependencies=[Depends(get_staff)])
 async def get_schema(
     request: Request,
     page: ModelAdmin = Depends(get_model_site),
 ):
-    return BaseRes(data=page.get_app_page(request))
+    return BaseRes(data=await page.get_app_page(request))

fast_tmp/admin/server.py

@@ -10,13 +10,13 @@
 
 from fast_tmp.admin.site import GroupAdmin, UserAdmin
 from fast_tmp.conf import settings
-from fast_tmp.models import User
+from fast_tmp.models import Permission, User
 from fast_tmp.responses import BaseRes, FastTmpError
 from fast_tmp.site import model_list, register_model_site
 from fast_tmp.utils.token import create_access_token
 
 from ..jinja_extension.tags import register_tags
-from .depends import get_user
+from .depends import get_staff
 from .endpoint import router
 from .exception_handlers import fasttmp_exception_handler, tortoise_exception_handler
 
@@ -31,8 +31,8 @@
 admin.exception_handler(BaseORMException)(tortoise_exception_handler)
 
 
-@admin.post("/", name="index", dependencies=[Depends(get_user)])
-@admin.get("/", name="index", dependencies=[Depends(get_user)])
+@admin.post("/", name="index", dependencies=[Depends(get_staff)])
+@admin.get("/", name="index", dependencies=[Depends(get_staff)])
 async def index(request: Request):
     return templates.TemplateResponse(
         "index.html",
@@ -99,10 +99,24 @@ def logout(request: Request):
     return res
 
 
-@admin.get("/site", dependencies=[Depends(get_user)])
-def get_site(request: Request):
+@admin.get("/site", dependencies=[Depends(get_staff)])
+async def get_site(request: Request):
     pages = []
+    user = request.user
+    if not user.is_superuser:
+        perms = [
+            i.codename
+            for i in await Permission.filter(groups__user=user, codename__endswith="list")
+        ]
+    else:
+        perms = [i.codename for i in await Permission.filter(codename__endswith="list")]
     for name, ml in model_list.items():  # todo add home page
+        ml_p = []
+        for model in ml:
+            if model.name + "_list" in perms:
+                ml_p.append(model)
+        if len(ml_p) == 0:
+            continue
         pages.append(  # todo 增加权限控制，确认对应的页面
             {
                 "label": name,

fast_tmp/admin/site.py

@@ -1,8 +1,3 @@
-from typing import Any, Dict
-
-from requests import Request
-from tortoise import Model
-
 from fast_tmp.models import Group, Permission, User
 from fast_tmp.site import ModelAdmin
 from fast_tmp.site.field import Password
@@ -17,7 +12,6 @@ class UserAdmin(ModelAdmin):
         "password",
         "name",
         "groups",
-        "permissions",
         "is_active",
         "is_superuser",
         "is_staff",
@@ -27,12 +21,11 @@ class UserAdmin(ModelAdmin):
         "password",
         "name",
         "groups",
-        "permissions",
         "is_active",
         "is_superuser",
         "is_staff",
     )
-    fields = {"password": Password}
+    fields = {"password": Password}  # type: ignore
 
 
 class GroupAdmin(ModelAdmin):
@@ -44,6 +37,6 @@ class GroupAdmin(ModelAdmin):
 
 class PermissionAdmin(ModelAdmin):
     model = Permission
-    list_display = ("label", "codename", "users", "groups")
-    create_fields = ("label", "codename", "users", "groups")
-    update_fields = ("label", "codename", "users", "groups")
+    list_display = ("label", "codename", "groups")
+    create_fields = ("label", "codename", "groups")
+    update_fields = ("label", "codename", "groups")

fast_tmp/conf/__init__.py

@@ -74,7 +74,7 @@ def _init_model(self):
 
             warnings.warn("TORTOISE_ORM为空")
         else:
-            init_model(self)
+            init_model(self)  # fixme 如果提示 has no models,请检查是否在执行导入settings之前先导入了fast_tmp.model
 
 
 settings = Settings()

fast_tmp/depends/auth.py

@@ -1,5 +1,5 @@
 from datetime import timedelta
-from typing import Optional, Tuple
+from typing import List, Optional
 
 from fastapi import Depends, FastAPI, HTTPException, status
 from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
@@ -121,7 +121,7 @@ async def get_superuser(current_user: User = Depends(get_current_active_user)):
     return current_user
 
 
-async def get_user_has_perms(perms: Optional[Tuple[str, ...]]):
+async def get_user_has_perms(perms: Optional[List[str]]):
     """
     判定用户是否具有相关权限
     """

fast_tmp/models.py

@@ -1,54 +1,12 @@
-from typing import Tuple
+from typing import List
 
 from tortoise import Model, fields
 
-from fast_tmp.conf import settings
-from fast_tmp.contrib.auth.hashers import check_password, make_password
-
 
 class Permission(Model):
     label = fields.CharField(max_length=128)
     codename = fields.CharField(max_length=128, unique=True)
     groups: fields.ManyToManyRelation["Group"]
-    users: fields.ManyToManyRelation["User"]
-
-    # @classmethod
-    # def make_permission(
-    #     cls,
-    #     model: Type[BaseModel],
-    # ):
-    #     """
-    #     生成model对应的权限
-    #     """
-    #     model_name = model.__name__
-    #     Permission.get_or_create(
-    #         defaults={
-    #             "label": "can read " + model_name,
-    #             "model": model_name,
-    #             "codename": "can_read_" + model_name,
-    #         }
-    #     )
-    #     Permission.get_or_create(
-    #         defaults={
-    #             "label": "can create " + model_name,
-    #             "model": model_name,
-    #             "codename": "can_create_" + model_name,
-    #         }
-    #     )
-    #     Permission.get_or_create(
-    #         defaults={
-    #             "label": "can update " + model_name,
-    #             "model": model_name,
-    #             "codename": "can_update_" + model_name,
-    #         }
-    #     )
-    #     Permission.get_or_create(
-    #         defaults={
-    #             "label": "can delete " + model_name,
-    #             "model": model_name,
-    #             "codename": "can_delete_" + model_name,
-    #         }
-    #     )
 
     def __eq__(self, other) -> bool:
         if other == self.codename or getattr(other, "codename", None) == self.codename:
@@ -67,58 +25,53 @@ class User(Model):
     password = fields.CharField(max_length=255)
     name = fields.CharField(max_length=128)
     is_active = fields.BooleanField(default=True)
-    is_staff = fields.BooleanField(default=False)  # todo 为true才可以访问后台
+    is_staff = fields.BooleanField(default=False)
     is_superuser = fields.BooleanField(default=False)
     groups: fields.ManyToManyRelation["Group"]
-    permissions: fields.ManyToManyRelation[Permission] = fields.ManyToManyField(
-        "fast_tmp.Permission", related_name="users"
-    )
 
-    class Meta:
-        abstract = settings.AUTH_USER_MODEL_NAME != "User"
+    # class Meta:
+    #     abstract = settings.AUTH_USER_MODEL_NAME != "User"
 
     def set_password(self, raw_password: str):
         """
         设置密码
         """
+        from fast_tmp.contrib.auth.hashers import make_password
 
         self.password = make_password(raw_password)
 
     def check_password(self, raw_password: str) -> bool:
         """
         验证密码
         """
+        from fast_tmp.contrib.auth.hashers import check_password
+
         return check_password(raw_password, self.password)
 
     async def has_perm(self, codename: str) -> bool:
         """
         判定用户是否有权限
         """
-        if self.is_superuser:
+        if self.is_superuser and self.is_active:
             return True
-        if (
-            await Permission.filter(users__pk=self.pk).filter(codename=codename).exists()
-            or await Permission.filter(groups__users__pk=self.pk).filter(codename=codename).exists()
-        ):
+        if await Group.filter(users__pk=self.pk, permissions__codename=codename).exists():
             return True
         return False
 
-    async def has_perms(self, codenames: Tuple[str, ...]) -> bool:
+    async def has_perms(self, codenames: List[str]) -> bool:
         """
         根据permission的codename进行判定
         """
+        perms = await self.get_perms(codenames)
+        return len(perms) == codenames
+
+    async def get_perms(self, codenames: List[str]) -> List[str]:
         if self.is_superuser:
-            return True
-        perms1 = await Permission.filter(users__pk=self.pk)
-        perms2 = await Permission.filter(groups__users__pk=self.pk)
-        s = set([i.codename for i in perms2])
-        for i in perms1:
-            s.add(i.codename)
-
-        for codename in codenames:
-            if not (codename in s):
-                return False
-        return True
+            return codenames
+        perms = await Permission.filter(
+            groups__users__pk=self.pk, permissions__codename__in=codenames
+        )
+        return [i.codename for i in perms]
 
     def __str__(self):
         return self.name