完成user权限判断逻辑

修复多个prefetch字段的时候加载错误的问题

Author: Chise1

fast_tmp/admin/site.py

@@ -6,12 +6,8 @@ class UserAdmin(ModelAdmin):
     model = User
     list_display = ("id", "username", "is_active")
     inline = ("is_active",)
-    create_fields = (
-        "username",
-        "password",
-        "groups",
-    )
-    update_fields = ("groups",)
+    create_fields = ("username", "password", "groups", "permissions")
+    update_fields = ("groups", "permissions")
     # create_fields = (User.username, User.password)
     # update_fields = (User.password,)
 
@@ -30,7 +26,8 @@ class UserAdmin(ModelAdmin):
 
 class GroupAdmin(ModelAdmin):
     model = Group
-    list_display = ("id", "name", "users")
-    create_fields = ("name",)
+    list_display = ("id", "name", "users", "permissions")
+    create_fields = ("name", "permissions")
+    update_fields = ("name", "permissions")
     # create_fields = (Group.name, Group.users)
     # update_fields = (Group.name, Group.users)

fast_tmp/contrib/auth/hashers.py

@@ -81,10 +81,7 @@ def make_password(password, salt=None, hasher="default"):
 
 @functools.lru_cache(maxsize=None)
 def get_hashers():
-    hashers = []
-    hashers.append(PBKDF2PasswordHasher())
-    hashers.append(PBKDF2SHA1PasswordHasher)
-    hashers.append(MD5PasswordHasher)
+    hashers = [PBKDF2PasswordHasher(), PBKDF2SHA1PasswordHasher, MD5PasswordHasher]
     return hashers
 
 
@@ -476,10 +473,10 @@ def verify(self, password, encoded):
     def safe_summary(self, encoded):
         decoded = self.decode(encoded)
         return {
-            ("algorithm"): decoded["algorithm"],
-            ("work factor"): decoded["work_factor"],
-            ("salt"): mask_hash(decoded["salt"]),
-            ("checksum"): mask_hash(decoded["checksum"]),
+            "algorithm": decoded["algorithm"],
+            "work factor": decoded["work_factor"],
+            "salt": mask_hash(decoded["salt"]),
+            "checksum": mask_hash(decoded["checksum"]),
         }
 
     def must_update(self, encoded):
@@ -569,12 +566,12 @@ def verify(self, password, encoded):
     def safe_summary(self, encoded):
         decoded = self.decode(encoded)
         return {
-            ("algorithm"): decoded["algorithm"],
-            ("work factor"): decoded["work_factor"],
-            ("block size"): decoded["block_size"],
-            ("parallelism"): decoded["parallelism"],
-            ("salt"): mask_hash(decoded["salt"]),
-            ("hash"): mask_hash(decoded["hash"]),
+            "algorithm": decoded["algorithm"],
+            "work factor": decoded["work_factor"],
+            "block size": decoded["block_size"],
+            "parallelism": decoded["parallelism"],
+            "salt": mask_hash(decoded["salt"]),
+            "hash": mask_hash(decoded["hash"]),
         }
 
     def must_update(self, encoded):
@@ -620,9 +617,9 @@ def verify(self, password, encoded):
     def safe_summary(self, encoded):
         decoded = self.decode(encoded)
         return {
-            ("algorithm"): decoded["algorithm"],
-            ("salt"): mask_hash(decoded["salt"], show=2),
-            ("hash"): mask_hash(decoded["hash"]),
+            "algorithm": decoded["algorithm"],
+            "salt": mask_hash(decoded["salt"], show=2),
+            "hash": mask_hash(decoded["hash"]),
         }
 
     def must_update(self, encoded):

fast_tmp/depends/auth.py

@@ -55,7 +55,7 @@ async def authenticate_user(username: str, password: str) -> Optional[User]:
 
 async def authenticate_active_user(username: str, password: str) -> Optional[User]:
     """
-    验证密码
+    验证密码且用户为活跃用户
     """
     user = await get_user(username)
     if not user or not user.is_active or not user.check_password(password):
@@ -113,12 +113,15 @@ async def get_current_active_user(current_user: User = Depends(get_current_user)
 
 
 async def get_superuser(current_user: User = Depends(get_current_active_user)):
+    """
+    获取超级用户
+    """
     if not current_user.is_superuser:
         raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
     return current_user
 
 
-def get_user_has_perms(perms: Optional[Tuple[str, ...]]):
+async def get_user_has_perms(perms: Optional[Tuple[str, ...]]):
     """
     判定用户是否具有相关权限
     """

fast_tmp/models.py

@@ -96,13 +96,10 @@ async def has_perm(self, codename: str) -> bool:
         if self.is_superuser:
             return True
         if (
-            await Permission.filter(Q(users__pk=self.pk) | Q(groups__users__pk=self.pk))
-            .filter(codename=codename)
-            .exists()
+            await Permission.filter(users__pk=self.pk).filter(codename=codename).exists()
+            or await Permission.filter(groups__users__pk=self.pk).filter(codename=codename).exists()
         ):
             return True
-        # if await Group.filter(users__pk=self.pk, permissions__codename=codename).exists():
-        #     return True
         return False
 
     async def has_perms(self, codenames: Tuple[str, ...]) -> bool:
@@ -111,15 +108,16 @@ async def has_perms(self, codenames: Tuple[str, ...]) -> bool:
         """
         if self.is_superuser:
             return True
-        perms = (
-            await Permission.filter(Q(users__pk=self.pk) | Q(groups__users__pk=self.pk))
-            .filter(codename__in=codenames)
-            .distinct()
-            .values("codename")
-        )
-        if codenames == perms:
-            return True
-        return False
+        perms1 = await Permission.filter(users__pk=self.pk)
+        perms2 = await Permission.filter(groups__users__pk=self.pk)
+        s = set([i.codename for i in perms2])
+        for i in perms1:
+            s.add(i.codename)
+
+        for i in codenames:
+            if not i in s:
+                return False
+        return True
 
     def __str__(self):
         return self.username

fast_tmp/site/__init__.py

@@ -264,12 +264,20 @@ def prefetch(
         """
         判断是否需要额外预加载的数据
         """
+        select_list = []
+        prefeth_list = []
         for field_name, field in fields.items():
-            queryset = field.prefetch(request, queryset)
+            d = field.prefetch()
+            if d == "select":
+                select_list.append(field_name)
+            elif d == "prefetch":
+                prefeth_list.append(field_name)
+        if len(select_list) > 0:
+            queryset = queryset.select_related(*select_list)
+        elif len(prefeth_list) > 0:
+            queryset = queryset.prefetch_related(*prefeth_list)
         return queryset
 
-    __list_sql = None
-
     def queryset(self, request: Request):
         ret = self.model.all()
         return ret
@@ -299,8 +307,9 @@ async def get_instance(self, request: Request, pk: Any) -> Model:
         queryset = self.model.filter(pk=pk)
         queryset = self.prefetch(request, queryset, self.get_update_fields())
         instance = await queryset.first()
+
         if instance is None:
-            raise NotFoundError()
+            raise NotFoundError("can not found instance:" + str(pk))
         return instance
 
     def make_fields(self):
@@ -322,7 +331,7 @@ def make_fields(self):
     def get_control_field(self, name: str) -> BaseAdminControl:
         ret = self.fields.get(name)
         if ret is None:
-            raise NotFoundError()
+            raise NotFoundError("can not found field:" + name)
         return ret
 
     def __init__(self, prefix: str = None):

fast_tmp/site/base.py

@@ -22,12 +22,12 @@ def list_queryset(self, queryset: QuerySet) -> QuerySet:  # 列表
         """
         return queryset
 
-    def prefetch(self, request: Request, queryset: QuerySet) -> QuerySet:  # 列表
+    def prefetch(self) -> Optional[str]:  # 列表
         """
         过滤规则，用于页面查询和过滤用
         要求值必须相等
         """
-        return queryset
+        return None
 
     async def get_value(self, request: Request, obj: Model) -> Any:
         """

fast_tmp/site/util.py

@@ -314,8 +314,8 @@ async def get_selects(
             data = await field_model_all
             return {"options": [{"value": i.pk, "label": str(i)} for i in data]}
 
-    def prefetch(self, request: Request, queryset: QuerySet) -> QuerySet:
-        return queryset.select_related(self.name)
+    def prefetch(self) -> Optional[str]:
+        return "select"
 
     def get_column_inline(self, request: Request) -> Column:
         raise AttributeError("foreignkey field can not be used in column inline.")
@@ -376,8 +376,8 @@ async def get_selects(
             data = await field_model_all
             return {"options": [{"value": i.pk, "label": str(i)} for i in data]}
 
-    def prefetch(self, request: Request, queryset: QuerySet) -> QuerySet:
-        return queryset.select_related(self.name)
+    def prefetch(self) -> Optional[str]:
+        return "select"
 
     def get_column(self, request: Request) -> Column:
         if not self._column:
@@ -422,8 +422,8 @@ class ManyToManyControl(BaseAdminControl, RelationSelectApi):
     _many = True
     _control_type = ControlEnum.select
 
-    def prefetch(self, request: Request, queryset: QuerySet) -> QuerySet:
-        return queryset.prefetch_related(self.name)
+    def prefetch(self) -> Optional[str]:
+        return "prefetch"
 
     def get_column(self, request: Request) -> Column:
         if not self._column:
@@ -483,8 +483,10 @@ def get_control(self, request: Request) -> Control:
                 self._control.clearable = True
         return self._control
 
-    def amis_2_orm(self, value: Any) -> Any:
-        return value.split(",")
+    def amis_2_orm(self, value: List[dict]) -> Any:
+        if isinstance(value, str):
+            return value.split(",")
+        return [i["value"] for i in value]
 
     async def validate(self, value: Any) -> Any:
         if value is not None:
@@ -496,26 +498,26 @@ async def validate(self, value: Any) -> Any:
     async def set_value(self, request: Request, obj: Model, value: Any):
         value = await self.validate(value)
         field: fields.ManyToManyRelation = getattr(obj, self.name)
-        if not field:
-            raise NotFoundError()
-        add = set()
-        remove = set()
+        # if not field:
+        #     raise NotFoundError()
+        add_field = []
+        remove_field = []
         for i in field:
             for j in value:
                 if j.pk == i.pk:
                     break
             else:
-                remove.add(i)
+                remove_field.append(i)
         for j in value:
             for i in field:
                 if j.pk == i.pk:
                     break
             else:
-                add.add(j)
-        if len(remove) > 0:
-            await field.remove(*remove)
-        if len(add) > 0:
-            await field.add(*add)
+                add_field.append(j)
+        if len(remove_field) > 0:
+            await field.remove(*remove_field)
+        if len(add_field) > 0:
+            await field.add(*add_field)
 
     def get_column_inline(
         self, request: Request

fastapi_cli/__init__.py

@@ -28,7 +28,31 @@ async def create_superuser(username: str, password: str):
     user = User(username=username, is_superuser=True)
     user.set_password(password)
     await user.save()
-    print(f"创建{username}成功")
+    sys.stdout.write(f"创建{username}成功")
+
+
+@async_to_sync
+async def make_permissions():
+    from tortoise import Tortoise
+    from fast_tmp.utils.model import get_all_models
+    from fast_tmp.models import Permission
+    await Tortoise.init(config=settings.TORTOISE_ORM)
+    all_model = get_all_models()
+    for model in all_model:
+        model_name=model.__name__.lower()
+        await Permission.get_or_create(codename=model_name + "_create", defaults={"label": f"{model_name}__创建"})
+        await Permission.get_or_create(codename=model_name + "_update", defaults={"label": f"{model_name}__更新"})
+        await Permission.get_or_create(codename=model_name + "_delete", defaults={"label": f"{model_name}__删除"})
+        await Permission.get_or_create(codename=model_name + "_list", defaults={"label": f"{model_name}__修改"})
+    sys.stdout.write("构建权限表完成")
+
+
+@app.command()
+def make_perm():
+    """
+    同步所有model的权限
+    """
+    make_permissions()
 
 
 @app.command()

task.md

@@ -11,6 +11,7 @@
 ~~8. 研究Request的user的作用~~
 9. 增加字段检查报错
 10. 字段名字为desc时页面显示名字为降序..
+11. 检查是否存在is_active为false的超级用户可以登录的情况
 
 # admin管理页面缺少功能
 

tests/test_example/app.py

@@ -1,23 +1,32 @@
 import os
 
 os.environ.setdefault("FASTAPI_SETTINGS_MODULE", "test_example.settings")
+
+from fastapi import Depends
 from test_example.admin import AuthorModel, BookModel, FieldTestingModel
 from tortoise.contrib.fastapi import register_tortoise
 
 from fast_tmp.conf import settings
+from fast_tmp.depends.auth import get_current_active_user
 from fast_tmp.factory import create_app
+from fast_tmp.models import User
 from fast_tmp.site import register_model_site
 
 register_model_site({"fieldtesting": [FieldTestingModel(), BookModel(), AuthorModel()]})
 app = create_app()
 app.title = "test_example"
 
-# @app.get("/perms")
-# async def get_perms(codename: str, user: Optional[User] = Depends(__get_user),
-#                     ):
-#     """
-#     测试权限
-#     """
+
+@app.get("/perms")
+async def get_perms(
+    codename: str,
+    user: User = Depends(get_current_active_user),
+):
+    """
+    测试权限
+    """
+    print(await user.has_perms((codename,)))
+    return await user.has_perm(codename)
 
 
 register_tortoise(app, config=settings.TORTOISE_ORM, generate_schemas=True)