debug front

Author: wu-clan

backend/app/admin/api/v1/sys/role.py

@@ -7,6 +7,7 @@
 from backend.app.admin.schema.role import (
     CreateRoleParam,
     GetRoleListDetails,
+    UpdateRoleDataScopeParam,
     UpdateRoleDeptParam,
     UpdateRoleMenuParam,
     UpdateRoleParam,
@@ -115,6 +116,21 @@ async def update_role_menus(
     return response_base.fail()
 
 
+@router.put(
+    '/{pk}/data-scope',
+    summary='更新角色数据范围',
+    dependencies=[
+        Depends(RequestPermission('sys:role:data_scope:edit')),
+        DependsRBAC,
+    ],
+)
+async def update_role_data_scope(request: Request, pk: Annotated[int, Path(...)], data_scope: UpdateRoleDataScopeParam):
+    count = await role_service.update_role_data_scope(request=request, pk=pk, data_scope=data_scope)
+    if count > 0:
+        return response_base.success()
+    return response_base.fail()
+
+
 @router.put(
     '/{pk}/dept',
     summary='更新角色部门',
@@ -126,7 +142,7 @@ async def update_role_menus(
 async def update_role_depts(
     request: Request, pk: Annotated[int, Path(...)], dept_ids: UpdateRoleDeptParam
 ) -> ResponseModel:
-    count = await role_service.update_role_dept(request=request, pk=pk, menu_ids=dept_ids)
+    count = await role_service.update_role_dept(request=request, pk=pk, dept_ids=dept_ids)
     if count > 0:
         return response_base.success()
     return response_base.fail()

backend/app/admin/crud/crud_role.py

@@ -3,11 +3,18 @@
 from typing import Sequence
 
 from sqlalchemy import Select, desc, select
+from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy.orm import selectinload
 from sqlalchemy_crud_plus import CRUDPlus
 
 from backend.app.admin.model import Dept, Menu, Role, User
-from backend.app.admin.schema.role import CreateRoleParam, UpdateRoleDeptParam, UpdateRoleMenuParam, UpdateRoleParam
+from backend.app.admin.schema.role import (
+    CreateRoleParam,
+    UpdateRoleDataScopeParam,
+    UpdateRoleDeptParam,
+    UpdateRoleMenuParam,
+    UpdateRoleParam,
+)
 
 
 class CRUDRole(CRUDPlus[Role]):
@@ -122,6 +129,17 @@ async def update_menus(self, db, role_id: int, menu_ids: UpdateRoleMenuParam) ->
         current_role.menus = menus.scalars().all()
         return len(current_role.menus)
 
+    async def update_data_scope(self, db: AsyncSession, role_id: int, data_scope: UpdateRoleDataScopeParam):
+        """
+        更新用户数据范围
+
+        :param db:
+        :param role_id:
+        :param data_scope:
+        :return:
+        """
+        return await self.update_model(db, role_id, data_scope)
+
     async def update_depts(self, db, role_id: int, dept_ids: UpdateRoleDeptParam) -> int:
         """
         更新角色部门

backend/app/admin/model/sys_dept.py

@@ -5,6 +5,7 @@
 from sqlalchemy import ForeignKey, String
 from sqlalchemy.orm import Mapped, mapped_column, relationship
 
+from backend.app.admin.model.m2m import sys_role_dept
 from backend.common.model import Base, id_key
 
 
@@ -34,4 +35,4 @@ class Dept(Base):
     users: Mapped[list['User']] = relationship(init=False, back_populates='dept')  # noqa: F821
 
     # 部门角色多对多
-    roles: Mapped[list['Role']] = relationship(init=False, back_populates='dept')  # noqa: F821
+    roles: Mapped[list['Role']] = relationship(init=False, secondary=sys_role_dept, back_populates='depts')  # noqa: F821

backend/app/admin/model/sys_role.py

@@ -17,7 +17,7 @@ class Role(Base):
     name: Mapped[str] = mapped_column(String(20), unique=True, comment='角色名称')
     data_scope: Mapped[int | None] = mapped_column(
         default=0,
-        comment='权限范围（0: 全部数据，1: 自定义数据，2: 所在部门及以下数据，3: 所在部门数据，4: 仅本人数据）',
+        comment='数据权限范围（0: 全部数据，1: 自定义数据，2: 所在部门及以下数据，3: 所在部门数据，4: 仅本人数据）',
     )
     status: Mapped[int] = mapped_column(default=1, comment='角色状态（0停用 1正常）')
     remark: Mapped[str | None] = mapped_column(LONGTEXT, default=None, comment='备注')

backend/app/admin/schema/role.py

@@ -4,16 +4,14 @@
 
 from pydantic import ConfigDict, Field
 
+from backend.app.admin.schema.dept import GetDeptListDetails
 from backend.app.admin.schema.menu import GetMenuListDetails
 from backend.common.enums import RoleDataScopeType, StatusType
 from backend.common.schema import SchemaBase
 
 
 class RoleSchemaBase(SchemaBase):
     name: str
-    data_scope: RoleDataScopeType = Field(
-        default=RoleDataScopeType.custom, description='权限范围（1：全部数据权限 2：自定义数据权限）'
-    )
     status: StatusType = Field(default=StatusType.enable)
     remark: str | None = None
 
@@ -30,6 +28,13 @@ class UpdateRoleMenuParam(SchemaBase):
     menus: list[int]
 
 
+class UpdateRoleDataScopeParam(SchemaBase):
+    data_scope: RoleDataScopeType = Field(
+        default=RoleDataScopeType.all,
+        description='数据权限范围（0: 全部数据，1: 自定义数据，2: 所在部门及以下数据，3: 所在部门数据，4: 仅本人数据）',
+    )
+
+
 class UpdateRoleDeptParam(SchemaBase):
     depts: list[int]
 
@@ -38,6 +43,8 @@ class GetRoleListDetails(RoleSchemaBase):
     model_config = ConfigDict(from_attributes=True)
 
     id: int
+    data_scope: RoleDataScopeType
     created_time: datetime
     updated_time: datetime | None = None
     menus: list[GetMenuListDetails]
+    depts: list[GetDeptListDetails] | None = None

backend/app/admin/service/role_service.py

@@ -9,7 +9,13 @@
 from backend.app.admin.crud.crud_menu import menu_dao
 from backend.app.admin.crud.crud_role import role_dao
 from backend.app.admin.model import Role
-from backend.app.admin.schema.role import CreateRoleParam, UpdateRoleDeptParam, UpdateRoleMenuParam, UpdateRoleParam
+from backend.app.admin.schema.role import (
+    CreateRoleParam,
+    UpdateRoleDataScopeParam,
+    UpdateRoleDeptParam,
+    UpdateRoleMenuParam,
+    UpdateRoleParam,
+)
 from backend.common.exception import errors
 from backend.core.conf import settings
 from backend.database.db_mysql import async_db_session
@@ -78,6 +84,17 @@ async def update_role_menu(*, request: Request, pk: int, menu_ids: UpdateRoleMen
                 await redis_client.delete(f'{settings.JWT_USER_REDIS_PREFIX}:{request.user.id}')
             return count
 
+    @staticmethod
+    async def update_role_data_scope(*, request: Request, pk: int, data_scope: UpdateRoleDataScopeParam) -> int:
+        async with async_db_session.begin() as db:
+            role = await role_dao.get(db, pk)
+            if not role:
+                raise errors.NotFoundError(msg='角色不存在')
+            count = await role_dao.update_data_scope(db, pk, data_scope)
+            if pk in [role.id for role in request.user.roles]:
+                await redis_client.delete(f'{settings.JWT_USER_REDIS_PREFIX}:{request.user.id}')
+            return count
+
     @staticmethod
     async def update_role_dept(*, request: Request, pk: int, dept_ids: UpdateRoleDeptParam) -> int:
         async with async_db_session.begin() as db:

backend/app/generator/api/router.py

@@ -6,8 +6,8 @@
 from backend.app.generator.api.v1.gen_business import router as gen_business_router
 from backend.app.generator.api.v1.gen_model import router as gen_model_router
 
-v1 = APIRouter()
+v1 = APIRouter(prefix='/gen', tags=['代码生成'])
 
-v1.include_router(gen_business_router, prefix='/business', tags=['代码生成'])
-v1.include_router(gen_model_router, prefix='/model', tags=['代码生成'])
-v1.include_router(gen_router, prefix='/gen', tags=['代码生成'])
+v1.include_router(gen_business_router, prefix='/businesses')
+v1.include_router(gen_model_router, prefix='/models')
+v1.include_router(gen_router)

backend/common/enums.py

@@ -38,8 +38,11 @@ class MenuType(IntEnum):
 class RoleDataScopeType(IntEnum):
     """数据范围"""
 
-    all = 1
-    custom = 2
+    all = 0
+    custom = 1
+    dept_child = 2
+    dept = 3
+    self = 4
 
 
 class MethodType(StrEnum):

backend/common/security/permission.py

@@ -3,7 +3,7 @@
 from typing import Any
 
 from fastapi import Request
-from sqlalchemy import or_, select
+from sqlalchemy import ColumnElement, or_, select
 
 from backend.app.admin.model import Dept
 from backend.app.admin.model.m2m import sys_role_dept
@@ -31,11 +31,9 @@ async def __call__(self, request: Request):
             request.state.permission = self.value
 
 
-def filter_data_permission(request: Request, model: Any) -> Any:
+def filter_data_scope(request: Request, model: Any) -> ColumnElement[bool]:
     """
-    过滤用户数据范围
-
-    使用场景：对于非后台管理数据，需要在前端界面向用户进行展示的数据
+    过滤用户数据范围（当前设计存在较大弊端，仅供参考）
 
     :param request: 接口请求对象
     :param model: 需要进行数据过滤的 sqlalchemy 模型
@@ -54,42 +52,33 @@ def filter_data_permission(request: Request, model: Any) -> Any:
     if not user_roles:
         return or_(getattr(model, 'created_by') == user_id if hasattr(model, 'created_by') else 1 == 0)
 
+    data_scope = min(role.data_scope for role in user_roles if role.status == 1)
     user_dept_id = user.dept_id
 
-    conditions = []
-
-    # 获取用户的所有角色
-    for role in user.roles:
-        if not role.status:  # 角色已停用
-            continue
-
-        # 全部数据权限
-        if role.data_scope == 0:
-            return or_(1 == 1)
-
-        # 自定义数据权限
-        elif role.data_scope == 1:
-            dept_ids = select(sys_role_dept.c.dept_id).where(sys_role_dept.c.role_id == role.id)
-            conditions.append(getattr(model, 'dept_id').in_(dept_ids) if hasattr(model, 'dept_id') else 1 == 0)
+    # 全部数据权限
+    if data_scope == 0:
+        return or_(1 == 1)
 
-        # 部门及以下数据权限
-        elif role.data_scope == 2:
-            child_dept_ids = select(Dept.id).where(or_(Dept.id == user_dept_id, Dept.parent_id == user_dept_id))
-            conditions.append(getattr(model, 'dept_id').in_(child_dept_ids) if hasattr(model, 'dept_id') else 1 == 0)
+    # 自定义数据权限
+    elif data_scope == 1:
+        dept_ids = select(sys_role_dept.c.dept_id).where(
+            sys_role_dept.c.role_id.in_(role.id for role in user_roles if role.status == 1)
+        )
+        return or_(getattr(model, 'dept_id').in_(dept_ids) if hasattr(model, 'dept_id') else 1 == 0)
 
-        # 本部门数据权限
-        elif role.data_scope == 3:
-            conditions.append(getattr(model, 'dept_id') == user_dept_id if hasattr(model, 'dept_id') else 1 == 0)
+    # 部门及以下数据权限
+    elif data_scope == 2:
+        child_dept_ids = select(Dept.id).where(or_(Dept.id == user_dept_id, Dept.parent_id == user_dept_id))
+        return or_(getattr(model, 'dept_id').in_(child_dept_ids) if hasattr(model, 'dept_id') else 1 == 0)
 
-        # 仅本人数据权限
-        elif role.data_scope == 4:
-            conditions.append(getattr(model, 'created_by') == user_id if hasattr(model, 'created_by') else 1 == 0)
+    # 本部门数据权限
+    elif data_scope == 3:
+        return or_(getattr(model, 'dept_id') == user_dept_id if hasattr(model, 'dept_id') else 1 == 0)
 
-        # 默认
-        else:
-            conditions.append(1 == 0)
+    # 仅本人数据权限
+    elif data_scope == 4:
+        return or_(getattr(model, 'created_by') == user_id if hasattr(model, 'created_by') else 1 == 0)
 
-    if not conditions:
+    # 默认
+    else:
         return or_(1 == 0)
-
-    return or_(*conditions)