Refactor the data perms

Author: wu-clan

backend/app/admin/api/v1/sys/__init__.py

@@ -5,6 +5,8 @@
 from backend.app.admin.api.v1.sys.api import router as api_router
 from backend.app.admin.api.v1.sys.casbin import router as casbin_router
 from backend.app.admin.api.v1.sys.config import router as config_router
+from backend.app.admin.api.v1.sys.data_rule import router as data_rule_router
+from backend.app.admin.api.v1.sys.data_rule_type import router as data_rule_type_router
 from backend.app.admin.api.v1.sys.dept import router as dept_router
 from backend.app.admin.api.v1.sys.dict_data import router as dict_data_router
 from backend.app.admin.api.v1.sys.dict_type import router as dict_type_router
@@ -23,3 +25,5 @@
 router.include_router(menu_router, prefix='/menus', tags=['系统目录'])
 router.include_router(role_router, prefix='/roles', tags=['系统角色'])
 router.include_router(user_router, prefix='/users', tags=['系统用户'])
+router.include_router(data_rule_router, prefix='/data-rules', tags=['系统数据权限规则'])
+router.include_router(data_rule_type_router, prefix='/data-rule-types', tags=['系统数据权限类型'])

backend/app/admin/api/v1/sys/data_rule.py

@@ -0,0 +1,79 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+from typing import Annotated
+
+from fastapi import APIRouter, Depends, Path, Query
+
+from backend.app.admin.schema.data_rule import CreateDataRuleParam, GetDataRuleListDetails, UpdateDataRuleParam
+from backend.app.admin.service.data_rule_service import data_rule_service
+from backend.common.pagination import DependsPagination, paging_data
+from backend.common.response.response_schema import ResponseModel, response_base
+from backend.common.security.jwt import DependsJwtAuth
+from backend.common.security.permission import RequestPermission
+from backend.common.security.rbac import DependsRBAC
+from backend.database.db_mysql import CurrentSession
+
+router = APIRouter()
+
+
+@router.get('/{pk}', summary='获取数据规则详情', dependencies=[DependsJwtAuth])
+async def get_data_rule(pk: Annotated[int, Path(...)]) -> ResponseModel:
+    data_rule = await data_rule_service.get(pk=pk)
+    return response_base.success(data=data_rule)
+
+
+@router.get(
+    '',
+    summary='（模糊条件）分页获取所有数据规则',
+    dependencies=[
+        DependsJwtAuth,
+        DependsPagination,
+    ],
+)
+async def get_pagination_data_rule(db: CurrentSession) -> ResponseModel:
+    data_rule_select = await data_rule_service.get_select()
+    page_data = await paging_data(db, data_rule_select, GetDataRuleListDetails)
+    return response_base.success(data=page_data)
+
+
+@router.post(
+    '',
+    summary='创建数据规则',
+    dependencies=[
+        Depends(RequestPermission('data:rule:add')),
+        DependsRBAC,
+    ],
+)
+async def create_data_rule(obj: CreateDataRuleParam) -> ResponseModel:
+    await data_rule_service.create(obj=obj)
+    return response_base.success()
+
+
+@router.put(
+    '/{pk}',
+    summary='更新数据规则',
+    dependencies=[
+        Depends(RequestPermission('data:rule:edit')),
+        DependsRBAC,
+    ],
+)
+async def update_data_rule(pk: Annotated[int, Path(...)], obj: UpdateDataRuleParam) -> ResponseModel:
+    count = await data_rule_service.update(pk=pk, obj=obj)
+    if count > 0:
+        return response_base.success()
+    return response_base.fail()
+
+
+@router.delete(
+    '',
+    summary='（批量）删除数据规则',
+    dependencies=[
+        Depends(RequestPermission('data:rule:del')),
+        DependsRBAC,
+    ],
+)
+async def delete_data_rule(pk: Annotated[list[int], Query(...)]) -> ResponseModel:
+    count = await data_rule_service.delete(pk=pk)
+    if count > 0:
+        return response_base.success()
+    return response_base.fail()

backend/app/admin/api/v1/sys/data_rule_type.py

@@ -0,0 +1,83 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+from typing import Annotated
+
+from fastapi import APIRouter, Depends, Path, Query
+
+from backend.app.admin.schema.data_rule_type import (
+    CreateDataRuleTypeParam,
+    GetDataRuleTypeListDetails,
+    UpdateDataRuleTypeParam,
+)
+from backend.app.admin.service.data_rule_type_service import data_rule_type_service
+from backend.common.pagination import DependsPagination, paging_data
+from backend.common.response.response_schema import ResponseModel, response_base
+from backend.common.security.jwt import DependsJwtAuth
+from backend.common.security.permission import RequestPermission
+from backend.common.security.rbac import DependsRBAC
+from backend.database.db_mysql import CurrentSession
+
+router = APIRouter()
+
+
+@router.get('/{pk}', summary='获取数据规则类型详情', dependencies=[DependsJwtAuth])
+async def get_data_rule_type(pk: Annotated[int, Path(...)]) -> ResponseModel:
+    data_rule_type = await data_rule_type_service.get(pk=pk)
+    return response_base.success(data=data_rule_type)
+
+
+@router.get(
+    '',
+    summary='（模糊条件）分页获取所有数据规则类型',
+    dependencies=[
+        DependsJwtAuth,
+        DependsPagination,
+    ],
+)
+async def get_pagination_data_rule_type(db: CurrentSession) -> ResponseModel:
+    data_rule_type_select = await data_rule_type_service.get_select()
+    page_data = await paging_data(db, data_rule_type_select, GetDataRuleTypeListDetails)
+    return response_base.success(data=page_data)
+
+
+@router.post(
+    '',
+    summary='创建数据规则类型',
+    dependencies=[
+        Depends(RequestPermission('data:rule:type:add')),
+        DependsRBAC,
+    ],
+)
+async def create_data_rule_type(obj: CreateDataRuleTypeParam) -> ResponseModel:
+    await data_rule_type_service.create(obj=obj)
+    return response_base.success()
+
+
+@router.put(
+    '/{pk}',
+    summary='更新数据规则类型',
+    dependencies=[
+        Depends(RequestPermission('data:rule:type:edit')),
+        DependsRBAC,
+    ],
+)
+async def update_data_rule_type(pk: Annotated[int, Path(...)], obj: UpdateDataRuleTypeParam) -> ResponseModel:
+    count = await data_rule_type_service.update(pk=pk, obj=obj)
+    if count > 0:
+        return response_base.success()
+    return response_base.fail()
+
+
+@router.delete(
+    '',
+    summary='（批量）删除数据规则类型',
+    dependencies=[
+        Depends(RequestPermission('data:rule:type:del')),
+        DependsRBAC,
+    ],
+)
+async def delete_data_rule_type(pk: Annotated[list[int], Query(...)]) -> ResponseModel:
+    count = await data_rule_type_service.delete(pk=pk)
+    if count > 0:
+        return response_base.success()
+    return response_base.fail()

backend/app/admin/crud/crud_data_rule.py

@@ -0,0 +1,73 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+from typing import Sequence
+
+from sqlalchemy import Select
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy_crud_plus import CRUDPlus
+
+from backend.app.admin.model import DataRule
+from backend.app.admin.schema.data_rule import CreateDataRuleParam, UpdateDataRuleParam
+
+
+class CRUDDataRule(CRUDPlus[DataRule]):
+    async def get(self, db: AsyncSession, pk: int) -> DataRule | None:
+        """
+        获取 DataRule
+
+        :param db:
+        :param pk:
+        :return:
+        """
+        return await self.select_model(db, pk)
+
+    async def get_list(self) -> Select:
+        """
+        获取 DataRule 列表
+
+        :return:
+        """
+        return await self.select_order('created_time', 'desc')
+
+    async def get_all(self, db: AsyncSession) -> Sequence[DataRule]:
+        """
+        获取所有 DataRule
+
+        :param db:
+        :return:
+        """
+        return await self.select_models(db)
+
+    async def create(self, db: AsyncSession, obj_in: CreateDataRuleParam) -> None:
+        """
+        创建 DataRule
+
+        :param db:
+        :param obj_in:
+        :return:
+        """
+        await self.create_model(db, obj_in)
+
+    async def update(self, db: AsyncSession, pk: int, obj_in: UpdateDataRuleParam) -> int:
+        """
+        更新 DataRule
+
+        :param db:
+        :param pk:
+        :param obj_in:
+        :return:
+        """
+        return await self.update_model(db, pk, obj_in)
+
+    async def delete(self, db: AsyncSession, pk: list[int]) -> int:
+        """
+        删除 DataRule
+
+        :param db:
+        :param pk:
+        :return:
+        """
+        return await self.delete_model_by_column(db, allow_multiple=True, id__in=pk)
+
+
+data_rule_dao: CRUDDataRule = CRUDDataRule(DataRule)

backend/app/admin/crud/crud_data_rule_type.py

@@ -0,0 +1,73 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+from typing import Sequence
+
+from sqlalchemy import Select
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy_crud_plus import CRUDPlus
+
+from backend.app.admin.model import DataRuleType
+from backend.app.admin.schema.data_rule_type import CreateDataRuleTypeParam, UpdateDataRuleTypeParam
+
+
+class CRUDDataRuleType(CRUDPlus[DataRuleType]):
+    async def get(self, db: AsyncSession, pk: int) -> DataRuleType | None:
+        """
+        获取 DataRuleType
+
+        :param db:
+        :param pk:
+        :return:
+        """
+        return await self.select_model(db, pk)
+
+    async def get_list(self) -> Select:
+        """
+        获取 DataRuleType 列表
+
+        :return:
+        """
+        return await self.select_order('created_time', 'desc')
+
+    async def get_all(self, db: AsyncSession) -> Sequence[DataRuleType]:
+        """
+        获取所有 DataRuleType
+
+        :param db:
+        :return:
+        """
+        return await self.select_models(db)
+
+    async def create(self, db: AsyncSession, obj_in: CreateDataRuleTypeParam) -> None:
+        """
+        创建 DataRuleType
+
+        :param db:
+        :param obj_in:
+        :return:
+        """
+        await self.create_model(db, obj_in)
+
+    async def update(self, db: AsyncSession, pk: int, obj_in: UpdateDataRuleTypeParam) -> int:
+        """
+        更新 DataRuleType
+
+        :param db:
+        :param pk:
+        :param obj_in:
+        :return:
+        """
+        return await self.update_model(db, pk, obj_in)
+
+    async def delete(self, db: AsyncSession, pk: list[int]) -> int:
+        """
+        删除 DataRuleType
+
+        :param db:
+        :param pk:
+        :return:
+        """
+        return await self.delete_model_by_column(db, allow_multiple=True, id__in=pk)
+
+
+data_rule_type_dao: CRUDDataRuleType = CRUDDataRuleType(DataRuleType)

backend/app/admin/crud/crud_user.py

@@ -303,7 +303,6 @@ async def get_with_relation(self, db: AsyncSession, *, user_id: int = None, user
         stmt = select(self.model).options(
             selectinload(self.model.dept),
             selectinload(self.model.roles).joinedload(Role.menus),
-            selectinload(self.model.roles).joinedload(Role.depts),
         )
         filters = []
         if user_id:

backend/app/admin/model/__init__.py

@@ -3,6 +3,8 @@
 from backend.app.admin.model.api import Api
 from backend.app.admin.model.casbin_rule import CasbinRule
 from backend.app.admin.model.config import Config
+from backend.app.admin.model.data_rule import DataRule
+from backend.app.admin.model.data_rule_type import DataRuleType
 from backend.app.admin.model.dept import Dept
 from backend.app.admin.model.dict_data import DictData
 from backend.app.admin.model.dict_type import DictType

backend/app/admin/model/data_rule.py

@@ -0,0 +1,18 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+from sqlalchemy import String
+from sqlalchemy.orm import Mapped, mapped_column
+
+from backend.common.model import Base, id_key
+
+
+class DataRule(Base):
+    """数据权限规则表"""
+
+    __tablename__ = 'data_rule'
+
+    id: Mapped[id_key] = mapped_column(init=False)
+    name: Mapped[str] = mapped_column(String(255), comment='规则名称')
+    model: Mapped[str] = mapped_column(String(50), comment='SQLA 模型类')
+    column: Mapped[str] = mapped_column(String(20), comment='数据库字段')
+    condition: Mapped[str] = mapped_column(String(20), comment='查询条件')

backend/app/admin/model/data_rule_type.py

@@ -0,0 +1,18 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+from sqlalchemy import String
+from sqlalchemy.dialects.mysql import LONGTEXT
+from sqlalchemy.orm import Mapped, mapped_column
+
+from backend.common.model import Base, id_key
+
+
+class DataRuleType(Base):
+    """数据权限规则类型表"""
+
+    __tablename__ = 'data_rule_type'
+
+    id: Mapped[id_key] = mapped_column(init=False)
+    name: Mapped[str] = mapped_column(String(255), comment='规则类型名')
+    status: Mapped[int] = mapped_column(default=1, comment='状态（0停用 1正常）')
+    remark: Mapped[str | None] = mapped_column(LONGTEXT, default=None, comment='备注')

backend/app/admin/model/dept.py

@@ -5,7 +5,6 @@
 from sqlalchemy import ForeignKey, String
 from sqlalchemy.orm import Mapped, mapped_column, relationship
 
-from backend.app.admin.model.m2m import sys_role_dept
 from backend.common.model import Base, id_key
 
 
@@ -33,6 +32,3 @@ class Dept(Base):
 
     # 部门用户一对多
     users: Mapped[list['User']] = relationship(init=False, back_populates='dept')  # noqa: F821
-
-    # 部门角色多对多
-    roles: Mapped[list['Role']] = relationship(init=False, secondary=sys_role_dept, back_populates='depts')  # noqa: F821