Add data permission rule

Author: wu-clan

backend/app/admin/api/v1/sys/data_rule.py

@@ -30,8 +30,8 @@ async def get_data_rule(pk: Annotated[int, Path(...)]) -> ResponseModel:
         DependsPagination,
     ],
 )
-async def get_pagination_data_rule(db: CurrentSession) -> ResponseModel:
-    data_rule_select = await data_rule_service.get_select()
+async def get_pagination_data_rule(db: CurrentSession, name: Annotated[str | None, Query()]) -> ResponseModel:
+    data_rule_select = await data_rule_service.get_select(name=name)
     page_data = await paging_data(db, data_rule_select, GetDataRuleListDetails)
     return response_base.success(data=page_data)
 

backend/app/admin/api/v1/sys/role.py

@@ -7,8 +7,6 @@
 from backend.app.admin.schema.role import (
     CreateRoleParam,
     GetRoleListDetails,
-    UpdateRoleDataScopeParam,
-    UpdateRoleDeptParam,
     UpdateRoleMenuParam,
     UpdateRoleParam,
 )
@@ -116,38 +114,6 @@ async def update_role_menus(
     return response_base.fail()
 
 
-@router.put(
-    '/{pk}/data-scope',
-    summary='更新角色数据范围',
-    dependencies=[
-        Depends(RequestPermission('sys:role:data_scope:edit')),
-        DependsRBAC,
-    ],
-)
-async def update_role_data_scope(request: Request, pk: Annotated[int, Path(...)], data_scope: UpdateRoleDataScopeParam):
-    count = await role_service.update_role_data_scope(request=request, pk=pk, data_scope=data_scope)
-    if count > 0:
-        return response_base.success()
-    return response_base.fail()
-
-
-@router.put(
-    '/{pk}/dept',
-    summary='更新角色部门',
-    dependencies=[
-        Depends(RequestPermission('sys:role:dept:edit')),
-        DependsRBAC,
-    ],
-)
-async def update_role_depts(
-    request: Request, pk: Annotated[int, Path(...)], dept_ids: UpdateRoleDeptParam
-) -> ResponseModel:
-    count = await role_service.update_role_dept(request=request, pk=pk, dept_ids=dept_ids)
-    if count > 0:
-        return response_base.success()
-    return response_base.fail()
-
-
 @router.delete(
     '',
     summary='（批量）删除角色',

backend/app/admin/crud/crud_data_rule.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 from typing import Sequence
 
-from sqlalchemy import Select
+from sqlalchemy import Select, desc, select
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy_crud_plus import CRUDPlus
 
@@ -13,25 +13,41 @@
 class CRUDDataRule(CRUDPlus[DataRule]):
     async def get(self, db: AsyncSession, pk: int) -> DataRule | None:
         """
-        获取 DataRule
+        获取数据权限规则
 
         :param db:
         :param pk:
         :return:
         """
         return await self.select_model(db, pk)
 
-    async def get_list(self) -> Select:
+    async def get_list(self, name: str = None) -> Select:
         """
-        获取 DataRule 列表
+        获取数据权限规则列表
 
         :return:
         """
-        return await self.select_order('created_time', 'desc')
+        stmt = select(self.model).order_by(desc(self.model.created_time))
+        where_list = []
+        if name is not None:
+            where_list.append(self.model.name.like(f'%{name}%'))
+        if where_list:
+            stmt = stmt.where(*where_list)
+        return stmt
+
+    async def get_by_name(self, db: AsyncSession, name: str):
+        """
+        通过 name 获取数据权限规则
+
+        :param db:
+        :param name:
+        :return:
+        """
+        return await self.select_model_by_column(db, name=name)
 
     async def get_all(self, db: AsyncSession) -> Sequence[DataRule]:
         """
-        获取所有 DataRule
+        获取所有数据权限规则
 
         :param db:
         :return:
@@ -40,7 +56,7 @@ async def get_all(self, db: AsyncSession) -> Sequence[DataRule]:
 
     async def create(self, db: AsyncSession, obj_in: CreateDataRuleParam) -> None:
         """
-        创建 DataRule
+        创建数据权限规则
 
         :param db:
         :param obj_in:
@@ -50,7 +66,7 @@ async def create(self, db: AsyncSession, obj_in: CreateDataRuleParam) -> None:
 
     async def update(self, db: AsyncSession, pk: int, obj_in: UpdateDataRuleParam) -> int:
         """
-        更新 DataRule
+        更新数据权限规则
 
         :param db:
         :param pk:
@@ -61,7 +77,7 @@ async def update(self, db: AsyncSession, pk: int, obj_in: UpdateDataRuleParam) -
 
     async def delete(self, db: AsyncSession, pk: list[int]) -> int:
         """
-        删除 DataRule
+        删除数据权限规则
 
         :param db:
         :param pk:

backend/app/admin/crud/crud_data_rule_type.py

@@ -13,7 +13,7 @@
 class CRUDDataRuleType(CRUDPlus[DataRuleType]):
     async def get(self, db: AsyncSession, pk: int) -> DataRuleType | None:
         """
-        获取 DataRuleType
+        获取数据权限规则类型
 
         :param db:
         :param pk:
@@ -23,15 +23,25 @@ async def get(self, db: AsyncSession, pk: int) -> DataRuleType | None:
 
     async def get_list(self) -> Select:
         """
-        获取 DataRuleType 列表
+        获取数据权限规则类型列表
 
         :return:
         """
         return await self.select_order('created_time', 'desc')
 
+    async def get_by_name(self, db: AsyncSession, name: str) -> DataRuleType | None:
+        """
+        通过 name 获取数据权限规则类型
+
+        :param db:
+        :param name:
+        :return:
+        """
+        return await self.select_model_by_column(db, name=name)
+
     async def get_all(self, db: AsyncSession) -> Sequence[DataRuleType]:
         """
-        获取所有 DataRuleType
+        获取所有数据权限规则类型
 
         :param db:
         :return:
@@ -40,7 +50,7 @@ async def get_all(self, db: AsyncSession) -> Sequence[DataRuleType]:
 
     async def create(self, db: AsyncSession, obj_in: CreateDataRuleTypeParam) -> None:
         """
-        创建 DataRuleType
+        创建数据权限规则类型
 
         :param db:
         :param obj_in:
@@ -50,7 +60,7 @@ async def create(self, db: AsyncSession, obj_in: CreateDataRuleTypeParam) -> Non
 
     async def update(self, db: AsyncSession, pk: int, obj_in: UpdateDataRuleTypeParam) -> int:
         """
-        更新 DataRuleType
+        更新数据权限规则类型
 
         :param db:
         :param pk:
@@ -61,7 +71,7 @@ async def update(self, db: AsyncSession, pk: int, obj_in: UpdateDataRuleTypePara
 
     async def delete(self, db: AsyncSession, pk: list[int]) -> int:
         """
-        删除 DataRuleType
+        删除数据权限规则类型
 
         :param db:
         :param pk:

backend/app/admin/crud/crud_role.py

@@ -3,15 +3,12 @@
 from typing import Sequence
 
 from sqlalchemy import Select, desc, select
-from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy.orm import selectinload
 from sqlalchemy_crud_plus import CRUDPlus
 
-from backend.app.admin.model import Dept, Menu, Role, User
+from backend.app.admin.model import Menu, Role, User
 from backend.app.admin.schema.role import (
     CreateRoleParam,
-    UpdateRoleDataScopeParam,
-    UpdateRoleDeptParam,
     UpdateRoleMenuParam,
     UpdateRoleParam,
 )
@@ -129,32 +126,6 @@ async def update_menus(self, db, role_id: int, menu_ids: UpdateRoleMenuParam) ->
         current_role.menus = menus.scalars().all()
         return len(current_role.menus)
 
-    async def update_data_scope(self, db: AsyncSession, role_id: int, data_scope: UpdateRoleDataScopeParam):
-        """
-        更新用户数据范围
-
-        :param db:
-        :param role_id:
-        :param data_scope:
-        :return:
-        """
-        return await self.update_model(db, role_id, data_scope)
-
-    async def update_depts(self, db, role_id: int, dept_ids: UpdateRoleDeptParam) -> int:
-        """
-        更新角色部门
-
-        :param db:
-        :param role_id:
-        :param dept_ids:
-        :return:
-        """
-        stmt = select(Dept).where(Dept.id.in_(dept_ids.depts))
-        depts = await db.execute(stmt)
-        current_role = await self.get_with_relation(db, role_id)
-        current_role.depts = depts.scalars().all()
-        return len(current_role.depts)
-
     async def delete(self, db, role_id: list[int]) -> int:
         """
         删除角色

backend/app/admin/model/data_rule.py

@@ -1,18 +1,31 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
-from sqlalchemy import String
-from sqlalchemy.orm import Mapped, mapped_column
+from sqlalchemy import ForeignKey, String
+from sqlalchemy.orm import Mapped, mapped_column, relationship
 
+from backend.app.admin.model.m2m import sys_role_data_rule
 from backend.common.model import Base, id_key
 
 
 class DataRule(Base):
     """数据权限规则表"""
 
-    __tablename__ = 'data_rule'
+    __tablename__ = 'sys_data_rule'
 
     id: Mapped[id_key] = mapped_column(init=False)
-    name: Mapped[str] = mapped_column(String(255), comment='规则名称')
+    name: Mapped[str] = mapped_column(String(255), unique=True, comment='规则名称')
     model: Mapped[str] = mapped_column(String(50), comment='SQLA 模型类')
     column: Mapped[str] = mapped_column(String(20), comment='数据库字段')
-    condition: Mapped[str] = mapped_column(String(20), comment='查询条件')
+    operator: Mapped[int] = mapped_column(comment='运算符（0：and、1：or）')
+    expression: Mapped[int] = mapped_column(
+        comment='表达式（0：>、1：>=、2：<、3：<=、4：==、5：!=、6：in、7：not_in）'
+    )
+
+    # 数据权限规则类型一对多
+    type_id: Mapped[int] = mapped_column(
+        ForeignKey('sys_data_rule_type.id', ondelete='CASCADE'), comment='数据权限规则类型关联ID'
+    )
+    type: Mapped['DataRuleType'] = relationship(init=False, back_populates='rules')  # noqa: F821
+
+    # 角色规则多对多
+    roles: Mapped[list['Role']] = relationship(init=False, secondary=sys_role_data_rule, back_populates='rules')  # noqa: F821

backend/app/admin/model/data_rule_type.py

@@ -2,17 +2,20 @@
 # -*- coding: utf-8 -*-
 from sqlalchemy import String
 from sqlalchemy.dialects.mysql import LONGTEXT
-from sqlalchemy.orm import Mapped, mapped_column
+from sqlalchemy.orm import Mapped, mapped_column, relationship
 
 from backend.common.model import Base, id_key
 
 
 class DataRuleType(Base):
     """数据权限规则类型表"""
 
-    __tablename__ = 'data_rule_type'
+    __tablename__ = 'sys_data_rule_type'
 
     id: Mapped[id_key] = mapped_column(init=False)
-    name: Mapped[str] = mapped_column(String(255), comment='规则类型名')
+    name: Mapped[str] = mapped_column(String(255), unique=True, comment='规则类型名')
     status: Mapped[int] = mapped_column(default=1, comment='状态（0停用 1正常）')
     remark: Mapped[str | None] = mapped_column(LONGTEXT, default=None, comment='备注')
+
+    # 数据权限规则类型一对多
+    data_rules: Mapped[list['DataRule']] = relationship(init=False, back_populates='type')  # noqa: F821

backend/app/admin/model/m2m.py

@@ -19,3 +19,17 @@
     Column('role_id', Integer, ForeignKey('sys_role.id', ondelete='CASCADE'), primary_key=True, comment='角色ID'),
     Column('menu_id', Integer, ForeignKey('sys_menu.id', ondelete='CASCADE'), primary_key=True, comment='菜单ID'),
 )
+
+sys_role_data_rule = Table(
+    'sys_role_data_rule',
+    MappedBase.metadata,
+    Column('id', INT, primary_key=True, unique=True, index=True, autoincrement=True, comment='主键ID'),
+    Column('role_id', Integer, ForeignKey('sys_role.id', ondelete='CASCADE'), primary_key=True, comment='角色ID'),
+    Column(
+        'data_rule_id',
+        Integer,
+        ForeignKey('sys_data_rule.id', ondelete='CASCADE'),
+        primary_key=True,
+        comment='数据权限规则ID',
+    ),
+)

backend/app/admin/model/role.py

@@ -4,7 +4,7 @@
 from sqlalchemy.dialects.mysql import LONGTEXT
 from sqlalchemy.orm import Mapped, mapped_column, relationship
 
-from backend.app.admin.model.m2m import sys_role_menu, sys_user_role
+from backend.app.admin.model.m2m import sys_role_data_rule, sys_role_menu, sys_user_role
 from backend.common.model import Base, id_key
 
 
@@ -27,3 +27,6 @@ class Role(Base):
 
     # 角色菜单多对多
     menus: Mapped[list['Menu']] = relationship(init=False, secondary=sys_role_menu, back_populates='roles')  # noqa: F821
+
+    # 角色数据权限规则多对多
+    rules: Mapped[list['DataRule']] = relationship(init=False, secondary=sys_role_data_rule, back_populates='roles')  # noqa: F821

backend/app/admin/schema/data_rule.py

@@ -2,16 +2,19 @@
 # -*- coding: utf-8 -*-
 from datetime import datetime
 
-from pydantic import ConfigDict
+from pydantic import ConfigDict, Field
 
+from backend.common.enums import RoleDataRuleExpressionType, RoleDataRuleOperatorType
 from backend.common.schema import SchemaBase
 
 
 class DataRuleSchemaBase(SchemaBase):
+    type_id: int
     name: str
     model: str
     column: str
-    condition: str
+    operator: RoleDataRuleOperatorType = Field(RoleDataRuleOperatorType.OR)
+    expression: RoleDataRuleExpressionType = Field(RoleDataRuleExpressionType.eq)
 
 
 class CreateDataRuleParam(DataRuleSchemaBase):