From 7831adf9272ac89fca4de68d421f7d349d2fddfe Mon Sep 17 00:00:00 2001
From: Wu Clan <jianhengwu0407@gmail.com>
Date: Sat, 31 May 2025 23:38:50 +0800
Subject: [PATCH] Add data permission condition for filter data

---
 backend/app/admin/model/role.py       | 7 +++++--
 backend/app/admin/schema/role.py      | 1 +
 backend/common/security/permission.py | 5 +++++
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/backend/app/admin/model/role.py b/backend/app/admin/model/role.py
index 3818b9056..3ac756f41 100644
--- a/backend/app/admin/model/role.py
+++ b/backend/app/admin/model/role.py
@@ -4,9 +4,9 @@
 
 from typing import TYPE_CHECKING
 
-from sqlalchemy import String
+from sqlalchemy import Boolean, String
 from sqlalchemy.dialects.mysql import LONGTEXT
-from sqlalchemy.dialects.postgresql import TEXT
+from sqlalchemy.dialects.postgresql import INTEGER, TEXT
 from sqlalchemy.orm import Mapped, mapped_column, relationship
 
 from backend.app.admin.model.m2m import sys_role_data_scope, sys_role_menu, sys_user_role
@@ -24,6 +24,9 @@ class Role(Base):
     id: Mapped[id_key] = mapped_column(init=False)
     name: Mapped[str] = mapped_column(String(20), unique=True, comment='角色名称')
     status: Mapped[int] = mapped_column(default=1, comment='角色状态（0停用 1正常）')
+    is_filter_scopes: Mapped[bool] = mapped_column(
+        Boolean().with_variant(INTEGER, 'postgresql'), default=False, comment='过滤数据权限(0否 1是)'
+    )
     remark: Mapped[str | None] = mapped_column(
         LONGTEXT().with_variant(TEXT, 'postgresql'), default=None, comment='备注'
     )
diff --git a/backend/app/admin/schema/role.py b/backend/app/admin/schema/role.py
index dbdd9b630..a322b1bae 100644
--- a/backend/app/admin/schema/role.py
+++ b/backend/app/admin/schema/role.py
@@ -15,6 +15,7 @@ class RoleSchemaBase(SchemaBase):
 
     name: str = Field(description='角色名称')
     status: StatusType = Field(StatusType.enable, description='状态')
+    is_filter_scopes: bool = Field(False, description='过滤数据权限')
     remark: str | None = Field(None, description='备注')
 
 
diff --git a/backend/common/security/permission.py b/backend/common/security/permission.py
index d7a9c624c..3b9344bd4 100644
--- a/backend/common/security/permission.py
+++ b/backend/common/security/permission.py
@@ -56,6 +56,11 @@ async def filter_data_permission(db: AsyncSession, request: Request) -> ColumnEl
     :param request: FastAPI 请求对象
     :return:
     """
+    # 是否过滤数据权限
+    for role in request.user.roles:
+        if role.is_filter_scopes:
+            return or_(1 == 1)
+
     # 获取数据范围
     unique_data_scopes = {}
     for role in request.user.roles: