style: 用户数据隔离

Author: gaozhe

backend/app/admin/api/v1/sys/__init__.py

@@ -1,6 +1,7 @@
-from app.admin.api.v1.sys import role, user
+from app.admin.api.v1.sys import menu, role, user
 from fastapi import APIRouter
 
 router = APIRouter(prefix='/sys')
 router.include_router(user.router, prefix='/users', tags=['用户管理'])
 router.include_router(role.router, prefix='/roles', tags=['角色管理'])
+router.include_router(menu.router, prefix='/menus', tags=['菜单管理'])

backend/app/admin/api/v1/sys/menu.py

@@ -0,0 +1,103 @@
+from typing import Annotated
+
+from app.admin.schema.menu import CreateMenuParam, GetMenuDetail, GetMenuTree, UpdateMenuParam
+from app.admin.service.menu_service import menu_service
+from common.response.response_schema import ResponseModel, ResponseSchemaModel, response_base
+from common.security.permission import RequestPermission
+from common.security.rbac import DependsRBAC
+from database.db import CurrentSession, CurrentSessionTransaction
+from fastapi import APIRouter, Depends, Path
+
+router = APIRouter()
+
+
+@router.get(
+    '/tree',
+    summary='获取菜单树',
+    dependencies=[
+        Depends(RequestPermission('sys:menu:list')),
+        DependsRBAC,
+    ],
+)
+async def get_menu_tree(db: CurrentSession) -> ResponseSchemaModel[list[GetMenuTree]]:
+    data = await menu_service.get_all(db=db)
+    return response_base.success(data=data)
+
+
+@router.get(
+    '',
+    summary='获取所有菜单（平铺）',
+    dependencies=[
+        Depends(RequestPermission('sys:menu:list')),
+        DependsRBAC,
+    ],
+)
+async def get_menus(db: CurrentSession) -> ResponseSchemaModel[list[GetMenuDetail]]:
+    data = await menu_service.get_all_flat(db=db)
+    return response_base.success(data=data)
+
+
+@router.get(
+    '/{pk}',
+    summary='获取菜单详情',
+    dependencies=[
+        Depends(RequestPermission('sys:menu:list')),
+        DependsRBAC,
+    ],
+)
+async def get_menu(
+    db: CurrentSession,
+    pk: Annotated[int, Path(description='菜单 ID')],
+) -> ResponseSchemaModel[GetMenuDetail]:
+    data = await menu_service.get(db=db, pk=pk)
+    return response_base.success(data=data)
+
+
+@router.post(
+    '',
+    summary='创建菜单',
+    dependencies=[
+        Depends(RequestPermission('sys:menu:add')),
+        DependsRBAC,
+    ],
+)
+async def create_menu(db: CurrentSessionTransaction, obj: CreateMenuParam) -> ResponseModel:
+    await menu_service.create(db=db, obj=obj)
+    return response_base.success()
+
+
+@router.put(
+    '/{pk}',
+    summary='更新菜单',
+    dependencies=[
+        Depends(RequestPermission('sys:menu:edit')),
+        DependsRBAC,
+    ],
+)
+async def update_menu(
+    db: CurrentSessionTransaction,
+    pk: Annotated[int, Path(description='菜单 ID')],
+    obj: UpdateMenuParam,
+) -> ResponseModel:
+    count = await menu_service.update(db=db, pk=pk, obj=obj)
+    if count > 0:
+        return response_base.success()
+    return response_base.fail()
+
+
+@router.delete(
+    '/{pk}',
+    summary='删除菜单',
+    dependencies=[
+        Depends(RequestPermission('sys:menu:del')),
+        DependsRBAC,
+    ],
+)
+async def delete_menu(
+    db: CurrentSessionTransaction,
+    pk: Annotated[int, Path(description='菜单 ID')],
+) -> ResponseModel:
+    count = await menu_service.delete(db=db, pk=pk)
+    if count > 0:
+        return response_base.success()
+    return response_base.fail()

backend/app/admin/api/v1/sys/user.py

@@ -20,7 +20,14 @@
 router = APIRouter()
 
 
-@router.get('/{pk}', summary='获取用户信息', dependencies=[DependsJwtAuth])
+@router.get(
+    '/{pk}',
+    summary='获取用户信息',
+    dependencies=[
+        Depends(RequestPermission('sys:user:list')),
+        DependsRBAC,
+    ],
+)
 async def get_userinfo(
     db: CurrentSession,
     pk: Annotated[int, Path(description='用户 ID')],
@@ -29,7 +36,14 @@ async def get_userinfo(
     return response_base.success(data=data)
 
 
-@router.get('/{pk}/roles', summary='获取用户所有角色', dependencies=[DependsJwtAuth])
+@router.get(
+    '/{pk}/roles',
+    summary='获取用户所有角色',
+    dependencies=[
+        Depends(RequestPermission('sys:user:list')),
+        DependsRBAC,
+    ],
+)
 async def get_user_roles(
     db: CurrentSession, pk: Annotated[int, Path(description='用户 ID')]
 ) -> ResponseSchemaModel[list[GetRoleDetail]]:
@@ -41,7 +55,8 @@ async def get_user_roles(
     '',
     summary='分页获取所有用户',
     dependencies=[
-        DependsJwtAuth,
+        Depends(RequestPermission('sys:user:list')),
+        DependsRBAC,
         DependsPagination,
     ],
 )
@@ -55,7 +70,14 @@ async def get_users_paginated(
     return response_base.success(data=page_data)
 
 
-@router.post('', summary='创建用户', dependencies=[DependsSuperUser])
+@router.post(
+    '',
+    summary='创建用户',
+    dependencies=[
+        Depends(RequestPermission('sys:user:add')),
+        DependsRBAC,
+    ],
+)
 async def create_user(
     db: CurrentSessionTransaction, obj: AddUserParam
 ) -> ResponseSchemaModel[GetUserInfoWithRelationDetail]:
@@ -64,7 +86,14 @@ async def create_user(
     return response_base.success(data=data)
 
 
-@router.put('/{pk}', summary='更新用户信息', dependencies=[DependsSuperUser])
+@router.put(
+    '/{pk}',
+    summary='更新用户信息',
+    dependencies=[
+        Depends(RequestPermission('sys:user:edit')),
+        DependsRBAC,
+    ],
+)
 async def update_user(
     db: CurrentSessionTransaction,
     pk: Annotated[int, Path(description='用户 ID')],
@@ -76,7 +105,11 @@ async def update_user(
     return response_base.fail()
 
 
-@router.put('/{pk}/permissions', summary='更新用户权限', dependencies=[DependsSuperUser])
+@router.put(
+    '/{pk}/permissions',
+    summary='更新用户权限',
+    dependencies=[DependsSuperUser],
+)
 async def update_user_permission(
     db: CurrentSessionTransaction,
     request: Request,
@@ -99,7 +132,14 @@ async def update_user_password(
     return response_base.fail()
 
 
-@router.put('/{pk}/password', summary='重置用户密码', dependencies=[DependsSuperUser])
+@router.put(
+    '/{pk}/password',
+    summary='重置用户密码',
+    dependencies=[
+        Depends(RequestPermission('sys:user:password:reset')),
+        DependsRBAC,
+    ],
+)
 async def reset_user_password(
     db: CurrentSessionTransaction,
     pk: Annotated[int, Path(description='用户 ID')],

backend/app/admin/crud/crud_admin_agent.py

@@ -51,5 +51,16 @@ async def get_filter_list(
     async def delete_agent(self, db: AsyncSession, agent_id: int) -> int:
         return await self.delete_model(db, agent_id)
 
+    async def get_my_agents(self, user_id: int) -> Select:
+        return await self.select_order(
+            'updated_time',
+            'desc',
+            load_options=[
+                noload(self.model.category),
+                selectinload(self.model.user),
+            ],
+            user_id=user_id,
+        )
+
 
 agent_admin_server_dao: CRUDAgentAdminServer = CRUDAgentAdminServer(AgentServer)

backend/app/admin/crud/crud_admin_mcp.py

@@ -56,5 +56,16 @@ async def get_filter_list(
             **filters,
         )
 
+    async def get_my_mcps(self, user_id: int) -> Select:
+        return await self.select_order(
+            'updated_time',
+            'desc',
+            load_options=[
+                selectinload(self.model.category).options(noload(McpCategory.mcp_servers)),
+                selectinload(self.model.user),
+            ],
+            user_id=user_id,
+        )
+
 
 mcp_admin_server_dao: CRUDMcpAdminServer = CRUDMcpAdminServer(McpServer)

backend/app/admin/crud/crud_menu.py

@@ -0,0 +1,31 @@
+from collections.abc import Sequence
+
+from app.admin.model import Menu
+from app.admin.schema.menu import CreateMenuParam, UpdateMenuParam
+from sqlalchemy import select
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy_crud_plus import CRUDPlus
+
+
+class CRUDMenu(CRUDPlus[Menu]):
+    """菜单数据库操作类"""
+
+    async def get(self, db: AsyncSession, menu_id: int) -> Menu | None:
+        return await self.select_model(db, menu_id)
+
+    async def get_all(self, db: AsyncSession) -> Sequence[Menu]:
+        """获取所有菜单，按 sort 排序"""
+        result = await db.execute(select(Menu).order_by(Menu.sort, Menu.id))
+        return result.scalars().all()
+
+    async def create(self, db: AsyncSession, obj: CreateMenuParam) -> None:
+        await self.create_model(db, obj)
+
+    async def update(self, db: AsyncSession, menu_id: int, obj: UpdateMenuParam) -> int:
+        return await self.update_model(db, menu_id, obj)
+
+    async def delete(self, db: AsyncSession, menu_id: int) -> int:
+        return await self.delete_model(db, menu_id)
+
+
+menu_dao: CRUDMenu = CRUDMenu(Menu)

backend/app/admin/crud/crud_opera_log.py

@@ -1,5 +1,3 @@
-#!/usr/bin/env python3
-# -*- coding: utf-8 -*-
 from app.admin.model import OperaLog
 from app.admin.schema.opera_log import CreateOperaLogParam
 from sqlalchemy import Select
@@ -31,26 +29,6 @@ async def get_select(self, username: str | None, status: int | None, ip: str | N
 
         return await self.select_order('created_time', 'desc', **filters)
 
-    async def get_list(self, username: str | None, status: int | None, ip: str | None) -> Select:
-        """
-        获取操作日志列表
-
-        :param username: 用户名
-        :param status: 操作状态
-        :param ip: IP 地址
-        :return:
-        """
-        filters = {}
-
-        if username is not None:
-            filters['username__like'] = f'%{username}%'
-        if status is not None:
-            filters['status__eq'] = status
-        if ip is not None:
-            filters['ip__like'] = f'%{ip}%'
-
-        return await self.select_order('created_time', 'desc', **filters)
-
     async def create(self, db: AsyncSession, obj: CreateOperaLogParam) -> None:
         """
         创建操作日志

backend/app/admin/schema/mcp.py

@@ -39,6 +39,17 @@ class GetAdminMcpDetail(SchemaBase):
     is_public: int | None = Field(None, description='是否公开')
 
 
+class MyMcpDetail(SchemaBase):
+    id: int = Field(description='id')
+    server_title: str = Field(description='名称')
+    server_name: str = Field(description='mcp name')
+    description: str | None = Field(None, description='描述')
+    server_type: str = Field(description='类型')
+    is_public: bool | None = Field(None, description='是否公开')
+    created_time: datetime = Field(description='创建时间')
+    updated_time: datetime | None = Field(None, description='更新时间')
+
+
 class UpdateMcpServerParam(SchemaBase):
     server_title: str | None = Field(None, description='名称')
     description: str | None = Field(None, description='描述')

backend/app/admin/schema/user.py

@@ -3,7 +3,7 @@
 from datetime import datetime
 from typing import Annotated, Any
 
-from app.admin.schema.role import GetRoleDetail
+from app.admin.schema.role import GetRoleWithRelationDetail
 from common.enums import StatusType
 from common.schema import CustomEmailStr, CustomPhoneNumber, SchemaBase, ser_string
 from pydantic import ConfigDict, Field, HttpUrl, PlainSerializer, model_validator
@@ -97,7 +97,7 @@ class GetUserInfoWithRelationDetail(GetUserInfoDetail):
 
     model_config = ConfigDict(from_attributes=True)
 
-    roles: list[GetRoleDetail] = Field(default=[], description='角色列表')
+    roles: list[GetRoleWithRelationDetail] = Field(default=[], description='角色列表')
 
 
 class GetCurrentUserInfoWithRelationDetail(GetUserInfoWithRelationDetail):

backend/app/admin/service/admin_agent_service.py

@@ -44,5 +44,9 @@ async def update_agent(
     async def delete_agent(db: AsyncSession, agent_id: int) -> int:
         return await agent_admin_server_dao.delete_agent(db, agent_id)
 
+    @staticmethod
+    async def get_my_agents(*, user_id: int) -> Select:
+        return await agent_admin_server_dao.get_my_agents(user_id=user_id)
+
 
 agent_admin_server_service: AgentAdminServerService = AgentAdminServerService()