diff --git a/api/permission.py b/api/permission.py index b73d099..ec1d329 100644 --- a/api/permission.py +++ b/api/permission.py @@ -10,6 +10,7 @@ from typing import Optional from fastapi import APIRouter, Depends, Path, Query, Request from fastapi.responses import JSONResponse +from annotation.auth import Auth from annotation.log import Log from config.constant import BusinessType from controller.login import LoginController @@ -26,6 +27,7 @@ permissionAPI = APIRouter( @permissionAPI.post("/add", response_model=BaseResponse, response_class=JSONResponse, summary="新增权限") @Log(title="新增权限", business_type=BusinessType.INSERT) +@Auth(permission_list=["permission:btn:add"]) async def add_permission(request: Request, params: AddPermissionParams): permission = await Permission.create( name=params.name, @@ -59,9 +61,11 @@ async def add_permission(request: Request, params: AddPermissionParams): @permissionAPI.delete("/delete/{id}", response_model=BaseResponse, response_class=JSONResponse, summary="删除权限") @permissionAPI.post("/delete/{id}", response_model=BaseResponse, response_class=JSONResponse, summary="删除权限") @Log(title="删除权限", business_type=BusinessType.DELETE) +@Auth(permission_list=["permission:btn:delete"]) async def delete_permission(request: Request, id: str = Path(description="权限ID")): - if permission := await Permission.get_or_none(id=id): - await permission.delete() + if permission := await Permission.get_or_none(id=id, del_flag=1): + permission.del_flag = 0 + await permission.save() return Response.success(msg="删除权限成功!") else: return Response.error(msg="删除权限失败,权限不存在!") @@ -70,8 +74,9 @@ async def delete_permission(request: Request, id: str = Path(description="权限 @permissionAPI.put("/update/{id}", response_model=BaseResponse, response_class=JSONResponse, summary="更新权限") @permissionAPI.post("/update/{id}", response_model=BaseResponse, response_class=JSONResponse, summary="更新权限") @Log(title="更新权限", business_type=BusinessType.UPDATE) +@Auth(permission_list=["permission:btn:update"]) async def update_permission(request: Request, params: AddPermissionParams, id: str = Path(description="权限ID"), ): - if permission := await Permission.get_or_none(id=id): + if permission := await Permission.get_or_none(id=id, del_flag=1): permission.name = params.name permission.parent_id = params.parent_id permission.path = params.path @@ -102,8 +107,9 @@ async def update_permission(request: Request, params: AddPermissionParams, id: s @permissionAPI.get("/info/{id}", response_model=GetPermissionInfoResponse, response_class=JSONResponse, summary="查询权限详情") @Log(title="查询权限详情", business_type=BusinessType.SELECT) +@Auth(permission_list=["permission:btn:info"]) async def get_permission(request: Request, id: str = Path(description="权限ID")): - if permission := await Permission.get_or_none(permission_id=id): + if permission := await Permission.get_or_none(permission_id=id, del_flag=1): permission = await permission.first().values( id="id", create_by="create_by", @@ -140,6 +146,7 @@ async def get_permission(request: Request, id: str = Path(description="权限ID" @permissionAPI.get("/list", response_model=GetPermissionListResponse, response_class=JSONResponse, summary="查询权限列表") @Log(title="查询权限列表", business_type=BusinessType.SELECT) +@Auth(permission_list=["permission:btn:list"]) async def get_permission_list( request: Request, page: int = Query(default=1, description="当前页码"), @@ -191,8 +198,8 @@ async def get_permission_list( "hidden_tag": hiddenTag }.items() if v } - total = await Permission.filter(**filterArgs).count() - result = await Permission.filter(**filterArgs).offset((page - 1) * pageSize).limit(pageSize).order_by( + total = await Permission.filter(**filterArgs, del_flag=1).count() + result = await Permission.filter(**filterArgs, del_flag=1).offset((page - 1) * pageSize).limit(pageSize).order_by( 'rank').values( id="id", create_by="create_by",