feat: 权限管理添加按钮级权限控制

api/permission.py

@@ -10,6 +10,7 @@ from typing import Optional
 from fastapi import APIRouter, Depends, Path, Query, Request
 from fastapi.responses import JSONResponse
 
+from annotation.auth import Auth
 from annotation.log import Log
 from config.constant import BusinessType
 from controller.login import LoginController
@@ -26,6 +27,7 @@ permissionAPI = APIRouter(
 
 @permissionAPI.post("/add", response_model=BaseResponse, response_class=JSONResponse, summary="新增权限")
 @Log(title="新增权限", business_type=BusinessType.INSERT)
+@Auth(permission_list=["permission:btn:add"])
 async def add_permission(request: Request, params: AddPermissionParams):
     permission = await Permission.create(
         name=params.name,
@@ -59,9 +61,11 @@ async def add_permission(request: Request, params: AddPermissionParams):
 @permissionAPI.delete("/delete/{id}", response_model=BaseResponse, response_class=JSONResponse, summary="删除权限")
 @permissionAPI.post("/delete/{id}", response_model=BaseResponse, response_class=JSONResponse, summary="删除权限")
 @Log(title="删除权限", business_type=BusinessType.DELETE)
+@Auth(permission_list=["permission:btn:delete"])
 async def delete_permission(request: Request, id: str = Path(description="权限ID")):
-    if permission := await Permission.get_or_none(id=id):
-        await permission.delete()
+    if permission := await Permission.get_or_none(id=id, del_flag=1):
+        permission.del_flag = 0
+        await permission.save()
         return Response.success(msg="删除权限成功！")
     else:
         return Response.error(msg="删除权限失败，权限不存在！")
@@ -70,8 +74,9 @@ async def delete_permission(request: Request, id: str = Path(description="权限
 @permissionAPI.put("/update/{id}", response_model=BaseResponse, response_class=JSONResponse, summary="更新权限")
 @permissionAPI.post("/update/{id}", response_model=BaseResponse, response_class=JSONResponse, summary="更新权限")
 @Log(title="更新权限", business_type=BusinessType.UPDATE)
+@Auth(permission_list=["permission:btn:update"])
 async def update_permission(request: Request, params: AddPermissionParams, id: str = Path(description="权限ID"), ):
-    if permission := await Permission.get_or_none(id=id):
+    if permission := await Permission.get_or_none(id=id, del_flag=1):
         permission.name = params.name
         permission.parent_id = params.parent_id
         permission.path = params.path
@@ -102,8 +107,9 @@ async def update_permission(request: Request, params: AddPermissionParams, id: s
 @permissionAPI.get("/info/{id}", response_model=GetPermissionInfoResponse, response_class=JSONResponse,
                    summary="查询权限详情")
 @Log(title="查询权限详情", business_type=BusinessType.SELECT)
+@Auth(permission_list=["permission:btn:info"])
 async def get_permission(request: Request, id: str = Path(description="权限ID")):
-    if permission := await Permission.get_or_none(permission_id=id):
+    if permission := await Permission.get_or_none(permission_id=id, del_flag=1):
         permission = await permission.first().values(
             id="id",
             create_by="create_by",
@@ -140,6 +146,7 @@ async def get_permission(request: Request, id: str = Path(description="权限ID"
 @permissionAPI.get("/list", response_model=GetPermissionListResponse, response_class=JSONResponse,
                    summary="查询权限列表")
 @Log(title="查询权限列表", business_type=BusinessType.SELECT)
+@Auth(permission_list=["permission:btn:list"])
 async def get_permission_list(
         request: Request,
         page: int = Query(default=1, description="当前页码"),
@@ -191,8 +198,8 @@ async def get_permission_list(
             "hidden_tag": hiddenTag
         }.items() if v
     }
-    total = await Permission.filter(**filterArgs).count()
-    result = await Permission.filter(**filterArgs).offset((page - 1) * pageSize).limit(pageSize).order_by(
+    total = await Permission.filter(**filterArgs, del_flag=1).count()
+    result = await Permission.filter(**filterArgs, del_flag=1).offset((page - 1) * pageSize).limit(pageSize).order_by(
         'rank').values(
         id="id",
         create_by="create_by",