feat: 添加系统级管理专属页面权限

2025-02-26 22:56:15 +08:00
parent 1dd9f7db43
commit b59dba18f0
8 changed files with 206 additions and 9 deletions
--- a/api/role.py
+++ b/api/role.py
@@ -10,7 +10,7 @@ from typing import Optional
 from fastapi import APIRouter, Depends, Path, Query, Request
 from fastapi.responses import JSONResponse

-from annotation.auth import Auth, hasAuth
+from annotation.auth import Auth, hasAuth, hasAdmin
 from annotation.log import Log
 from config.constant import BusinessType, RedisKeyConfig
 from controller.login import LoginController
@@ -235,6 +235,11 @@ async def add_role_permission(request: Request, params: AddRolePermissionParams,
                              id: str = Path(..., description="角色ID"),
                              current_user: dict = Depends(LoginController.get_current_user)):
    sub_departments = current_user.get("sub_departments")
+    if await hasAdmin(request, current_user.get("department_id")):
+        department_permissions = await Permission.filter(del_flag=1).values("id")
+    else:
+        department_permissions = await Permission.filter(is_admin=False, del_flag=1).values("id")
+    department_permissions = filterKeyValues(department_permissions, "id")
    if role := await Role.get_or_none(id=id, del_flag=1, department__id__in=sub_departments):
        # 已有角色权限
        rolePermissions = await RolePermission.filter(role_id=id, del_flag=1).values("permission_id")
@@ -243,6 +248,8 @@ async def add_role_permission(request: Request, params: AddRolePermissionParams,
        add_list = set(params.permission_ids).difference(set(rolePermissions))
        # 循环添加角色权限
        for item in add_list:
+            if item not in department_permissions:
+                continue
            permission = await Permission.get_or_none(id=item, del_flag=1)
            if permission:
                await RolePermission.create(
@@ -294,6 +301,11 @@ async def update_role_permission(request: Request, params: AddRolePermissionPara
                                 id: str = Path(..., description="角色ID"),
                                 current_user: dict = Depends(LoginController.get_current_user)):
    sub_departments = current_user.get("sub_departments")
+    if await hasAdmin(request, current_user.get("department_id")):
+        department_permissions = await Permission.filter(del_flag=1).values("id")
+    else:
+        department_permissions = await Permission.filter(is_admin=False, del_flag=1).values("id")
+    department_permissions = filterKeyValues(department_permissions, "id")
    if role := await Role.get_or_none(id=id, del_flag=1, department__id__in=sub_departments):
        # 已有角色权限
        rolePermissions = await RolePermission.filter(role_id=role.id, del_flag=1).values("permission_id")
@@ -307,6 +319,8 @@ async def update_role_permission(request: Request, params: AddRolePermissionPara
            await RolePermission.filter(role_id=id, permission_id=item, del_flag=1).update(del_flag=0)
        # 循环添加角色权限
        for item in add_list:
+            if item not in department_permissions:
+                continue
            await RolePermission.create(role_id=id, permission_id=item)
        # 更新用户信息缓存
        userInfos = await request.app.state.redis.keys(f'{RedisKeyConfig.USER_INFO.key}*')