fix: 修复普通用户也能获取下属部门的数据

2025-02-24 18:19:04 +08:00
parent df5f2977d4
commit f0c678b8d0
3 changed files with 42 additions and 12 deletions
--- a/api/log.py
+++ b/api/log.py
@@ -12,7 +12,7 @@ from fastapi import APIRouter, Depends, Path, Query, Request
 from fastapi.encoders import jsonable_encoder
 from fastapi.responses import JSONResponse

-from annotation.auth import Auth
+from annotation.auth import Auth, hasAuth
 from annotation.log import Log
 from config.constant import BusinessType, RedisKeyConfig
 from controller.login import LoginController
@@ -41,9 +41,8 @@ async def get_login_log(request: Request,
                        current_user: dict = Depends(LoginController.get_current_user),
                        ):
    sub_departments = current_user.get("sub_departments")
+    user_id = current_user.get("id")
    online_user_list = await LoginController.get_online_user(request, sub_departments)
-    online_user_list = list(
-        filter(lambda x: x["department_id"] in sub_departments, jsonable_encoder(online_user_list)))
    filterArgs = {
        f'{k}__contains': v for k, v in {
            'username': username,
@@ -56,10 +55,18 @@ async def get_login_log(request: Request,
        startTime = datetime.fromtimestamp(float(startTime) / 1000)
        endTime = datetime.fromtimestamp(float(endTime) / 1000)
        filterArgs['login_time__range'] = [startTime, endTime]
-    if not department_id:
-        filterArgs['user__department__id__in'] = sub_departments
+    if await hasAuth(request, "login:btn:admin"):
+        online_user_list = list(
+            filter(lambda x: x["department_id"] in sub_departments, jsonable_encoder(online_user_list)))
+        if not department_id:
+            filterArgs['user__department__id__in'] = sub_departments
+        else:
+            filterArgs['user__department__id'] = department_id
    else:
-        filterArgs['user__department__id'] = department_id
+        online_user_list = list(
+            filter(lambda x: x["user_id"] == user_id, jsonable_encoder(online_user_list)))
+        if department_id:
+            filterArgs['user__department__id'] = department_id
    result = await LoginLog.filter(**filterArgs, user__del_flag=1, del_flag=1).offset(
        (page - 1) * pageSize).limit(pageSize).values(
        id="id",
@@ -171,6 +178,7 @@ async def get_operation_log(request: Request,
                            current_user: dict = Depends(LoginController.get_current_user),
                            ):
    sub_departments = current_user.get("sub_departments")
+    user_id = current_user.get("id")
    filterArgs = {
        f'{k}__contains': v for k, v in {
            'operation_name': name,
@@ -185,10 +193,15 @@ async def get_operation_log(request: Request,
        startTime = datetime.fromtimestamp(float(startTime) / 1000)
        endTime = datetime.fromtimestamp(float(endTime) / 1000)
        filterArgs['operation_time__range'] = [startTime, endTime]
-    if not department_id:
-        filterArgs['department__id__in'] = sub_departments
+    if await hasAuth(request, "operation:btn:admin"):
+        if not department_id:
+            filterArgs['department__id__in'] = sub_departments
+        else:
+            filterArgs['department__id'] = department_id
    else:
-        filterArgs['department__id'] = department_id
+        filterArgs['operator__id'] = user_id
+        if department_id:
+            filterArgs['department__id'] = department_id
    result = await OperationLog.filter(**filterArgs, operator__del_flag=1, del_flag=1).offset(
        (page - 1) * pageSize).limit(
        pageSize).values(