feat:新增数据权限功能，内置五种数据权限 #I848BG

Author: insistence

dash-fastapi-backend/module_admin/aspect/data_scope.py

@@ -0,0 +1,35 @@
+from fastapi import Depends
+from module_admin.entity.vo.user_vo import CurrentUserInfoServiceResponse
+from module_admin.service.login_service import get_current_user
+from typing import Optional
+
+
+class GetDataScope:
+    """
+    获取当前用户数据权限对应的查询sql语句
+    """
+    def __init__(self, query_alias: Optional[str] = '', db_alias: Optional[str] = 'db'):
+        self.query_alias = query_alias
+        self.db_alias = db_alias
+
+    def __call__(self, current_user: CurrentUserInfoServiceResponse = Depends(get_current_user)):
+        user_id = current_user.user.user_id
+        dept_id = current_user.user.dept_id
+        role_datascope_list = [dict(role_id=item.role_id, data_scope=int(item.data_scope)) for item in current_user.role]
+        max_data_scope_dict = min(role_datascope_list, key=lambda x: x['data_scope'])
+        max_role_id = max_data_scope_dict['role_id']
+        max_data_scope = max_data_scope_dict['data_scope']
+        if self.query_alias == '' or max_data_scope == 1 or user_id == 1:
+            param_sql = '1 == 1'
+        elif max_data_scope == 2:
+            param_sql = f'{self.query_alias}.dept_id.in_({self.db_alias}.query(SysRoleDept.dept_id).filter(SysRoleDept.role_id == {max_role_id}))'
+        elif max_data_scope == 3:
+            param_sql = f'{self.query_alias}.dept_id == {dept_id}'
+        elif max_data_scope == 4:
+            param_sql = f'{self.query_alias}.dept_id.in_({self.db_alias}.query(SysDept.dept_id).filter(or_(SysDept.dept_id == {dept_id}, func.find_in_set({dept_id}, SysDept.ancestors))))'
+        elif max_data_scope == 5:
+            param_sql = f'{self.query_alias}.user_id == {user_id}'
+        else:
+            param_sql = '1 == 0'
+
+        return param_sql

dash-fastapi-backend/module_admin/controller/role_controller.py

@@ -75,6 +75,24 @@ async def edit_system_role(request: Request, edit_role: AddRoleModel, query_db:
     except Exception as e:
         logger.exception(e)
         return response_500(data="", message=str(e))
+
+
+@roleController.patch("/role/dataScope", response_model=CrudRoleResponse, dependencies=[Depends(CheckUserInterfaceAuth('system:role:edit'))])
+@log_decorator(title='角色管理', business_type=4)
+async def edit_system_role_datascope(request: Request, role_data_scope: RoleDataScopeModel, query_db: Session = Depends(get_db), current_user: CurrentUserInfoServiceResponse = Depends(get_current_user)):
+    try:
+        role_data_scope.update_by = current_user.user.user_name
+        role_data_scope.update_time = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
+        role_data_scope_result = RoleService.role_datascope_services(query_db, role_data_scope)
+        if role_data_scope_result.is_success:
+            logger.info(role_data_scope_result.message)
+            return response_200(data=role_data_scope_result, message=role_data_scope_result.message)
+        else:
+            logger.warning(role_data_scope_result.message)
+            return response_400(data="", message=role_data_scope_result.message)
+    except Exception as e:
+        logger.exception(e)
+        return response_500(data="", message=str(e))
 
 
 @roleController.post("/role/delete", response_model=CrudRoleResponse, dependencies=[Depends(CheckUserInterfaceAuth('system:role:remove'))])

dash-fastapi-backend/module_admin/controller/user_controller.py

@@ -12,18 +12,19 @@
 from utils.log_util import *
 from utils.common_util import bytes2file_response
 from module_admin.aspect.interface_auth import CheckUserInterfaceAuth
+from module_admin.aspect.data_scope import GetDataScope
 from module_admin.annotation.log_annotation import log_decorator
 
 
 userController = APIRouter(dependencies=[Depends(get_current_user)])
 
 
 @userController.post("/user/get", response_model=UserPageObjectResponse, dependencies=[Depends(CheckUserInterfaceAuth('system:user:list'))])
-async def get_system_user_list(request: Request, user_page_query: UserPageObject, query_db: Session = Depends(get_db)):
+async def get_system_user_list(request: Request, user_page_query: UserPageObject, query_db: Session = Depends(get_db), data_scope_sql: str = Depends(GetDataScope('SysUser'))):
     try:
         user_query = UserQueryModel(**user_page_query.dict())
         # 获取全量数据
-        user_query_result = UserService.get_user_list_services(query_db, user_query)
+        user_query_result = UserService.get_user_list_services(query_db, user_query, data_scope_sql)
         # 分页操作
         user_page_query_result = get_page_obj(user_query_result, user_page_query.page_num, user_page_query.page_size)
         logger.info('获取成功')

dash-fastapi-backend/module_admin/dao/role_dao.py

@@ -1,8 +1,9 @@
 from sqlalchemy import and_, desc
 from sqlalchemy.orm import Session
-from module_admin.entity.do.role_do import SysRole, SysRoleMenu
+from module_admin.entity.do.role_do import SysRole, SysRoleMenu, SysRoleDept
+from module_admin.entity.do.dept_do import SysDept
 from module_admin.entity.do.menu_do import SysMenu
-from module_admin.entity.vo.role_vo import RoleModel, RoleMenuModel, RoleQueryModel, RoleDetailModel
+from module_admin.entity.vo.role_vo import RoleModel, RoleMenuModel, RoleDeptModel, RoleQueryModel, RoleDetailModel
 from utils.time_format_util import list_format_datetime, object_format_datetime
 from datetime import datetime, time
 
@@ -74,9 +75,15 @@ def get_role_detail_by_id(cls, db: Session, role_id: int):
             .outerjoin(SysRoleMenu, SysRole.role_id == SysRoleMenu.role_id) \
             .outerjoin(SysMenu, and_(SysRoleMenu.menu_id == SysMenu.menu_id, SysMenu.status == 0)) \
             .distinct().all()
+        query_role_dept_info = db.query(SysDept).select_from(SysRole) \
+            .filter(SysRole.del_flag == 0, SysRole.role_id == role_id) \
+            .outerjoin(SysRoleDept, SysRole.role_id == SysRoleDept.role_id) \
+            .outerjoin(SysDept, and_(SysRoleDept.dept_id == SysDept.dept_id, SysDept.status == 0, SysDept.del_flag == 0)) \
+            .distinct().all()
         results = dict(
             role=object_format_datetime(query_role_basic_info),
             menu=list_format_datetime(query_role_menu_info),
+            dept=list_format_datetime(query_role_dept_info),
         )
 
         return RoleDetailModel(**results)
@@ -177,3 +184,26 @@ def delete_role_menu_dao(cls, db: Session, role_menu: RoleMenuModel):
         db.query(SysRoleMenu) \
             .filter(SysRoleMenu.role_id == role_menu.role_id) \
             .delete()
+
+    @classmethod
+    def add_role_dept_dao(cls, db: Session, role_dept: RoleDeptModel):
+        """
+        新增角色部门关联信息数据库操作
+        :param db: orm对象
+        :param role_dept: 用户角色部门关联对象
+        :return:
+        """
+        db_role_dept = SysRoleDept(**role_dept.dict())
+        db.add(db_role_dept)
+
+    @classmethod
+    def delete_role_dept_dao(cls, db: Session, role_dept: RoleDeptModel):
+        """
+        删除角色部门关联信息数据库操作
+        :param db: orm对象
+        :param role_dept: 角色部门关联对象
+        :return:
+        """
+        db.query(SysRoleDept) \
+            .filter(SysRoleDept.role_id == role_dept.role_id) \
+            .delete()

dash-fastapi-backend/module_admin/dao/user_dao.py

@@ -1,7 +1,7 @@
 from sqlalchemy import and_, or_, desc, func
 from sqlalchemy.orm import Session
 from module_admin.entity.do.user_do import SysUser, SysUserRole, SysUserPost
-from module_admin.entity.do.role_do import SysRole, SysRoleMenu
+from module_admin.entity.do.role_do import SysRole, SysRoleMenu, SysRoleDept
 from module_admin.entity.do.dept_do import SysDept
 from module_admin.entity.do.post_do import SysPost
 from module_admin.entity.do.menu_do import SysMenu
@@ -139,11 +139,12 @@ def get_user_detail_by_id(cls, db: Session, user_id: int):
         return CurrentUserInfo(**results)
 
     @classmethod
-    def get_user_list(cls, db: Session, query_object: UserQueryModel):
+    def get_user_list(cls, db: Session, query_object: UserQueryModel, data_scope_sql: str):
         """
         根据查询参数获取用户列表信息
         :param db: orm对象
         :param query_object: 查询参数对象
+        :param data_scope_sql: 数据权限对应的查询sql语句
         :return: 用户列表信息对象
         """
         user_list = db.query(SysUser, SysDept) \
@@ -160,7 +161,8 @@ def get_user_list(cls, db: Session, query_object: UserQueryModel):
                     SysUser.create_time.between(
                         datetime.combine(datetime.strptime(query_object.create_time_start, '%Y-%m-%d'), time(00, 00, 00)),
                         datetime.combine(datetime.strptime(query_object.create_time_end, '%Y-%m-%d'), time(23, 59, 59)))
-                    if query_object.create_time_start and query_object.create_time_end else True
+                    if query_object.create_time_start and query_object.create_time_end else True,
+                    eval(data_scope_sql)
                     ) \
             .outerjoin(SysDept, and_(SysUser.dept_id == SysDept.dept_id, SysDept.status == 0, SysDept.del_flag == 0)) \
             .distinct().all()

dash-fastapi-backend/module_admin/entity/vo/role_vo.py

@@ -1,6 +1,7 @@
 from pydantic import BaseModel
 from typing import Union, Optional, List
 from module_admin.entity.vo.user_vo import RoleModel
+from module_admin.entity.vo.dept_vo import DeptModel
 from module_admin.entity.vo.menu_vo import MenuModel
 
 
@@ -15,6 +16,17 @@ class Config:
         orm_mode = True
 
 
+class RoleDeptModel(BaseModel):
+    """
+    角色和部门关联表对应pydantic模型
+    """
+    role_id: Optional[int]
+    dept_id: Optional[int]
+
+    class Config:
+        orm_mode = True
+
+
 class RoleQueryModel(RoleModel):
     """
     角色管理不分页查询模型
@@ -65,6 +77,13 @@ class AddRoleModel(RoleModel):
     type: Optional[str]
 
 
+class RoleDataScopeModel(RoleModel):
+    """
+    角色数据权限模型
+    """
+    dept_id: Optional[str]
+
+
 class DeleteRoleModel(BaseModel):
     """
     删除角色模型
@@ -80,3 +99,4 @@ class RoleDetailModel(BaseModel):
     """
     role: Union[RoleModel, None]
     menu: List[Union[MenuModel, None]]
+    dept: List[Union[DeptModel, None]]

dash-fastapi-backend/module_admin/service/role_service.py

@@ -100,6 +100,42 @@ def edit_role_services(cls, result_db: Session, page_object: AddRoleModel):
 
         return CrudRoleResponse(**result)
 
+    @classmethod
+    def role_datascope_services(cls, result_db: Session, page_object: RoleDataScopeModel):
+        """
+        分配角色数据权限service
+        :param result_db: orm对象
+        :param page_object: 角色数据权限对象
+        :return: 分配角色数据权限结果
+        """
+        edit_role = page_object.dict(exclude_unset=True)
+        del edit_role['dept_id']
+        role_info = cls.detail_role_services(result_db, edit_role.get('role_id'))
+        if role_info:
+            if role_info.role.role_name != page_object.role_name:
+                role = RoleDao.get_role_by_info(result_db, RoleModel(**dict(role_name=page_object.role_name)))
+                if role:
+                    result = dict(is_success=False, message='角色名称已存在')
+                    return CrudRoleResponse(**result)
+            try:
+                RoleDao.edit_role_dao(result_db, edit_role)
+                role_id_dict = dict(role_id=page_object.role_id)
+                RoleDao.delete_role_dept_dao(result_db, RoleDeptModel(**role_id_dict))
+                if page_object.dept_id and page_object.data_scope == '2':
+                    dept_id_list = page_object.dept_id.split(',')
+                    for dept in dept_id_list:
+                        dept_dict = dict(role_id=page_object.role_id, dept_id=dept)
+                        RoleDao.add_role_dept_dao(result_db, RoleDeptModel(**dept_dict))
+                result_db.commit()
+                result = dict(is_success=True, message='分配成功')
+            except Exception as e:
+                result_db.rollback()
+                result = dict(is_success=False, message=str(e))
+        else:
+            result = dict(is_success=False, message='角色不存在')
+
+        return CrudRoleResponse(**result)
+
     @classmethod
     def delete_role_services(cls, result_db: Session, page_object: DeleteRoleModel):
         """

dash-fastapi-backend/module_admin/service/user_service.py

@@ -10,14 +10,15 @@ class UserService:
     """
 
     @classmethod
-    def get_user_list_services(cls, result_db: Session, query_object: UserQueryModel):
+    def get_user_list_services(cls, result_db: Session, query_object: UserQueryModel, data_scope_sql: str):
         """
         获取用户列表信息service
         :param result_db: orm对象
         :param query_object: 查询参数对象
+        :param data_scope_sql: 数据权限对应的查询sql语句
         :return: 用户列表信息对象
         """
-        user_list_result = UserDao.get_user_list(result_db, query_object)
+        user_list_result = UserDao.get_user_list(result_db, query_object, data_scope_sql)
 
         return user_list_result
 

dash-fastapi-frontend/api/role.py

@@ -21,6 +21,11 @@ def edit_role_api(page_obj: dict):
     return api_request(method='patch', url='/system/role/edit', is_headers=True, json=page_obj)
 
 
+def role_datascope_api(page_obj: dict):
+
+    return api_request(method='patch', url='/system/role/dataScope', is_headers=True, json=page_obj)
+
+
 def delete_role_api(page_obj: dict):
 
     return api_request(method='post', url='/system/role/delete', is_headers=True, json=page_obj)