refactor: remove Permission model and update related code to use permission codes

This commit is contained in:
shiyu
2026-02-09 11:15:01 +08:00
parent c5e4b3ef43
commit 103beb7dad
9 changed files with 35 additions and 243 deletions

View File

@@ -3,9 +3,7 @@ from fastapi import HTTPException
from models.database import (
UserAccount,
Role,
UserRole,
Permission,
RolePermission,
PathRule,
)
@@ -144,13 +142,8 @@ class PermissionService:
if not role_ids:
return False
# 检查角色是否有该权限
permission = await Permission.get_or_none(code=permission_code)
if not permission:
return False
role_permission = await RolePermission.filter(
role_id__in=role_ids, permission_id=permission.id
role_id__in=role_ids, permission_code=permission_code
).first()
return role_permission is not None
@@ -180,12 +173,12 @@ class PermissionService:
# 超级管理员拥有所有权限
if user.is_admin:
all_permissions = await Permission.all()
all_permission_codes = [item["code"] for item in PERMISSION_DEFINITIONS]
all_path_rules = await PathRule.all()
return UserPermissions(
user_id=user_id,
is_admin=True,
permissions=[p.code for p in all_permissions],
permissions=all_permission_codes,
path_rules=[
PathRuleInfo(
id=r.id,
@@ -210,10 +203,8 @@ class PermissionService:
# 获取权限
permissions = []
if role_ids:
role_permissions = await RolePermission.filter(
role_id__in=role_ids
).prefetch_related("permission")
permissions = list(set(rp.permission.code for rp in role_permissions))
role_permissions = await RolePermission.filter(role_id__in=role_ids)
permissions = sorted(set(rp.permission_code for rp in role_permissions))
# 获取路径规则
path_rules = []
@@ -245,16 +236,14 @@ class PermissionService:
@classmethod
async def get_all_permissions(cls) -> List[PermissionInfo]:
"""获取所有权限定义"""
permissions = await Permission.all()
return [
PermissionInfo(
id=p.id,
code=p.code,
name=p.name,
category=p.category,
description=p.description,
code=item["code"],
name=item["name"],
category=item["category"],
description=item.get("description"),
)
for p in permissions
for item in PERMISSION_DEFINITIONS
]
@classmethod

View File

@@ -49,7 +49,6 @@ PERMISSION_DEFINITIONS = [
# Pydantic 模型
class PermissionInfo(BaseModel):
id: int
code: str
name: str
category: str

View File

@@ -1,9 +1,9 @@
from typing import List
from fastapi import HTTPException
from models.database import Role, RolePermission, Permission, PathRule, UserRole
from models.database import Role, RolePermission, PathRule, UserRole
from domain.permission.service import PermissionService
from domain.permission.types import PathRuleCreate, PathRuleInfo
from domain.permission.types import PathRuleCreate, PathRuleInfo, PERMISSION_DEFINITIONS
from .types import RoleInfo, RoleDetail, RoleCreate, RoleUpdate, SystemRoles
@@ -33,10 +33,8 @@ class RoleService:
raise HTTPException(404, detail="角色不存在")
# 获取权限
role_permissions = await RolePermission.filter(role_id=role_id).prefetch_related(
"permission"
)
permissions = [rp.permission.code for rp in role_permissions]
role_permissions = await RolePermission.filter(role_id=role_id)
permissions = sorted(set(rp.permission_code for rp in role_permissions))
# 获取路径规则数量
path_rules_count = await PathRule.filter(role_id=role_id).count()
@@ -126,12 +124,8 @@ class RoleService:
if not role:
raise HTTPException(404, detail="角色不存在")
# 获取权限ID
permissions = await Permission.filter(code__in=permission_codes)
permission_map = {p.code: p.id for p in permissions}
# 验证所有权限代码
invalid_codes = set(permission_codes) - set(permission_map.keys())
all_permission_codes = {item["code"] for item in PERMISSION_DEFINITIONS}
invalid_codes = set(permission_codes) - all_permission_codes
if invalid_codes:
raise HTTPException(400, detail=f"无效的权限代码: {', '.join(invalid_codes)}")
@@ -142,13 +136,13 @@ class RoleService:
for code in permission_codes:
await RolePermission.create(
role_id=role_id,
permission_id=permission_map[code],
permission_code=code,
)
# 清除权限缓存
PermissionService.clear_cache()
return permission_codes
return list(permission_codes)
@classmethod
async def get_role_path_rules(cls, role_id: int) -> List[PathRuleInfo]:
@@ -292,36 +286,3 @@ class RoleService:
existing = await Role.get_or_none(name=role_data["name"])
if not existing:
await Role.create(**role_data)
@classmethod
async def setup_admin_role_permissions(cls) -> None:
"""为管理员角色设置所有权限"""
admin_role = await Role.get_or_none(name=SystemRoles.ADMIN)
if not admin_role:
return
# 获取所有权限
all_permissions = await Permission.all()
# 清除现有权限
await RolePermission.filter(role_id=admin_role.id).delete()
# 添加所有权限
for perm in all_permissions:
await RolePermission.create(role_id=admin_role.id, permission_id=perm.id)
# 添加全路径访问规则
existing_rule = await PathRule.filter(
role_id=admin_role.id, path_pattern="/**"
).first()
if not existing_rule:
await PathRule.create(
role_id=admin_role.id,
path_pattern="/**",
is_regex=False,
can_read=True,
can_write=True,
can_delete=True,
can_share=True,
priority=100,
)

View File

@@ -53,7 +53,7 @@ async def get_temp_link(
current_user: Annotated[User, Depends(get_current_active_user)],
expires_in: int = Query(3600, description="有效时间(秒), 0或负数表示永久"),
):
await PermissionService.require_path_permission(current_user.id, full_path, PathAction.SHARE)
await PermissionService.require_path_permission(current_user.id, full_path, PathAction.READ)
data = await VirtualFSService.create_temp_link(full_path, expires_in)
return success(data)