mirror of
https://github.com/DrizzleTime/Foxel.git
synced 2026-05-14 20:08:38 +08:00
108 lines
3.4 KiB
Python
108 lines
3.4 KiB
Python
from pydantic import BaseModel
|
|
from datetime import datetime
|
|
|
|
|
|
# 权限操作类型
|
|
class PathAction:
|
|
READ = "read"
|
|
WRITE = "write"
|
|
DELETE = "delete"
|
|
SHARE = "share"
|
|
|
|
|
|
# 系统权限代码
|
|
class SystemPermission:
|
|
USER_CREATE = "system.user.create"
|
|
USER_EDIT = "system.user.edit"
|
|
USER_DELETE = "system.user.delete"
|
|
USER_LIST = "system.user.list"
|
|
ROLE_MANAGE = "system.role.manage"
|
|
CONFIG_EDIT = "system.config.edit"
|
|
AUDIT_VIEW = "system.audit.view"
|
|
|
|
|
|
# 适配器权限代码
|
|
class AdapterPermission:
|
|
CREATE = "adapter.create"
|
|
EDIT = "adapter.edit"
|
|
DELETE = "adapter.delete"
|
|
LIST = "adapter.list"
|
|
|
|
|
|
# 所有权限定义
|
|
PERMISSION_DEFINITIONS = [
|
|
# 系统权限
|
|
{"code": SystemPermission.USER_CREATE, "name": "创建用户", "category": "system", "description": "允许创建新用户"},
|
|
{"code": SystemPermission.USER_EDIT, "name": "编辑用户", "category": "system", "description": "允许编辑用户信息"},
|
|
{"code": SystemPermission.USER_DELETE, "name": "删除用户", "category": "system", "description": "允许删除用户"},
|
|
{"code": SystemPermission.USER_LIST, "name": "查看用户列表", "category": "system", "description": "允许查看用户列表"},
|
|
{"code": SystemPermission.ROLE_MANAGE, "name": "管理角色和权限", "category": "system", "description": "允许管理角色和权限配置"},
|
|
{"code": SystemPermission.CONFIG_EDIT, "name": "修改系统配置", "category": "system", "description": "允许修改系统配置"},
|
|
{"code": SystemPermission.AUDIT_VIEW, "name": "查看审计日志", "category": "system", "description": "允许查看审计日志"},
|
|
# 适配器权限
|
|
{"code": AdapterPermission.CREATE, "name": "创建存储适配器", "category": "adapter", "description": "允许创建存储适配器"},
|
|
{"code": AdapterPermission.EDIT, "name": "编辑存储适配器", "category": "adapter", "description": "允许编辑存储适配器"},
|
|
{"code": AdapterPermission.DELETE, "name": "删除存储适配器", "category": "adapter", "description": "允许删除存储适配器"},
|
|
{"code": AdapterPermission.LIST, "name": "查看存储适配器列表", "category": "adapter", "description": "允许查看存储适配器列表"},
|
|
]
|
|
|
|
|
|
# Pydantic 模型
|
|
class PermissionInfo(BaseModel):
|
|
code: str
|
|
name: str
|
|
category: str
|
|
description: str | None = None
|
|
|
|
|
|
class PathRuleInfo(BaseModel):
|
|
id: int
|
|
role_id: int
|
|
path_pattern: str
|
|
is_regex: bool
|
|
can_read: bool
|
|
can_write: bool
|
|
can_delete: bool
|
|
can_share: bool
|
|
priority: int
|
|
created_at: datetime
|
|
|
|
|
|
class PathRuleCreate(BaseModel):
|
|
path_pattern: str
|
|
is_regex: bool = False
|
|
can_read: bool = True
|
|
can_write: bool = False
|
|
can_delete: bool = False
|
|
can_share: bool = False
|
|
priority: int = 0
|
|
|
|
|
|
class PathRuleUpdate(BaseModel):
|
|
path_pattern: str | None = None
|
|
is_regex: bool | None = None
|
|
can_read: bool | None = None
|
|
can_write: bool | None = None
|
|
can_delete: bool | None = None
|
|
can_share: bool | None = None
|
|
priority: int | None = None
|
|
|
|
|
|
class PathPermissionCheck(BaseModel):
|
|
path: str
|
|
action: str
|
|
|
|
|
|
class PathPermissionResult(BaseModel):
|
|
path: str
|
|
action: str
|
|
allowed: bool
|
|
matched_rule: PathRuleInfo | None = None
|
|
|
|
|
|
class UserPermissions(BaseModel):
|
|
user_id: int
|
|
is_admin: bool
|
|
permissions: list[str] # 系统/适配器权限代码列表
|
|
path_rules: list[PathRuleInfo] # 路径权限规则
|