TanWenyan/leaudit-platform-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add tenant-scoped rule and permission management

Browse Source
This commit is contained in:
wren
2026-05-21 22:03:08 +08:00
parent a2c2bf1969
commit 1f1bccf3b3
193 changed files with 64463 additions and 1771 deletions
Download Patch File Download Diff File Expand all files Collapse all files
fastapi_modules/fastapi_leaudit/controllers/evaluationPointGroupController.py
+21 -16
View File
@@ -41,7 +41,7 @@ class EvaluationPointGroupController(BaseController):
):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:list:read", "rules:list:read"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有评查点分组查看权限", "data": None})
data = await self.GroupService.ListGroups(name, code, is_enabled, pid, page, page_size)
data = await self.GroupService.ListGroups(name, code, is_enabled, pid, page, page_size, int(payload["user_id"]))
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.get("/all")
@@ -52,7 +52,7 @@ class EvaluationPointGroupController(BaseController):
):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:list:read", "rules:list:read"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有评查点分组查看权限", "data": None})
data = await self.GroupService.ListAllGroups(include_disabled, with_rule_count)
data = await self.GroupService.ListAllGroups(include_disabled, with_rule_count, int(payload["user_id"]))
return JSONResponse(status_code=200, content=[item.model_dump() for item in data])
@self.router.get("/by-document-types")
@@ -65,14 +65,19 @@ class EvaluationPointGroupController(BaseController):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:list:read", "rules:list:read"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有评查点分组查看权限", "data": None})
document_type_id_list = [int(item.strip()) for item in document_type_ids.split(",") if item.strip().isdigit()]
data = await self.GroupService.ListGroupsByDocumentTypes(document_type_id_list, include_disabled, with_rule_count)
data = await self.GroupService.ListGroupsByDocumentTypes(
document_type_id_list,
include_disabled,
with_rule_count,
int(payload["user_id"]),
)
return JSONResponse(status_code=200, content=[item.model_dump() for item in data])
@self.router.post("")
async def CreateEvaluationPointGroup(body: EvaluationPointGroupCreateDTO, payload: dict = Depends(verify_access_token)):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:create:write"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有创建评查点分组权限", "data": None})
data = await self.GroupService.CreateGroup(body)
data = await self.GroupService.CreateGroup(body, int(payload["user_id"]))
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.patch("/batch/status")
@@ -82,7 +87,7 @@ class EvaluationPointGroupController(BaseController):
):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:batch:write", "evaluation_group:update:write"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有批量更新评查点分组权限", "data": None})
data = await self.GroupService.BatchUpdateStatus(body)
data = await self.GroupService.BatchUpdateStatus(body, int(payload["user_id"]))
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.delete("/batch")
@@ -92,7 +97,7 @@ class EvaluationPointGroupController(BaseController):
):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:batch:write", "evaluation_group:delete:delete"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有批量删除评查点分组权限", "data": None})
data = await self.GroupService.BatchDelete(body)
data = await self.GroupService.BatchDelete(body, int(payload["user_id"]))
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.get("/{GroupId}")
@@ -103,21 +108,21 @@ class EvaluationPointGroupController(BaseController):
):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:list:read", "rules:list:read"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有评查点分组查看权限", "data": None})
data = await self.GroupService.GetGroup(GroupId, with_rule_count)
data = await self.GroupService.GetGroup(GroupId, with_rule_count, int(payload["user_id"]))
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.put("/{GroupId}")
async def UpdateEvaluationPointGroup(GroupId: int, body: EvaluationPointGroupUpdateDTO, payload: dict = Depends(verify_access_token)):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:batch:write", "evaluation_group:update:write"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有更新评查点分组权限", "data": None})
data = await self.GroupService.UpdateGroup(GroupId, body)
data = await self.GroupService.UpdateGroup(GroupId, body, int(payload["user_id"]))
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.delete("/{GroupId}")
async def DeleteEvaluationPointGroup(GroupId: int, payload: dict = Depends(verify_access_token)):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:batch:write", "evaluation_group:delete:delete"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有删除评查点分组权限", "data": None})
data = await self.GroupService.DeleteGroup(GroupId)
data = await self.GroupService.DeleteGroup(GroupId, int(payload["user_id"]))
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.get("/{GroupId}/children")
@@ -130,42 +135,42 @@ class EvaluationPointGroupController(BaseController):
):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:list:read", "rules:list:read"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有评查点分组查看权限", "data": None})
data = await self.GroupService.GetChildren(GroupId, is_enabled, page, page_size)
data = await self.GroupService.GetChildren(GroupId, is_enabled, page, page_size, int(payload["user_id"]))
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.put("/{GroupId}/rebind")
async def RebindEvaluationPointGroup(GroupId: int, body: EvaluationPointGroupRebindDTO, payload: dict = Depends(verify_access_token)):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:update:write"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有换绑评查点分组权限", "data": None})
data = await self.GroupService.RebindGroup(GroupId, body)
data = await self.GroupService.RebindGroup(GroupId, body, int(payload["user_id"]))
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.post("/{GroupId}/bindings")
async def CreateEvaluationPointGroupBinding(GroupId: int, body: EvaluationPointGroupBindingCreateDTO, payload: dict = Depends(verify_access_token)):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:update:write"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有绑定规则集权限", "data": None})
data = await self.GroupService.CreateBinding(GroupId, body)
data = await self.GroupService.CreateBinding(GroupId, body, int(payload["user_id"]))
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.put("/bindings/{BindingId}")
async def UpdateEvaluationPointGroupBinding(BindingId: int, body: EvaluationPointGroupBindingUpdateDTO, payload: dict = Depends(verify_access_token)):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:update:write"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有更新规则集绑定权限", "data": None})
data = await self.GroupService.UpdateBinding(BindingId, body)
data = await self.GroupService.UpdateBinding(BindingId, body, int(payload["user_id"]))
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.delete("/bindings/{BindingId}")
async def DeleteEvaluationPointGroupBinding(BindingId: int, payload: dict = Depends(verify_access_token)):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:update:write"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有删除规则集绑定权限", "data": None})
await self.GroupService.DeleteBinding(BindingId)
await self.GroupService.DeleteBinding(BindingId, int(payload["user_id"]))
return JSONResponse(status_code=200, content={"success": True})
@self.router.get("/{GroupId}/rule-template")
async def GetEvaluationPointGroupRuleTemplate(GroupId: int, payload: dict = Depends(verify_access_token)):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:list:read", "rules:list:read"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有查看规则模板权限", "data": None})
data = await self.GroupService.GetRuleTemplate(GroupId)
data = await self.GroupService.GetRuleTemplate(GroupId, int(payload["user_id"]))
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.post("/{GroupId}/rule-drafts")
@@ -177,7 +182,7 @@ class EvaluationPointGroupController(BaseController):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:update:write", "rules:create:write"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有保存规则草稿权限", "data": None})
effective_body = body.model_copy(update={"editor_user_id": body.editor_user_id or int(payload["user_id"])})
data = await self.GroupService.CreateRuleDraft(GroupId, effective_body)
data = await self.GroupService.CreateRuleDraft(GroupId, effective_body, int(payload["user_id"]))
return JSONResponse(status_code=200, content=data.model_dump())
async def _check_permission(self, user_id: int, permission_keys: list[str]) -> bool: