feat: add rbac-backed settings modules

fastapi_modules/fastapi_leaudit/controllers/rbacAdminController.py

@@ -0,0 +1,135 @@
+"""RBAC 管理控制器。"""
+
+from typing import Any
+
+from fastapi import Depends, Query
+from fastapi.responses import JSONResponse
+
+from fastapi_common.fastapi_common_security.security import verify_access_token
+from fastapi_common.fastapi_common_web.controller import BaseController
+
+from fastapi_modules.fastapi_leaudit.domian.Dto.rbacAdminDto import RoleCreateDTO, RolePermissionsBatchDTO, RoleRoutesUpdateDTO, RoleUpdateDTO, UserRolesAssignDTO
+from fastapi_modules.fastapi_leaudit.services.impl.rbacAdminServiceImpl import RbacAdminServiceImpl
+from fastapi_modules.fastapi_leaudit.services.rbacAdminService import IRbacAdminService
+
+
+class RbacAdminController(BaseController):
+    """RBAC 管理控制器。"""
+
+    def __init__(self):
+        super().__init__(prefix="", tags=["RBAC管理"])
+        self.RbacAdminService: IRbacAdminService = RbacAdminServiceImpl()
+
+        @self.router.get("/v3/rbac/roles")
+        async def GetRoles(
+            payload: dict[str, Any] = Depends(verify_access_token),
+            page: int = Query(1, ge=1),
+            page_size: int = Query(50, ge=1, le=200),
+            role_key: str | None = Query(None),
+            role_name: str | None = Query(None),
+            include_system: bool = Query(True),
+        ):
+            """查询角色列表。"""
+            data = await self.RbacAdminService.ListRoles(int(payload["user_id"]), page, page_size, role_key, role_name, include_system)
+            return JSONResponse(status_code=200, content={"code": 200, "message": "success", "data": data.model_dump()})
+
+        @self.router.post("/v3/rbac/roles")
+        async def CreateRole(Body: RoleCreateDTO, payload: dict[str, Any] = Depends(verify_access_token)):
+            """创建角色。"""
+            data = await self.RbacAdminService.CreateRole(int(payload["user_id"]), Body)
+            return JSONResponse(status_code=200, content={"code": 200, "message": "角色创建成功", "data": data.model_dump()})
+
+        @self.router.put("/v3/rbac/roles/{RoleId}")
+        async def UpdateRole(RoleId: int, Body: RoleUpdateDTO, payload: dict[str, Any] = Depends(verify_access_token)):
+            """更新角色。"""
+            data = await self.RbacAdminService.UpdateRole(int(payload["user_id"]), RoleId, Body)
+            return JSONResponse(status_code=200, content={"code": 200, "message": "角色更新成功", "data": data.model_dump()})
+
+        @self.router.delete("/v3/rbac/roles/{RoleId}")
+        async def DeleteRole(RoleId: int, force: bool = Query(False), payload: dict[str, Any] = Depends(verify_access_token)):
+            """删除角色。"""
+            await self.RbacAdminService.DeleteRole(int(payload["user_id"]), RoleId, force)
+            return JSONResponse(status_code=200, content={"code": 200, "message": "角色删除成功", "data": {}})
+
+        @self.router.get("/v3/rbac/users")
+        async def GetUsers(
+            payload: dict[str, Any] = Depends(verify_access_token),
+            page: int = Query(1, ge=1),
+            page_size: int = Query(50, ge=1, le=200),
+            area: str | None = Query(None),
+            nick_name: str | None = Query(None),
+        ):
+            """查询用户列表。"""
+            data = await self.RbacAdminService.ListUsers(int(payload["user_id"]), page, page_size, area, nick_name)
+            return JSONResponse(status_code=200, content={"code": 200, "message": "success", "data": data.model_dump()})
+
+        @self.router.get("/v3/rbac/roles/{RoleId}/users")
+        async def GetRoleUsers(
+            RoleId: int,
+            payload: dict[str, Any] = Depends(verify_access_token),
+            page: int = Query(1, ge=1),
+            page_size: int = Query(50, ge=1, le=200),
+            area: str | None = Query(None),
+            username: str | None = Query(None),
+        ):
+            """查询指定角色下的用户列表。"""
+            data = await self.RbacAdminService.ListRoleUsers(int(payload["user_id"]), RoleId, page, page_size, area, username)
+            return JSONResponse(status_code=200, content={"code": 200, "message": "success", "data": data.model_dump()})
+
+        @self.router.post("/v3/rbac/users/{UserId}/roles")
+        async def AssignUserRoles(UserId: int, Body: UserRolesAssignDTO, payload: dict[str, Any] = Depends(verify_access_token)):
+            """分配用户角色。"""
+            data = await self.RbacAdminService.AssignUserRoles(int(payload["user_id"]), UserId, Body.role_ids)
+            return JSONResponse(status_code=200, content={"code": 200, "message": "角色分配成功", "data": data.model_dump()})
+
+        @self.router.delete("/v3/rbac/users/{UserId}/roles/{RoleId}")
+        async def RevokeUserRole(UserId: int, RoleId: int, payload: dict[str, Any] = Depends(verify_access_token)):
+            """移除用户角色。"""
+            await self.RbacAdminService.RevokeUserRole(int(payload["user_id"]), UserId, RoleId)
+            return JSONResponse(status_code=200, content={"code": 200, "message": "角色移除成功", "data": {}})
+
+        @self.router.get("/v3/rbac/users/{UserId}/roles")
+        async def GetUserRoles(UserId: int, payload: dict[str, Any] = Depends(verify_access_token)):
+            """查询用户角色。"""
+            data = await self.RbacAdminService.GetUserRoles(int(payload["user_id"]), UserId)
+            return JSONResponse(status_code=200, content={"code": 200, "msg": "success", "data": data.model_dump()})
+
+        @self.router.get("/v3/routes")
+        async def GetAllRoutes(
+            payload: dict[str, Any] = Depends(verify_access_token),
+            format: str = Query("tree"),
+            include_hidden: bool = Query(False),
+        ):
+            """查询全部可管理路由。"""
+            data = await self.RbacAdminService.ListAllRoutes(int(payload["user_id"]), format, include_hidden)
+            return JSONResponse(status_code=200, content={"code": 200, "message": "success", "data": [item.model_dump() for item in data]})
+
+        @self.router.get("/rbac/roles/{RoleId}/routes")
+        async def GetRoleRoutes(RoleId: int, payload: dict[str, Any] = Depends(verify_access_token)):
+            """查询角色路由授权。"""
+            data = await self.RbacAdminService.GetRoleRoutes(int(payload["user_id"]), RoleId)
+            return JSONResponse(status_code=200, content={"code": 200, "msg": "success", "data": data.model_dump()})
+
+        @self.router.put("/rbac/roles/{RoleId}/routes")
+        async def UpdateRoleRoutes(RoleId: int, Body: RoleRoutesUpdateDTO, payload: dict[str, Any] = Depends(verify_access_token)):
+            """更新角色路由授权。"""
+            data = await self.RbacAdminService.UpdateRoleRoutes(int(payload["user_id"]), RoleId, Body)
+            return JSONResponse(status_code=200, content={"code": 200, "msg": "success", "data": data.model_dump()})
+
+        @self.router.get("/v3/rbac/role-permissions")
+        async def GetRolePermissions(role_id: int = Query(...), payload: dict[str, Any] = Depends(verify_access_token)):
+            """查询角色权限授权。"""
+            data = await self.RbacAdminService.GetRolePermissions(int(payload["user_id"]), role_id)
+            return JSONResponse(status_code=200, content={"code": 200, "message": "success", "data": data.model_dump()})
+
+        @self.router.post("/v3/rbac/role-permissions")
+        async def SaveRolePermissions(Body: RolePermissionsBatchDTO, payload: dict[str, Any] = Depends(verify_access_token)):
+            """保存角色权限授权。"""
+            data = await self.RbacAdminService.SaveRolePermissions(int(payload["user_id"]), Body)
+            return JSONResponse(status_code=200, content={"code": 200, "message": "权限分配成功", "data": data.model_dump()})
+
+        @self.router.get("/v3/routes/{RouteId}/permissions")
+        async def GetRoutePermissions(RouteId: int, payload: dict[str, Any] = Depends(verify_access_token)):
+            """查询路由关联权限。"""
+            data = await self.RbacAdminService.GetRoutePermissions(int(payload["user_id"]), RouteId)
+            return JSONResponse(status_code=200, content={"code": 200, "message": "success", "data": data.model_dump()})