fix(rules): require evaluation point list read permission for rule packs

fastapi_modules/fastapi_leaudit/controllers/ruleConfigController.py

@@ -17,6 +17,9 @@ from fastapi_modules.fastapi_leaudit.services.ruleConfigService import IRuleConf
 class RuleConfigController(BaseController):
     """规则配置页聚合控制器。"""
 
+    _LIST_PERMISSION = "evaluation_point:list:read"
+    _CONTENT_PERMISSIONS = ["rules:content:read"]
+
     def __init__(self):
         super().__init__(prefix="/v3/rule-config-packs", tags=["规则配置"])
         self.RuleConfigService: IRuleConfigService = GetRuleConfigServiceSingleton()
@@ -28,8 +31,8 @@ class RuleConfigController(BaseController):
             payload: dict[str, Any] = Depends(verify_access_token),
         ):
             """列出规则配置页 pack。"""
-            if not await self._check_permission(int(payload["user_id"])):
-                return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有规则配置查看权限", "data": None})
+            if not await self._check_permission(int(payload["user_id"]), [self._LIST_PERMISSION]):
+                return JSONResponse(status_code=403, content={"code": 403, "msg": "当前账号没有评查点列表读取权限", "data": None})
             current_user_id = int(payload["user_id"])
             data = await (
                 self.RuleConfigService.ListPackSummaries(CurrentUserId=current_user_id)
@@ -41,13 +44,13 @@ class RuleConfigController(BaseController):
         @self.router.get("/{PackId}")
         async def GetRuleConfigPack(PackId: int, payload: dict[str, Any] = Depends(verify_access_token)):
             """获取单个规则配置 pack。"""
-            if not await self._check_permission(int(payload["user_id"])):
+            if not await self._check_permission(int(payload["user_id"]), self._CONTENT_PERMISSIONS):
                 return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有规则配置查看权限", "data": None})
             data = await self.RuleConfigService.GetPack(PackId, CurrentUserId=int(payload["user_id"]))
             return JSONResponse(status_code=200, content={"code": 200, "message": "success", "data": data.model_dump()})
 
-    async def _check_permission(self, user_id: int) -> bool:
+    async def _check_permission(self, user_id: int, permission_keys: list[str]) -> bool:
         return await self.PermissionService.HasAnyPermission(
             user_id,
-            ["rules:list:read", "rules:content:read", "evaluation_group:list:read"],
+            permission_keys,
         )

fastapi_modules/fastapi_leaudit/services/impl/rbacAdminServiceImpl.py

@@ -363,6 +363,7 @@ class RbacAdminServiceImpl(IRbacAdminService):
         {"permission_key": "contract_template:create:write", "display_name": "上传合同模板", "module": "contract_template", "resource": "create", "action": "write", "api_method": "POST", "api_path": "/api/v3/contract-templates", "route_path": "/contract-template/list"},
         {"permission_key": "contract_template:update:write", "display_name": "更新合同模板", "module": "contract_template", "resource": "update", "action": "write", "api_method": "PUT", "api_path": "/api/v3/contract-templates/{id}", "route_path": "/contract-template/list"},
         {"permission_key": "contract_template:delete:delete", "display_name": "删除合同模板", "module": "contract_template", "resource": "delete", "action": "delete", "api_method": "DELETE", "api_path": "/api/v3/contract-templates/{id}", "route_path": "/contract-template/list"},
+        {"permission_key": "evaluation_point:list:read", "display_name": "评查点列表", "module": "evaluation_point", "resource": "list", "action": "read", "api_method": "GET", "api_path": "/api/v3/rule-config-packs", "route_path": "/rules"},
         {"permission_key": "evaluation_group:list:read", "display_name": "评查点分组列表", "module": "evaluation_group", "resource": "list", "action": "read", "api_method": "GET", "api_path": "/api/v3/evaluation-point-groups", "route_path": "/rules"},
         {"permission_key": "evaluation_group:create:write", "display_name": "创建评查点分组", "module": "evaluation_group", "resource": "create", "action": "write", "api_method": "POST", "api_path": "/api/v3/evaluation-point-groups", "route_path": "/rules"},
         {"permission_key": "evaluation_group:update:write", "display_name": "更新评查点分组与绑定", "module": "evaluation_group", "resource": "update", "action": "write", "api_method": "PUT", "api_path": "/api/v3/evaluation-point-groups/{id}", "route_path": "/rules"},