fix(rules): require evaluation point list read permission for rule packs

fastapi_modules/fastapi_leaudit/controllers/ruleConfigController.py

@@ -17,6 +17,9 @@ from fastapi_modules.fastapi_leaudit.services.ruleConfigService import IRuleConf
 class RuleConfigController(BaseController):
     """规则配置页聚合控制器。"""
 
+    _LIST_PERMISSION = "evaluation_point:list:read"
+    _CONTENT_PERMISSIONS = ["rules:content:read"]
+
     def __init__(self):
         super().__init__(prefix="/v3/rule-config-packs", tags=["规则配置"])
         self.RuleConfigService: IRuleConfigService = GetRuleConfigServiceSingleton()
@@ -28,8 +31,8 @@ class RuleConfigController(BaseController):
             payload: dict[str, Any] = Depends(verify_access_token),
         ):
             """列出规则配置页 pack。"""
-            if not await self._check_permission(int(payload["user_id"])):
-                return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有规则配置查看权限", "data": None})
+            if not await self._check_permission(int(payload["user_id"]), [self._LIST_PERMISSION]):
+                return JSONResponse(status_code=403, content={"code": 403, "msg": "当前账号没有评查点列表读取权限", "data": None})
             current_user_id = int(payload["user_id"])
             data = await (
                 self.RuleConfigService.ListPackSummaries(CurrentUserId=current_user_id)
@@ -41,13 +44,13 @@ class RuleConfigController(BaseController):
         @self.router.get("/{PackId}")
         async def GetRuleConfigPack(PackId: int, payload: dict[str, Any] = Depends(verify_access_token)):
             """获取单个规则配置 pack。"""
-            if not await self._check_permission(int(payload["user_id"])):
+            if not await self._check_permission(int(payload["user_id"]), self._CONTENT_PERMISSIONS):
                 return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有规则配置查看权限", "data": None})
             data = await self.RuleConfigService.GetPack(PackId, CurrentUserId=int(payload["user_id"]))
             return JSONResponse(status_code=200, content={"code": 200, "message": "success", "data": data.model_dump()})
 
-    async def _check_permission(self, user_id: int) -> bool:
+    async def _check_permission(self, user_id: int, permission_keys: list[str]) -> bool:
         return await self.PermissionService.HasAnyPermission(
             user_id,
-            ["rules:list:read", "rules:content:read", "evaluation_group:list:read"],
+            permission_keys,
         )