feat: update audit platform workspace

fastapi_modules/fastapi_leaudit/services/impl/rbacAdminServiceImpl.py

@@ -135,6 +135,41 @@ class RbacAdminServiceImpl(IRbacAdminService):
             "is_cache": True,
             "meta": {"group": "cross-review"},
         },
+        {
+            "route_path": "/govdoc",
+            "route_name": "govdoc",
+            "component": "govdoc",
+            "route_title": "内部公文处理",
+            "icon": "ri-file-paper-2-line",
+            "sort_order": 65,
+            "is_hidden": False,
+            "is_cache": True,
+            "meta": {"group": "govdoc"},
+        },
+        {
+            "route_path": "/govdoc/audits",
+            "route_name": "govdoc-audits",
+            "component": "govdoc.audits",
+            "route_title": "公文列表",
+            "icon": "ri-file-list-3-line",
+            "sort_order": 1,
+            "parent_path": "/govdoc",
+            "is_hidden": False,
+            "is_cache": True,
+            "meta": {"group": "govdoc"},
+        },
+        {
+            "route_path": "/govdoc/upload",
+            "route_name": "govdoc-upload",
+            "component": "govdoc.upload",
+            "route_title": "公文上传",
+            "icon": "ri-upload-cloud-line",
+            "sort_order": 2,
+            "parent_path": "/govdoc",
+            "is_hidden": False,
+            "is_cache": True,
+            "meta": {"group": "govdoc"},
+        },
         {
             "route_path": "/contract-template",
             "route_name": "contract-template",
@@ -183,9 +218,9 @@ class RbacAdminServiceImpl(IRbacAdminService):
             "meta": {"group": "cross-review"},
         },
         {
-            "route_path": "/cross-checking/result",
-            "route_name": "cross-checking-result",
-            "component": "cross-checking.result",
+            "route_path": "/cross-checking/list",
+            "route_name": "cross-checking-list",
+            "component": "cross-checking.list",
             "route_title": "评查任务列表",
             "icon": "ri-file-list-3-line",
             "sort_order": 2,
@@ -194,6 +229,18 @@ class RbacAdminServiceImpl(IRbacAdminService):
             "is_cache": True,
             "meta": {"group": "cross-review"},
         },
+        {
+            "route_path": "/cross-checking/result",
+            "route_name": "cross-checking-result",
+            "component": "cross-checking.result",
+            "route_title": "评查结果详情",
+            "icon": "ri-file-search-line",
+            "sort_order": 3,
+            "parent_path": "/cross-checking",
+            "is_hidden": True,
+            "is_cache": True,
+            "meta": {"group": "cross-review"},
+        },
         {
             "route_path": "/rules",
             "route_name": "rule-management",
@@ -294,6 +341,16 @@ class RbacAdminServiceImpl(IRbacAdminService):
         {"permission_key": "rbac:tenants:create", "display_name": "创建租户", "module": "rbac", "resource": "tenants", "action": "create", "api_method": "POST", "api_path": "/api/v3/tenants", "route_path": "/tenants"},
         {"permission_key": "rbac:tenants:update", "display_name": "更新租户", "module": "rbac", "resource": "tenants", "action": "update", "api_method": "PUT", "api_path": "/api/v3/tenants/{tenant_code}", "route_path": "/tenants"},
         {"permission_key": "rbac:tenants:status", "display_name": "启停租户", "module": "rbac", "resource": "tenants", "action": "status", "api_method": "PATCH", "api_path": "/api/v3/tenants/{tenant_code}/status", "route_path": "/tenants"},
+        {"permission_key": "govdoc:module:read", "display_name": "查看内部公文处理模块", "module": "govdoc", "resource": "module", "action": "read", "api_method": "GET", "api_path": "/api/govdoc", "route_path": "/govdoc"},
+        {"permission_key": "govdoc:document:create", "display_name": "上传公文", "module": "govdoc", "resource": "document", "action": "create", "api_method": "POST", "api_path": "/api/govdoc/documents", "route_path": "/govdoc/upload"},
+        {"permission_key": "govdoc:document:read", "display_name": "查看公文列表与详情", "module": "govdoc", "resource": "document", "action": "read", "api_method": "GET", "api_path": "/api/govdoc/documents", "route_path": "/govdoc/audits"},
+        {"permission_key": "govdoc:document:update", "display_name": "编辑公文", "module": "govdoc", "resource": "document", "action": "update", "api_method": "PATCH", "api_path": "/api/govdoc/documents/{document_id}", "route_path": "/govdoc/audits"},
+        {"permission_key": "govdoc:document:delete", "display_name": "删除公文", "module": "govdoc", "resource": "document", "action": "delete", "api_method": "DELETE", "api_path": "/api/govdoc/documents/{document_id}", "route_path": "/govdoc/audits"},
+        {"permission_key": "govdoc:run:create", "display_name": "发起公文格式审查", "module": "govdoc", "resource": "run", "action": "create", "api_method": "POST", "api_path": "/api/govdoc/runs", "route_path": "/govdoc/audits"},
+        {"permission_key": "govdoc:run:read", "display_name": "查看公文审查状态", "module": "govdoc", "resource": "run", "action": "read", "api_method": "GET", "api_path": "/api/govdoc/runs/{run_id}", "route_path": "/govdoc/audits"},
+        {"permission_key": "govdoc:report:read", "display_name": "下载公文审查报告", "module": "govdoc", "resource": "report", "action": "read", "api_method": "GET", "api_path": "/api/govdoc/runs/{run_id}/report", "route_path": "/govdoc/audits"},
+        {"permission_key": "govdoc:result:read", "display_name": "查看公文审查结果", "module": "govdoc", "resource": "result", "action": "read", "api_method": "GET", "api_path": "/api/govdoc/runs/{run_id}/result", "route_path": "/govdoc/audits"},
+        {"permission_key": "govdoc:rule:read", "display_name": "查看公文规则", "module": "govdoc", "resource": "rule", "action": "read", "api_method": "GET", "api_path": "/api/govdoc/rules", "route_path": "/rules"},
         {"permission_key": "usage_stats:overview:read", "display_name": "查看统计总览", "module": "usage_stats", "resource": "overview", "action": "read", "api_method": "GET", "api_path": "/api/v3/usage-stats/overview", "route_path": "/usage-stats"},
         {"permission_key": "usage_stats:trends:read", "display_name": "查看统计趋势", "module": "usage_stats", "resource": "trends", "action": "read", "api_method": "GET", "api_path": "/api/v3/usage-stats/trends", "route_path": "/usage-stats"},
         {"permission_key": "usage_stats:users:read", "display_name": "查看用户统计", "module": "usage_stats", "resource": "users", "action": "read", "api_method": "GET", "api_path": "/api/v3/usage-stats/by-users", "route_path": "/usage-stats"},
@@ -323,14 +380,9 @@ class RbacAdminServiceImpl(IRbacAdminService):
         {"permission_key": "rules:binding_create:write", "display_name": "创建规则绑定", "module": "rules", "resource": "binding_create", "action": "write", "api_method": "POST", "api_path": "/api/rule-sets/{rule_type}/bindings", "route_path": "/rules"},
         {"permission_key": "rules:binding_update:write", "display_name": "更新规则绑定", "module": "rules", "resource": "binding_update", "action": "write", "api_method": "PUT", "api_path": "/api/rule-sets/bindings/{binding_id}", "route_path": "/rules"},
         {"permission_key": "rules:binding_delete:delete", "display_name": "删除规则绑定", "module": "rules", "resource": "binding_delete", "action": "delete", "api_method": "DELETE", "api_path": "/api/rule-sets/bindings/{binding_id}", "route_path": "/rules"},
-        {"permission_key": "evaluation_point:list:read", "display_name": "评查点列表", "module": "evaluation_point", "resource": "list", "action": "read", "api_method": "GET", "api_path": "/api/v3/evaluation-points", "route_path": "/rules"},
-        {"permission_key": "evaluation_point:detail:read", "display_name": "评查点详情", "module": "evaluation_point", "resource": "detail", "action": "read", "api_method": "GET", "api_path": "/api/v3/evaluation-points/{id}", "route_path": "/rules"},
-        {"permission_key": "evaluation_point:create:write", "display_name": "创建评查点", "module": "evaluation_point", "resource": "create", "action": "write", "api_method": "POST", "api_path": "/api/v3/evaluation-points", "route_path": "/rules"},
-        {"permission_key": "evaluation_point:update:write", "display_name": "更新评查点", "module": "evaluation_point", "resource": "update", "action": "write", "api_method": "PUT", "api_path": "/api/v3/evaluation-points/{id}", "route_path": "/rules"},
-        {"permission_key": "evaluation_point:delete:delete", "display_name": "删除评查点", "module": "evaluation_point", "resource": "delete", "action": "delete", "api_method": "DELETE", "api_path": "/api/v3/evaluation-points/{id}", "route_path": "/rules"},
         {"permission_key": "cross_review:task:create", "display_name": "创建交叉评查任务", "module": "cross_review", "resource": "task", "action": "create", "api_method": "POST", "api_path": "/api/v3/cross-review/tasks", "route_path": "/cross-checking/upload"},
-        {"permission_key": "cross_review:task:read", "display_name": "查看交叉评查任务", "module": "cross_review", "resource": "task", "action": "read", "api_method": "POST", "api_path": "/api/v3/cross-review/tasks/query", "route_path": "/cross-checking"},
-        {"permission_key": "cross_review:progress:view", "display_name": "查看交叉评查任务进度", "module": "cross_review", "resource": "progress", "action": "view", "api_method": "GET", "api_path": "/api/v3/cross-review/tasks/{task_id}/progress", "route_path": "/cross-checking"},
+        {"permission_key": "cross_review:task:read", "display_name": "查看交叉评查任务", "module": "cross_review", "resource": "task", "action": "read", "api_method": "POST", "api_path": "/api/v3/cross-review/tasks/query", "route_path": "/cross-checking/list"},
+        {"permission_key": "cross_review:progress:view", "display_name": "查看交叉评查任务进度", "module": "cross_review", "resource": "progress", "action": "view", "api_method": "GET", "api_path": "/api/v3/cross-review/tasks/{task_id}/progress", "route_path": "/cross-checking/list"},
         {"permission_key": "cross_review:document:read", "display_name": "查看交叉评查任务文档", "module": "cross_review", "resource": "document", "action": "read", "api_method": "GET", "api_path": "/api/v3/cross-review/tasks/{task_id}/documents", "route_path": "/cross-checking/result"},
         {"permission_key": "cross_review:document:complete", "display_name": "确认交叉评查文档完成", "module": "cross_review", "resource": "document", "action": "complete", "api_method": "GET", "api_path": "/api/v3/cross-review/tasks/{task_id}/can-confirm", "route_path": "/cross-checking/result"},
         {"permission_key": "cross_review:proposal:create", "display_name": "创建交叉评查提案", "module": "cross_review", "resource": "proposal", "action": "create", "api_method": "POST", "api_path": "/api/v3/cross-review/proposals", "route_path": "/cross-checking/result"},
@@ -357,12 +409,14 @@ class RbacAdminServiceImpl(IRbacAdminService):
         {"permission_key": "rag:dataset:create", "display_name": "创建知识库", "module": "rag", "resource": "dataset", "action": "create", "api_method": "POST", "api_path": "/api/v3/rag/datasets/admin", "route_path": "/chat-with-llm"},
         {"permission_key": "rag:dataset:update", "display_name": "更新知识库与文档", "module": "rag", "resource": "dataset", "action": "update", "api_method": "PATCH", "api_path": "/api/v3/rag/datasets/{DatasetId}", "route_path": "/chat-with-llm"},
         {"permission_key": "rag:dataset:delete", "display_name": "删除知识库与文档", "module": "rag", "resource": "dataset", "action": "delete", "api_method": "DELETE", "api_path": "/api/v3/rag/datasets/admin/{DatasetId}", "route_path": "/chat-with-llm"},
+        {"permission_key": "qichacha:company:query", "display_name": "查询企业主体信息", "module": "qichacha", "resource": "company", "action": "query", "api_method": "POST", "api_path": "/api/v2/qichacha/company", "route_path": "/documents"},
+        {"permission_key": "qichacha:status:read", "display_name": "查看企业主体缓存状态", "module": "qichacha", "resource": "status", "action": "read", "api_method": "GET", "api_path": "/api/v2/qichacha/status", "route_path": "/documents"},
     ]
 
     _CORE_ROLE_AUTO_GRANTS: dict[str, tuple[str, ...]] = {
-        "super_admin": ("rbac:user_tenant:update", "rbac:tenants:read", "rbac:tenants:create", "rbac:tenants:update", "rbac:tenants:status"),
-        "provincial_admin": ("rbac:user_tenant:update", "rbac:tenants:read", "rbac:tenants:create", "rbac:tenants:update", "rbac:tenants:status"),
-        "admin": ("rbac:user_tenant:update", "rbac:tenants:read", "rbac:tenants:create", "rbac:tenants:update", "rbac:tenants:status"),
+        "super_admin": ("rbac:user_tenant:update", "rbac:tenants:read", "rbac:tenants:create", "rbac:tenants:update", "rbac:tenants:status", "qichacha:company:query", "qichacha:status:read"),
+        "provincial_admin": ("rbac:user_tenant:update", "rbac:tenants:read", "rbac:tenants:create", "rbac:tenants:update", "rbac:tenants:status", "qichacha:company:query", "qichacha:status:read"),
+        "admin": ("rbac:user_tenant:update", "rbac:tenants:read", "rbac:tenants:create", "rbac:tenants:update", "rbac:tenants:status", "qichacha:company:query"),
     }
 
     async def ListRoles(self, CurrentUserId: int, Page: int, PageSize: int, RoleKey: str | None, RoleName: str | None, IncludeSystem: bool) -> RoleListVO:
@@ -1393,28 +1447,15 @@ class RbacAdminServiceImpl(IRbacAdminService):
         if context["is_super_admin"] or not permissionKeys:
             return context
 
-        async with GetAsyncSession() as Session:
-            grantedRows = (
-                await Session.execute(
-                    text(
-                        """
-                        SELECT DISTINCT p.permission_key
-                        FROM role_permissions rp
-                        JOIN permissions p ON p.id = rp.permission_id
-                        JOIN user_role ur ON ur.role_id = rp.role_id
-                        WHERE ur.user_id = :user_id
-                          AND p.permission_key = ANY(:permission_keys)
-                          AND rp.grant_type = 'GRANT'
-                        """
-                    ).bindparams(permission_keys=permissionKeys),
-                    {"user_id": CurrentUserId},
-                )
-            ).mappings().all()
-            granted = {str(row["permission_key"] or "") for row in grantedRows}
-            missing = [key for key in permissionKeys if key not in granted]
-            if not missing:
-                return context
+        deniedKeys = []
+        permissionService = PermissionServiceImpl()
+        for permissionKey in permissionKeys:
+            if not await permissionService.CheckPermission(CurrentUserId, permissionKey):
+                deniedKeys.append(permissionKey)
+        if not deniedKeys:
+            return context
 
+        async with GetAsyncSession() as Session:
             displayRows = (
                 await Session.execute(
                     text(
@@ -1423,11 +1464,11 @@ class RbacAdminServiceImpl(IRbacAdminService):
                         FROM permissions
                         WHERE permission_key = ANY(:permission_keys)
                         """
-                    ).bindparams(permission_keys=missing)
+                    ).bindparams(permission_keys=deniedKeys)
                 )
             ).mappings().all()
             displayByKey = {str(row["permission_key"] or ""): str(row["display_name"] or "") for row in displayRows}
-            displayName = displayByKey.get(missing[0]) or missing[0]
+            displayName = displayByKey.get(deniedKeys[0]) or deniedKeys[0]
             raise LeauditException(StatusCodeEnum.HTTP_403_FORBIDDEN, f"缺少「{displayName}」权限")
 
     async def _assertManageAndPermission(self, CurrentUserId: int, PermissionKey: str) -> dict[str, Any]: