feat: add backend rule group and permission support

This commit is contained in:
wren
2026-05-06 09:40:37 +08:00
parent 7acbe0f1d9
commit 76ba7e65ed
45 changed files with 6175 additions and 110 deletions
@@ -0,0 +1,103 @@
"""评查点控制器。"""
from fastapi import Depends, Query
from fastapi.responses import JSONResponse
from fastapi_common.fastapi_common_security.security import verify_access_token
from fastapi_common.fastapi_common_web.controller import BaseController
from fastapi_modules.fastapi_leaudit.domian.Dto.evaluationPointDto import (
EvaluationPointCreateDTO,
EvaluationPointUpdateDTO,
)
from fastapi_modules.fastapi_leaudit.services.evaluationPointService import IEvaluationPointService
from fastapi_modules.fastapi_leaudit.services.impl.evaluationPointServiceImpl import EvaluationPointServiceImpl
from fastapi_modules.fastapi_leaudit.services.impl.permissionServiceImpl import PermissionServiceImpl
from fastapi_modules.fastapi_leaudit.services.permissionService import IPermissionService
class EvaluationPointController(BaseController):
"""评查点控制器。"""
_PERMISSIONS = {
"list": "evaluation_point:list:read",
"detail": "evaluation_point:detail:read",
"create": "evaluation_point:create:write",
"update": "evaluation_point:update:write",
"delete": "evaluation_point:delete:delete",
}
def __init__(self):
super().__init__(prefix="/v3/evaluation-points", tags=["评查点"])
self.PointService: IEvaluationPointService = EvaluationPointServiceImpl()
self.PermissionService: IPermissionService = PermissionServiceImpl()
@self.router.get("")
async def ListEvaluationPoints(
name: str | None = Query(None, description="名称模糊搜索"),
code: str | None = Query(None, description="编码模糊搜索"),
risk: str | None = Query(None, description="风险等级"),
is_enabled: bool | None = Query(None, description="是否启用"),
evaluation_point_groups_pid: int | None = Query(None, description="一级分组ID"),
evaluation_point_groups_id: int | None = Query(None, description="二级分组ID"),
document_attribute_type: str | None = Query(None, description="文档属性类型"),
area: str | None = Query(None, description="地区"),
page: int = Query(1, ge=1, description="页码"),
page_size: int = Query(20, ge=1, le=500, description="分页大小"),
payload: dict = Depends(verify_access_token),
):
if not await self._check_permission(int(payload["user_id"]), [self._PERMISSIONS["list"]]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有评查点查看权限", "data": None})
data = await self.PointService.ListPoints(
name,
code,
risk,
is_enabled,
evaluation_point_groups_pid,
evaluation_point_groups_id,
document_attribute_type,
area,
page,
page_size,
)
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.get("/attribute-types")
async def GetEvaluationPointAttributeTypes(payload: dict = Depends(verify_access_token)):
if not await self._check_permission(int(payload["user_id"]), [self._PERMISSIONS["list"]]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有评查点查看权限", "data": None})
data = await self.PointService.GetAttributeTypes()
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.get("/{PointId}")
async def GetEvaluationPoint(PointId: int, payload: dict = Depends(verify_access_token)):
if not await self._check_permission(int(payload["user_id"]), [self._PERMISSIONS["detail"]]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有评查点查看权限", "data": None})
data = await self.PointService.GetPoint(PointId)
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.post("")
async def CreateEvaluationPoint(body: EvaluationPointCreateDTO, payload: dict = Depends(verify_access_token)):
if not await self._check_permission(int(payload["user_id"]), [self._PERMISSIONS["create"]]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有创建评查点权限", "data": None})
data = await self.PointService.CreatePoint(body)
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.put("/{PointId}")
async def UpdateEvaluationPoint(PointId: int, body: EvaluationPointUpdateDTO, payload: dict = Depends(verify_access_token)):
if not await self._check_permission(int(payload["user_id"]), [self._PERMISSIONS["update"]]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有更新评查点权限", "data": None})
data = await self.PointService.UpdatePoint(PointId, body)
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.delete("/{PointId}")
async def DeleteEvaluationPoint(PointId: int, payload: dict = Depends(verify_access_token)):
if not await self._check_permission(int(payload["user_id"]), [self._PERMISSIONS["delete"]]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有删除评查点权限", "data": None})
data = await self.PointService.DeletePoint(PointId)
return JSONResponse(status_code=200, content=data.model_dump())
async def _check_permission(self, user_id: int, permission_keys: list[str]) -> bool:
for permission_key in permission_keys:
if await self.PermissionService.CheckPermission(user_id, permission_key):
return True
return False
@@ -0,0 +1,167 @@
"""评查点分组控制器。"""
from fastapi import Body, Depends, Query
from fastapi.responses import JSONResponse
from fastapi_common.fastapi_common_security.security import verify_access_token
from fastapi_common.fastapi_common_web.controller import BaseController
from fastapi_modules.fastapi_leaudit.domian.Dto.evaluationPointGroupDto import (
EvaluationPointGroupBatchDeleteDTO,
EvaluationPointGroupBatchStatusDTO,
EvaluationPointGroupBindingCreateDTO,
EvaluationPointGroupBindingUpdateDTO,
EvaluationPointGroupCreateDTO,
EvaluationPointGroupRebindDTO,
EvaluationPointGroupUpdateDTO,
)
from fastapi_modules.fastapi_leaudit.services.evaluationPointGroupService import IEvaluationPointGroupService
from fastapi_modules.fastapi_leaudit.services.impl.evaluationPointGroupServiceImpl import EvaluationPointGroupServiceImpl
from fastapi_modules.fastapi_leaudit.services.impl.permissionServiceImpl import PermissionServiceImpl
from fastapi_modules.fastapi_leaudit.services.permissionService import IPermissionService
class EvaluationPointGroupController(BaseController):
"""评查点分组控制器。"""
def __init__(self):
super().__init__(prefix="/v3/evaluation-point-groups", tags=["评查点分组"])
self.GroupService: IEvaluationPointGroupService = EvaluationPointGroupServiceImpl()
self.PermissionService: IPermissionService = PermissionServiceImpl()
@self.router.get("")
async def ListEvaluationPointGroups(
name: str | None = Query(None, description="分组名称模糊搜索"),
code: str | None = Query(None, description="分组编码模糊搜索"),
is_enabled: bool | None = Query(None, description="是否启用"),
pid: int | None = Query(None, description="父分组ID0 表示一级分组"),
page: int = Query(1, ge=1, description="页码"),
page_size: int = Query(20, ge=1, le=500, description="分页大小"),
payload: dict = Depends(verify_access_token),
):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:list:read", "rules:list:read"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有评查点分组查看权限", "data": None})
data = await self.GroupService.ListGroups(name, code, is_enabled, pid, page, page_size)
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.get("/all")
async def ListAllEvaluationPointGroups(
include_disabled: bool = Query(False, description="是否包含禁用分组"),
with_rule_count: bool = Query(True, description="是否返回评查点数"),
payload: dict = Depends(verify_access_token),
):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:list:read", "rules:list:read"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有评查点分组查看权限", "data": None})
data = await self.GroupService.ListAllGroups(include_disabled, with_rule_count)
return JSONResponse(status_code=200, content=[item.model_dump() for item in data])
@self.router.get("/by-document-types")
async def ListEvaluationPointGroupsByDocumentTypes(
document_type_ids: str = Query(..., description="逗号分隔的文档类型ID列表"),
include_disabled: bool = Query(False, description="是否包含禁用分组"),
with_rule_count: bool = Query(False, description="是否返回评查点数"),
payload: dict = Depends(verify_access_token),
):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:list:read", "rules:list:read"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有评查点分组查看权限", "data": None})
document_type_id_list = [int(item.strip()) for item in document_type_ids.split(",") if item.strip().isdigit()]
data = await self.GroupService.ListGroupsByDocumentTypes(document_type_id_list, include_disabled, with_rule_count)
return JSONResponse(status_code=200, content=[item.model_dump() for item in data])
@self.router.post("")
async def CreateEvaluationPointGroup(body: EvaluationPointGroupCreateDTO, payload: dict = Depends(verify_access_token)):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:create:write"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有创建评查点分组权限", "data": None})
data = await self.GroupService.CreateGroup(body)
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.patch("/batch/status")
async def BatchUpdateEvaluationPointGroupStatus(
body: EvaluationPointGroupBatchStatusDTO,
payload: dict = Depends(verify_access_token),
):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:batch:write", "evaluation_group:update:write"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有批量更新评查点分组权限", "data": None})
data = await self.GroupService.BatchUpdateStatus(body)
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.delete("/batch")
async def BatchDeleteEvaluationPointGroups(
body: EvaluationPointGroupBatchDeleteDTO = Body(...),
payload: dict = Depends(verify_access_token),
):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:batch:write", "evaluation_group:delete:delete"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有批量删除评查点分组权限", "data": None})
data = await self.GroupService.BatchDelete(body)
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.get("/{GroupId}")
async def GetEvaluationPointGroup(
GroupId: int,
with_rule_count: bool = Query(True, description="是否返回评查点数"),
payload: dict = Depends(verify_access_token),
):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:list:read", "rules:list:read"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有评查点分组查看权限", "data": None})
data = await self.GroupService.GetGroup(GroupId, with_rule_count)
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.put("/{GroupId}")
async def UpdateEvaluationPointGroup(GroupId: int, body: EvaluationPointGroupUpdateDTO, payload: dict = Depends(verify_access_token)):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:batch:write", "evaluation_group:update:write"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有更新评查点分组权限", "data": None})
data = await self.GroupService.UpdateGroup(GroupId, body)
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.delete("/{GroupId}")
async def DeleteEvaluationPointGroup(GroupId: int, payload: dict = Depends(verify_access_token)):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:batch:write", "evaluation_group:delete:delete"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有删除评查点分组权限", "data": None})
data = await self.GroupService.DeleteGroup(GroupId)
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.get("/{GroupId}/children")
async def GetEvaluationPointGroupChildren(
GroupId: int,
is_enabled: bool | None = Query(None, description="是否启用"),
page: int = Query(1, ge=1, description="页码"),
page_size: int = Query(20, ge=1, le=500, description="分页大小"),
payload: dict = Depends(verify_access_token),
):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:list:read", "rules:list:read"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有评查点分组查看权限", "data": None})
data = await self.GroupService.GetChildren(GroupId, is_enabled, page, page_size)
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.put("/{GroupId}/rebind")
async def RebindEvaluationPointGroup(GroupId: int, body: EvaluationPointGroupRebindDTO, payload: dict = Depends(verify_access_token)):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:update:write"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有换绑评查点分组权限", "data": None})
data = await self.GroupService.RebindGroup(GroupId, body)
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.post("/{GroupId}/bindings")
async def CreateEvaluationPointGroupBinding(GroupId: int, body: EvaluationPointGroupBindingCreateDTO, payload: dict = Depends(verify_access_token)):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:update:write"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有绑定规则集权限", "data": None})
data = await self.GroupService.CreateBinding(GroupId, body)
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.put("/bindings/{BindingId}")
async def UpdateEvaluationPointGroupBinding(BindingId: int, body: EvaluationPointGroupBindingUpdateDTO, payload: dict = Depends(verify_access_token)):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:update:write"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有更新规则集绑定权限", "data": None})
data = await self.GroupService.UpdateBinding(BindingId, body)
return JSONResponse(status_code=200, content=data.model_dump())
@self.router.delete("/bindings/{BindingId}")
async def DeleteEvaluationPointGroupBinding(BindingId: int, payload: dict = Depends(verify_access_token)):
if not await self._check_permission(int(payload["user_id"]), ["evaluation_group:update:write"]):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有删除规则集绑定权限", "data": None})
await self.GroupService.DeleteBinding(BindingId)
return JSONResponse(status_code=200, content={"success": True})
async def _check_permission(self, user_id: int, permission_keys: list[str]) -> bool:
for permission_key in permission_keys:
if await self.PermissionService.CheckPermission(user_id, permission_key):
return True
return False
@@ -0,0 +1,66 @@
"""提示词模板控制器。"""
from fastapi import Depends, Query
from fastapi.responses import JSONResponse
from fastapi_common.fastapi_common_security.security import verify_access_token
from fastapi_common.fastapi_common_web.controller import BaseController
from fastapi_modules.fastapi_leaudit.domian.Dto.promptTemplateDto import PromptTemplateCreateDTO, PromptTemplateUpdateDTO
from fastapi_modules.fastapi_leaudit.services.promptTemplateService import IPromptTemplateService
from fastapi_modules.fastapi_leaudit.services.impl.promptTemplateServiceImpl import PromptTemplateServiceImpl
class PromptTemplateController(BaseController):
def __init__(self):
super().__init__(prefix='/v3/prompt-templates', tags=['提示词模板'])
self.Service: IPromptTemplateService = PromptTemplateServiceImpl()
@self.router.get('')
async def ListPromptTemplates(
search: str | None = Query(None, description='名称/编码搜索'),
template_type: str | None = Query(None, description='模板类型,逗号分隔'),
status: int | None = Query(None, description='状态'),
page: int = Query(1, ge=1),
page_size: int = Query(20, ge=1, le=500),
payload: dict = Depends(verify_access_token),
):
_ = payload
template_types = [item.strip() for item in str(template_type or '').split(',') if item.strip()]
data = await self.Service.ListTemplates(search, template_types or None, status, page, page_size)
return JSONResponse(status_code=200, content={'code': 200, 'message': 'ok', 'data': data.model_dump()})
@self.router.get('/types')
async def GetPromptTemplateTypes(payload: dict = Depends(verify_access_token)):
_ = payload
data = await self.Service.GetTemplateTypes()
return JSONResponse(status_code=200, content={'code': 200, 'message': 'ok', 'data': data.model_dump()})
@self.router.get('/{TemplateId}')
async def GetPromptTemplate(TemplateId: int, payload: dict = Depends(verify_access_token)):
_ = payload
data = await self.Service.GetTemplate(TemplateId)
return JSONResponse(status_code=200, content={'code': 200, 'message': 'ok', 'data': data.model_dump()})
@self.router.post('')
async def CreatePromptTemplate(body: PromptTemplateCreateDTO, payload: dict = Depends(verify_access_token)):
_ = payload
data = await self.Service.CreateTemplate(body)
return JSONResponse(status_code=200, content={'code': 200, 'message': 'ok', 'data': data.model_dump()})
@self.router.put('/{TemplateId}')
async def UpdatePromptTemplate(TemplateId: int, body: PromptTemplateUpdateDTO, payload: dict = Depends(verify_access_token)):
_ = payload
data = await self.Service.UpdateTemplate(TemplateId, body)
return JSONResponse(status_code=200, content={'code': 200, 'message': 'ok', 'data': data.model_dump()})
@self.router.delete('/{TemplateId}')
async def DeletePromptTemplate(TemplateId: int, payload: dict = Depends(verify_access_token)):
_ = payload
await self.Service.DeleteTemplate(TemplateId)
return JSONResponse(status_code=200, content={'code': 200, 'message': 'ok', 'data': True})
@self.router.post('/{TemplateId}/duplicate')
async def DuplicatePromptTemplate(TemplateId: int, new_code: str | None = Query(None), payload: dict = Depends(verify_access_token)):
_ = payload
data = await self.Service.DuplicateTemplate(TemplateId, new_code)
return JSONResponse(status_code=200, content={'code': 200, 'message': 'ok', 'data': data.model_dump()})
@@ -8,7 +8,7 @@ from fastapi.responses import JSONResponse
from fastapi_common.fastapi_common_security.security import verify_access_token
from fastapi_common.fastapi_common_web.controller import BaseController
from fastapi_modules.fastapi_leaudit.domian.Dto.rbacAdminDto import RoleCreateDTO, RolePermissionsBatchDTO, RoleRoutesUpdateDTO, RoleUpdateDTO, UserRolesAssignDTO
from fastapi_modules.fastapi_leaudit.domian.Dto.rbacAdminDto import RoleAccessSaveDTO, RoleCreateDTO, RolePermissionsBatchDTO, RoleRoutesUpdateDTO, RoleUpdateDTO, UserRolesAssignDTO
from fastapi_modules.fastapi_leaudit.services.impl.rbacAdminServiceImpl import RbacAdminServiceImpl
from fastapi_modules.fastapi_leaudit.services.rbacAdminService import IRbacAdminService
@@ -128,6 +128,12 @@ class RbacAdminController(BaseController):
data = await self.RbacAdminService.SaveRolePermissions(int(payload["user_id"]), Body)
return JSONResponse(status_code=200, content={"code": 200, "message": "权限分配成功", "data": data.model_dump()})
@self.router.post("/v3/rbac/roles/{RoleId}/access")
async def SaveRoleAccess(RoleId: int, Body: RoleAccessSaveDTO, payload: dict[str, Any] = Depends(verify_access_token)):
"""原子保存角色菜单与接口权限。"""
data = await self.RbacAdminService.SaveRoleAccess(int(payload["user_id"]), RoleId, Body)
return JSONResponse(status_code=200, content={"code": 200, "message": "角色权限保存成功", "data": data.model_dump()})
@self.router.get("/v3/routes/{RouteId}/permissions")
async def GetRoutePermissions(RouteId: int, payload: dict[str, Any] = Depends(verify_access_token)):
"""查询路由关联权限。"""
@@ -0,0 +1,45 @@
"""规则配置页聚合控制器。"""
from typing import Any
from fastapi import Depends
from fastapi.responses import JSONResponse
from fastapi_common.fastapi_common_security.security import verify_access_token
from fastapi_common.fastapi_common_web.controller import BaseController
from fastapi_modules.fastapi_leaudit.services.impl.permissionServiceImpl import PermissionServiceImpl
from fastapi_modules.fastapi_leaudit.services.impl.ruleConfigServiceImpl import RuleConfigServiceImpl
from fastapi_modules.fastapi_leaudit.services.permissionService import IPermissionService
from fastapi_modules.fastapi_leaudit.services.ruleConfigService import IRuleConfigService
class RuleConfigController(BaseController):
"""规则配置页聚合控制器。"""
def __init__(self):
super().__init__(prefix="/v3/rule-config-packs", tags=["规则配置"])
self.RuleConfigService: IRuleConfigService = RuleConfigServiceImpl()
self.PermissionService: IPermissionService = PermissionServiceImpl()
@self.router.get("")
async def ListRuleConfigPacks(payload: dict[str, Any] = Depends(verify_access_token)):
"""列出规则配置页 pack。"""
if not await self._check_permission(int(payload["user_id"])):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有规则配置查看权限", "data": None})
data = await self.RuleConfigService.ListPacks()
return JSONResponse(status_code=200, content={"code": 200, "message": "success", "data": [item.model_dump() for item in data]})
@self.router.get("/{PackId}")
async def GetRuleConfigPack(PackId: int, payload: dict[str, Any] = Depends(verify_access_token)):
"""获取单个规则配置 pack。"""
if not await self._check_permission(int(payload["user_id"])):
return JSONResponse(status_code=403, content={"code": 403, "msg": "当前用户没有规则配置查看权限", "data": None})
data = await self.RuleConfigService.GetPack(PackId)
return JSONResponse(status_code=200, content={"code": 200, "message": "success", "data": data.model_dump()})
async def _check_permission(self, user_id: int) -> bool:
for permission_key in ("rules:list:read", "rules:content:read", "evaluation_group:list:read"):
if await self.PermissionService.CheckPermission(user_id, permission_key):
return True
return False