From ab31c808d7b470e5b32a198e84e890934873ef82 Mon Sep 17 00:00:00 2001 From: wren <“porlong@qq.com”> Date: Thu, 30 Apr 2026 11:18:06 +0800 Subject: [PATCH] fix: show permission display_name instead of key in 403 errors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previously _assertPermission raised "缺少权限: rbac:roles:delete". Now it looks up the display_name from the permissions table and shows "缺少「删除角色」权限". --- .../services/impl/rbacAdminServiceImpl.py | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/fastapi_modules/fastapi_leaudit/services/impl/rbacAdminServiceImpl.py b/fastapi_modules/fastapi_leaudit/services/impl/rbacAdminServiceImpl.py index 6e1e028..7de5d72 100644 --- a/fastapi_modules/fastapi_leaudit/services/impl/rbacAdminServiceImpl.py +++ b/fastapi_modules/fastapi_leaudit/services/impl/rbacAdminServiceImpl.py @@ -578,7 +578,7 @@ class RbacAdminServiceImpl(IRbacAdminService): await Session.execute( text( """ - SELECT 1 + SELECT p.display_name FROM role_permissions rp JOIN permissions p ON p.id = rp.permission_id JOIN user_role ur ON ur.role_id = rp.role_id @@ -590,9 +590,16 @@ class RbacAdminServiceImpl(IRbacAdminService): ), {"user_id": CurrentUserId, "permission_key": PermissionKey}, ) - ).first() - if not row: - raise LeauditException(StatusCodeEnum.HTTP_403_FORBIDDEN, f"缺少权限: {PermissionKey}") + ).mappings().first() + if not row: + displayRow = ( + await Session.execute( + text("SELECT display_name FROM permissions WHERE permission_key = :key LIMIT 1"), + {"key": PermissionKey}, + ) + ).mappings().first() + displayName = displayRow["display_name"] if displayRow else PermissionKey + raise LeauditException(StatusCodeEnum.HTTP_403_FORBIDDEN, f"缺少「{displayName}」权限") async def _getCurrentUserContext(self, CurrentUserId: int) -> dict[str, Any]: """加载当前用户上下文。"""