fix: show permission display_name instead of key in 403 errors
Previously _assertPermission raised "缺少权限: rbac:roles:delete". Now it looks up the display_name from the permissions table and shows "缺少「删除角色」权限".
This commit is contained in:
@@ -578,7 +578,7 @@ class RbacAdminServiceImpl(IRbacAdminService):
|
|||||||
await Session.execute(
|
await Session.execute(
|
||||||
text(
|
text(
|
||||||
"""
|
"""
|
||||||
SELECT 1
|
SELECT p.display_name
|
||||||
FROM role_permissions rp
|
FROM role_permissions rp
|
||||||
JOIN permissions p ON p.id = rp.permission_id
|
JOIN permissions p ON p.id = rp.permission_id
|
||||||
JOIN user_role ur ON ur.role_id = rp.role_id
|
JOIN user_role ur ON ur.role_id = rp.role_id
|
||||||
@@ -590,9 +590,16 @@ class RbacAdminServiceImpl(IRbacAdminService):
|
|||||||
),
|
),
|
||||||
{"user_id": CurrentUserId, "permission_key": PermissionKey},
|
{"user_id": CurrentUserId, "permission_key": PermissionKey},
|
||||||
)
|
)
|
||||||
).first()
|
).mappings().first()
|
||||||
if not row:
|
if not row:
|
||||||
raise LeauditException(StatusCodeEnum.HTTP_403_FORBIDDEN, f"缺少权限: {PermissionKey}")
|
displayRow = (
|
||||||
|
await Session.execute(
|
||||||
|
text("SELECT display_name FROM permissions WHERE permission_key = :key LIMIT 1"),
|
||||||
|
{"key": PermissionKey},
|
||||||
|
)
|
||||||
|
).mappings().first()
|
||||||
|
displayName = displayRow["display_name"] if displayRow else PermissionKey
|
||||||
|
raise LeauditException(StatusCodeEnum.HTTP_403_FORBIDDEN, f"缺少「{displayName}」权限")
|
||||||
|
|
||||||
async def _getCurrentUserContext(self, CurrentUserId: int) -> dict[str, Any]:
|
async def _getCurrentUserContext(self, CurrentUserId: int) -> dict[str, Any]:
|
||||||
"""加载当前用户上下文。"""
|
"""加载当前用户上下文。"""
|
||||||
|
|||||||
Reference in New Issue
Block a user