"""RBAC 管理 DTO。""" from pydantic import BaseModel, Field class RoleCreateDTO(BaseModel): """创建角色请求。""" role_key: str = Field(..., description="角色唯一标识") role_name: str = Field(..., description="角色名称") description: str | None = Field(None, description="角色描述") data_scope: str = Field("SELF", description="数据范围") metadata: dict | None = Field(None, description="扩展元数据") class RoleUpdateDTO(BaseModel): """更新角色请求。""" role_name: str | None = Field(None, description="角色名称") description: str | None = Field(None, description="角色描述") data_scope: str | None = Field(None, description="数据范围") priority: int | None = Field(None, description="优先级") parent_role_id: int | None = Field(None, description="父角色ID") class RoleRoutesUpdateDTO(BaseModel): """更新角色路由授权请求。""" route_ids: list[int] = Field(default_factory=list, description="启用路由ID列表") permission: str = Field("RW", description="路由授权类型") class RolePermissionConfigDTO(BaseModel): """角色权限配置。""" permission_id: int = Field(..., description="权限ID") grant_type: str = Field("GRANT", description="授权类型") data_scope: str | None = Field(None, description="数据范围") class RolePermissionsBatchDTO(BaseModel): """批量写入角色权限请求。""" role_id: int = Field(..., description="角色ID") permissions: list[RolePermissionConfigDTO] = Field(default_factory=list, description="权限列表") replace: bool = Field(False, description="是否替换当前角色已有权限") replace_scope_permission_ids: list[int] = Field(default_factory=list, description="替换模式下仅允许清理的权限ID范围") class RoleAccessSaveDTO(BaseModel): """角色菜单与接口权限联合保存请求。""" route_ids: list[int] = Field(default_factory=list, description="启用路由ID列表") permission_ids: list[int] = Field(default_factory=list, description="启用接口权限ID列表") route_permission: str = Field("RW", description="路由授权类型") replace_scope_permission_ids: list[int] = Field(default_factory=list, description="允许本次替换清理的权限ID范围") class UserRolesAssignDTO(BaseModel): """用户角色分配请求。""" role_ids: list[int] = Field(default_factory=list, description="角色ID列表")