From 19a2c3aa133ab8b75129f01d5f017578679a0049 Mon Sep 17 00:00:00 2001 From: wuaho Date: Mon, 9 Aug 2021 21:01:35 +0800 Subject: [PATCH] 1 --- api/api_v1/authz/authz.py | 49 ++++++++++++++++++++++++++++++++++----- crud/crud_role.py | 7 +++--- init_db.py | 6 ++--- schemas/authotity.py | 14 +++++++++-- schemas/role.py | 7 ++++-- 5 files changed, 67 insertions(+), 16 deletions(-) diff --git a/api/api_v1/authz/authz.py b/api/api_v1/authz/authz.py index 46bc12a..87faf79 100644 --- a/api/api_v1/authz/authz.py +++ b/api/api_v1/authz/authz.py @@ -35,6 +35,28 @@ async def add_role_domain( return schemas.Msg(code='-1', msg='添加成功') +@router.post("/get_permissions_for_user_in_domain") +async def get_permissions_for_user_in_domain( + request: Request, + data_in: schemas.GetPermissionsForUserInDomain, + db: AsyncIOMotorDatabase = Depends(get_database), + current_user: schemas.UserDB = Depends(deps.get_current_user)): + """ + 获取域内用户或角色的权限 + """ + + data = casbin_enforcer.get_permissions_for_user_in_domain(data_in.role_id, data_in.game) + path_ids = {i[2] for i in data} + all_api = await crud.api_list.all_api(db) + for item in all_api: + if item['_id'] in path_ids: + item['is_authz'] = True + else: + item['is_authz'] = False + + return schemas.Msg(code='0', msg='ok', data=all_api) + + @router.post("/del_role_user_domain") async def del_role_domain( request: Request, @@ -50,6 +72,7 @@ async def del_role_domain( res = casbin_enforcer.delete_roles_for_user_in_domain(user=data_in.username, role=data_in.role_id, domain=data_in.game) + await crud.role.delete_id(db, data_in.role_id) return schemas.Msg(code=0, msg='ok', data=res) @@ -62,8 +85,9 @@ async def add_policy( """ 向当前策略添加授权规则 """ - - res = casbin_enforcer.add_policy(data_id.role_id, data_id.game, data_id.path, data_id.act) + res = 0 + for path in data_id.path_list: + res = casbin_enforcer.add_policy(data_id.role_id, data_id.game, path, data_id.act) return schemas.Msg(code=0, msg='ok', data=res) @@ -73,7 +97,7 @@ async def remove_policy( data_id: schemas.DelPolicy, current_user: schemas.UserDB = Depends(deps.get_current_user)): """ - 向当前策略添加授权规则 + 删除角色api权限 """ res = casbin_enforcer.remove_policy(data_id.role_id, data_id.game, data_id.path, data_id.act) @@ -88,8 +112,7 @@ async def api_list( """ GetPermissionsForUserInDomain - 已经添加的api - 标记 已添加的权限 + 所有的api """ res = await crud.api_list.all_api(db) return schemas.Msg(code=0, msg='ok', data=res) @@ -171,7 +194,7 @@ async def add_roles( """ try: res = await crud.role.add_role(db, data_in) - return schemas.Msg(code=0, msg='ok', data=res.matched_count) + return schemas.Msg(code=0, msg='ok', data=res.upserted_id) except Exception as e: return schemas.Msg(code=-1, msg='添加失败', data=str(e)) @@ -188,3 +211,17 @@ async def roles( """ res = await crud.role.dom_roles(db, game) return schemas.Msg(code=0, msg='ok', data=res) + + +@router.post("/edit_role") +async def edit_role( + request: Request, + date_in: schemas.EditRole, + db: AsyncIOMotorDatabase = Depends(get_database), + current_user: schemas.UserDB = Depends(deps.get_current_user) +) -> schemas.Msg: + """ + 修改角色名 + """ + res = await crud.role.edit_role(db, date_in) + return schemas.Msg(code=0, msg='ok', data=res.matched_count) diff --git a/crud/crud_role.py b/crud/crud_role.py index 15e924e..c5001e2 100644 --- a/crud/crud_role.py +++ b/crud/crud_role.py @@ -14,10 +14,11 @@ class CRUDApiList(CRUDBase): return await self.update_one(db, where, data, upsert=True) async def edit_role(self, db: AsyncIOMotorDatabase, data_in: schemas.EditRole): - where = {'_id': data_in.id} - data = {'$set': data_in.dict()} + data = data_in.dict() + where = {'_id': data.pop('role_id')} + up_data = {'$set': data} - return await self.update_one(db, where, data) + return await self.update_one(db, where, up_data) async def check(self, db, **kwargs): res = await self.find_one(db, kwargs) diff --git a/init_db.py b/init_db.py index 2ba612b..17d5754 100644 --- a/init_db.py +++ b/init_db.py @@ -75,11 +75,11 @@ async def main(): # await space_index() # await dashboard_index() # await report_index() - # await authority_init() + await authority_init() # await data_attr_index() # await event_mana() - await api_list_index() - await role_index() + # await api_list_index() + # await role_index() loop = asyncio.get_event_loop() diff --git a/schemas/authotity.py b/schemas/authotity.py index b4614e9..ef72d26 100644 --- a/schemas/authotity.py +++ b/schemas/authotity.py @@ -10,6 +10,11 @@ class AddRoleForUserInDomain(BaseModel): game: str +class GetPermissionsForUserInDomain(BaseModel): + role_id: str + game: str + + class DeleteRolesForUserInDomain(BaseModel): username: str role_id: str @@ -22,13 +27,18 @@ class Policy(BaseModel): path: str act: str = '*' -class AddPolicy(Policy): - pass + +class AddPolicy(BaseModel): + path_list: List[str] + role_id: str + game: str + act: str = '*' class DelPolicy(Policy): pass + class Ptype(str, Enum): p = 'p' g = 'g' diff --git a/schemas/role.py b/schemas/role.py index 5bf168c..3f84e22 100644 --- a/schemas/role.py +++ b/schemas/role.py @@ -21,9 +21,12 @@ class AddRole(BaseModel): class AddRoleDB(DBBase, AddRole): pass + class DelRole(BaseModel): ids: List[str] = Field(..., description='要删除的id') -class EditRole(RoleBase): - id: str = Field(..., description='要编辑的id') \ No newline at end of file +class EditRole(BaseModel): + role_id: str = Field(..., description='要编辑的id') + name: str = None + desc: str = None