From 9bbea48a7b5276e79d13a717ffa3218a9110408f Mon Sep 17 00:00:00 2001 From: wuaho Date: Thu, 5 Aug 2021 21:17:27 +0800 Subject: [PATCH] 1 --- api/api_v1/api.py | 4 +- api/api_v1/authz/authz.py | 17 +- api/api_v1/endpoints/authority.py | 508 +++++++++++++++--------------- api/api_v1/endpoints/data_auth.py | 2 +- api/api_v1/endpoints/project.py | 32 +- crud/base.py | 5 +- crud/crud_api_list.py | 8 +- middleware/casbin.py | 5 +- schemas/api_list.py | 4 +- utils/adapter.py | 34 +- 10 files changed, 318 insertions(+), 301 deletions(-) diff --git a/api/api_v1/api.py b/api/api_v1/api.py index 335edcc..f725e39 100644 --- a/api/api_v1/api.py +++ b/api/api_v1/api.py @@ -5,7 +5,7 @@ from .endpoints import folder from .endpoints import space from .endpoints import dashboard from .endpoints import report -from .endpoints import authority +# from .endpoints import authority from .endpoints import data_mana from .endpoints import query from .endpoints import xquery @@ -24,7 +24,7 @@ api_router.include_router(space.router, tags=["空间接口"], prefix='/space') api_router.include_router(dashboard.router, tags=["看板接口"], prefix='/dashboard') api_router.include_router(report.router, tags=["报表接口"], prefix='/report') -api_router.include_router(authority.router, tags=["权限管理接口"], prefix='/authority') +# api_router.include_router(authority.router, tags=["权限管理接口"], prefix='/authority') api_router.include_router(data_auth.router, tags=["数据权限"], prefix='/data_auth') api_router.include_router(data_mana.router, tags=["数据管理"], prefix='/data_mana') diff --git a/api/api_v1/authz/authz.py b/api/api_v1/authz/authz.py index cf228f7..46bc12a 100644 --- a/api/api_v1/authz/authz.py +++ b/api/api_v1/authz/authz.py @@ -83,7 +83,6 @@ async def remove_policy( @router.get("/api_list") async def api_list( request: Request, - game: str, db: AsyncIOMotorDatabase = Depends(get_database), current_user: schemas.UserDB = Depends(deps.get_current_user)): """ @@ -92,7 +91,7 @@ async def api_list( 已经添加的api 标记 已添加的权限 """ - res = await crud.api_list.all_api(db, game) + res = await crud.api_list.all_api(db) return schemas.Msg(code=0, msg='ok', data=res) @@ -106,7 +105,10 @@ async def add_api( """ 添加api """ - res = await crud.api_list.add_api(db, data_in) + try: + res = await crud.api_list.add_api(db, data_in) + except Exception as e: + return schemas.Msg(code=-1, msg='已经存在') return schemas.Msg(code=0, msg='ok', data=res.matched_count) @@ -119,7 +121,14 @@ async def del_api( """ 删除api """ + # 删除规则 + paths = await crud.api_list.find_ids(db, data_in.ids, {'path': 1}) + for item in paths: + casbin_enforcer.remove_filtered_policy(2, item['path']) + + # 删除保存的记录 res = await crud.api_list.del_api(db, data_in) + return schemas.Msg(code=0, msg='ok', data=res.deleted_count) @@ -133,7 +142,7 @@ async def edit_api( 编辑api """ res = await crud.api_list.edit_api(db, data_in) - return schemas.Msg(code=0, msg='ok', data=res.deleted_count) + return schemas.Msg(code=0, msg='ok', data=res.matched_count) @router.get("/domain") diff --git a/api/api_v1/endpoints/authority.py b/api/api_v1/endpoints/authority.py index 6405a7f..0016dca 100644 --- a/api/api_v1/endpoints/authority.py +++ b/api/api_v1/endpoints/authority.py @@ -1,264 +1,264 @@ -import pymongo -from fastapi import APIRouter, Depends, Request -from motor.motor_asyncio import AsyncIOMotorDatabase -import crud, schemas -from core.config import settings -from core.security import get_password_hash - -from db import get_database -from api import deps -from db.ckdb import CKDrive, get_ck_db -from utils import casbin_enforcer - -router = APIRouter() - - -@router.get("/api_list") -async def api_list(request: Request, - current_user: schemas.UserDB = Depends(deps.get_current_user)) -> schemas.Msg: - """api 列表""" - app = request.app - data = {} - for r in app.routes: - title = r.tags[0] if hasattr(r, 'description') else None - if not title: - continue - data.setdefault(title, {'list': []}) - path = r.path - name = r.description if hasattr(r, 'description') else r.name - data[title]['list'].append({'api': path, 'title': name}) - - res = [{'title': k, 'list': v['list']} for k, v in data.items()] - - return schemas.Msg(code=0, msg='ok', data=res) - - -@router.post('/set_data_auth') -async def set_data_auth(request: Request, - data_id: schemas.DataAuthSet, - game: str = Depends(deps.get_game_project), - db: AsyncIOMotorDatabase = Depends(get_database), - current_user: schemas.UserDB = Depends(deps.get_current_user) - ) -> schemas.Msg: - """设置用户数据权限""" - await crud.authority.set_data_auth(db, data_id, game=game) - return schemas.Msg(code=0, msg='ok', data=data_id) - - -@router.get('/get_user_data_auth') -async def get_user_data_auth(request: Request, - game: str = Depends(deps.get_game_project), - db: AsyncIOMotorDatabase = Depends(get_database), - ck: CKDrive = Depends(get_ck_db), - current_user: schemas.UserDB = Depends(deps.get_current_user) - ) -> schemas.Msg: - """获取当前用户数据权限""" - - data_auth = await crud.authority.get_data_auth(db, username=request.user.name, game=game) - if not data_auth: - values = await ck.distinct(game, 'event', '#event_name') - return schemas.Msg(code=0, msg='ok', data={ - 'data': values, - 'game': game, - 'name': '全部事件' - }) - data_auth_id = data_auth['data_auth_id'] - data = await crud.data_auth.get(data_auth_id) - return schemas.Msg(code=0, msg='ok', data=data) - - -# @router.get('/get_users_data_auth') -# async def get_users_data_auth(request: Request, -# game: str = Depends(deps.get_game_project), -# db: AsyncIOMotorDatabase = Depends(get_database), -# ck: CKDrive = Depends(get_ck_db), -# current_user: schemas.UserDB = Depends(deps.get_current_user) -# ) -> schemas.Msg: -# """获取当前项目所有用户数据权限""" +# import pymongo +# from fastapi import APIRouter, Depends, Request +# from motor.motor_asyncio import AsyncIOMotorDatabase +# import crud, schemas +# from core.config import settings +# from core.security import get_password_hash # -# roles = await crud.authority.find_many(db, ptype='g', v2=game) -# for item in roles: -# user = item['v0'] -# data_auth = await crud.authority.get_data_auth(db, username=request.user.name, game=game) -# if not data_auth: -# values = await ck.distinct(game, 'event', '#event_name') -# return schemas.Msg(code=0, msg='ok', data={ -# 'data': values, -# 'game': game, -# 'name': '全部事件' -# }) -# data_auth_id = data_auth['data_auth_id'] -# data = await crud.data_auth.get(data_auth_id) -# return schemas.Msg(code=0, msg='ok', data=data) +# from db import get_database +# from api import deps +# from db.ckdb import CKDrive, get_ck_db +# from utils import casbin_enforcer # -# # data_auth = await crud.authority.get_data_auth(db, username=request.user.name, game=game) -# # if not data_auth: -# # values = await ck.distinct(game, 'event', '#event_name') -# # return schemas.Msg(code=0, msg='ok', data={ -# # 'data': values, -# # 'game': game, -# # 'name': '全部事件' -# # }) -# # data_auth_id = data_auth['data_auth_id'] -# # data = await crud.data_auth.get(data_auth_id) -# return schemas.Msg(code=0, msg='ok') - - -@router.post("/add_role") -async def add_role(request: Request, - data_in: schemas.CasbinRoleCreate, - game: str = Depends(deps.get_game_project), - db: AsyncIOMotorDatabase = Depends(get_database), - current_user: schemas.UserDB = Depends(deps.get_current_user) - ) -> schemas.Msg: - """创建角色""" - - # 不允许角色名和用户名一样 - if await crud.user.get_by_user(db, name=data_in.role_name): - return schemas.Msg(code=-1, msg='请改个名字') - role_dom = game - api_dict = dict() - for r in request.app.routes: - api_dict[r.path] = r.description if hasattr(r, 'description') else r.name - # 角色有的接口权限 - for obj in data_in.role_api: - casbin_enforcer.add_policy(data_in.role_name, role_dom, obj, '*') - await crud.authority.update_one(db, {'ptype': 'p', 'v0': data_in.role_name, 'v1': role_dom, 'v2': obj}, - {'$set': {'api_name': api_dict.get(obj)}}) - - # 管理员默认拥有该角色 方便从db中读出 - await crud.authority.create(db, 'g', settings.SUPERUSER_NAME, data_in.role_name, role_dom, '*', - role_name=data_in.role_name, - game=role_dom) - - return schemas.Msg(code=0, msg='ok') - - -@router.post("/add_sys_role") -async def add_sys_role(request: Request, - data_in: schemas.CasbinRoleCreate, - game: str = Depends(deps.get_game_project), - db: AsyncIOMotorDatabase = Depends(get_database), - current_user: schemas.UserDB = Depends(deps.get_current_user) - ) -> schemas.Msg: - """创建系统角色""" - api_dict = dict() - - # 不允许角色名和用户名一样 - if await crud.user.get_by_user(db, name=data_in.role_name): - return schemas.Msg(code=-1, msg='请改个名字') - - for r in request.app.routes: - api_dict[r.path] = r.description if hasattr(r, 'description') else r.name - # 角色有的接口权限 - for obj in data_in.role_api: - casbin_enforcer.add_policy(data_in.role_name, '*', obj, '*') - await crud.authority.create(db, 'p', data_in.role_name, '*', obj, '*', api_name=api_dict.get(obj)) - - # 管理员默认拥有该角色 方便从db中读出 - await crud.authority.create(db, 'g', settings.SUPERUSER_NAME, data_in.role_name, - role_name=data_in.role_name, - game='*') - - return schemas.Msg(code=0, msg='ok') - - -@router.post("/add_account") -async def add_account(request: Request, - - data_in: schemas.AccountsCreate, - game: str = Depends(deps.get_game_project), - db: AsyncIOMotorDatabase = Depends(get_database), - current_user: schemas.UserDB = Depends(deps.get_current_user) - ) -> schemas.Msg: - """添加账号""" - - # 用户名不能与角色名重复 - roles = casbin_enforcer.get_all_roles() - accounts = {item.username for item in data_in.accounts} - # 用户名不能与已存在的重复 - exists_user = await crud.user.get_all_user(db) - if accounts & set(roles) or accounts & set(exists_user): - return schemas.Msg(code=-1, msg='已存在', data=list(set(accounts) & set(roles) | accounts & set(exists_user))) - - """创建账号 并设置角色""" - for item in data_in.accounts: - account = schemas.UserCreate(name=item.username, password=settings.DEFAULT_PASSWORD) - try: - await crud.user.create(db, account) - except pymongo.errors.DuplicateKeyError: - return schemas.Msg(code=-1, msg='用户名已存在') - - casbin_enforcer.add_grouping_policy(item.username, item.role_name, game) - # 设置数据权限 - await crud.authority.set_data_auth(db, - schemas.DataAuthSet(username=item.username, data_auth_id=item.data_auth_id), - game) - - # 添加到项目成员 - await crud.project.add_members(db, schemas.ProjectMember(project_id=data_in.project_id, members=list(accounts))) - - return schemas.Msg(code=0, msg='ok') - - -@router.get("/all_role") -async def all_role(request: Request, - db: AsyncIOMotorDatabase = Depends(get_database), - game: str = Depends(deps.get_game_project), - current_user: schemas.UserDB = Depends(deps.get_current_user) - ) -> schemas.Msg: - """获取所有角色""" - - app = request.app - api_data = {} - for r in app.routes: - title = r.tags[0] if hasattr(r, 'description') else None - if not title: - continue - api_data[r.path] = { - 'api': r.path, - 'title': title, - 'name': r.description if hasattr(r, 'description') else r.name - } - - """获取域内所有角色""" - roles = await crud.authority.find_many(db, {'role_name': {'$exists': 1}, 'game': game}) - dom_data = [{'role': item['v1'], 'title': item['role_name'], 'id': str(item['_id'])} for item in roles] - for item in dom_data: - q = await crud.authority.get_role_dom_authority(db, item['role'], game, api_data) - item['authority'] = [{'title': k, 'child': v} for k, v in q.items()] - - # 获取系统角色 - roles = await crud.authority.find_many(db, {'role_name':{'$exists': 1}, 'game':'*'}) - sys_data = [{'role': item['v1'], 'title': item['role_name'], 'id': str(item['_id'])} for item in roles] - for item in sys_data: - q = await crud.authority.get_role_dom_authority(db, item['role'], dom=game, api_data=api_data) - item['authority'] = [{'title': k, 'child': v} for k, v in q.items()] - - data = { - 'dom_role': dom_data, - 'sys_role': sys_data - } - return schemas.Msg(code=0, msg='ok', data=data) - -# @router.post("/set_role") -# async def set_role(request: Request, -# data_id: schemas.AccountSetRole, +# router = APIRouter() +# +# +# @router.get("/api_list") +# async def api_list(request: Request, +# current_user: schemas.UserDB = Depends(deps.get_current_user)) -> schemas.Msg: +# """api 列表""" +# app = request.app +# data = {} +# for r in app.routes: +# title = r.tags[0] if hasattr(r, 'description') else None +# if not title: +# continue +# data.setdefault(title, {'list': []}) +# path = r.path +# name = r.description if hasattr(r, 'description') else r.name +# data[title]['list'].append({'api': path, 'title': name}) +# +# res = [{'title': k, 'list': v['list']} for k, v in data.items()] +# +# return schemas.Msg(code=0, msg='ok', data=res) +# +# +# @router.post('/set_data_auth') +# async def set_data_auth(request: Request, +# data_id: schemas.DataAuthSet, +# game: str = Depends(deps.get_game_project), +# db: AsyncIOMotorDatabase = Depends(get_database), +# current_user: schemas.UserDB = Depends(deps.get_current_user) +# ) -> schemas.Msg: +# """设置用户数据权限""" +# await crud.authority.set_data_auth(db, data_id, game=game) +# return schemas.Msg(code=0, msg='ok', data=data_id) +# +# +# @router.get('/get_user_data_auth') +# async def get_user_data_auth(request: Request, +# game: str = Depends(deps.get_game_project), +# db: AsyncIOMotorDatabase = Depends(get_database), +# ck: CKDrive = Depends(get_ck_db), +# current_user: schemas.UserDB = Depends(deps.get_current_user) +# ) -> schemas.Msg: +# """获取当前用户数据权限""" +# +# data_auth = await crud.authority.get_data_auth(db, username=request.user.name, game=game) +# if not data_auth: +# values = await ck.distinct(game, 'event', '#event_name') +# return schemas.Msg(code=0, msg='ok', data={ +# 'data': values, +# 'game': game, +# 'name': '全部事件' +# }) +# data_auth_id = data_auth['data_auth_id'] +# data = await crud.data_auth.get(data_auth_id) +# return schemas.Msg(code=0, msg='ok', data=data) +# +# +# # @router.get('/get_users_data_auth') +# # async def get_users_data_auth(request: Request, +# # game: str = Depends(deps.get_game_project), +# # db: AsyncIOMotorDatabase = Depends(get_database), +# # ck: CKDrive = Depends(get_ck_db), +# # current_user: schemas.UserDB = Depends(deps.get_current_user) +# # ) -> schemas.Msg: +# # """获取当前项目所有用户数据权限""" +# # +# # roles = await crud.authority.find_many(db, ptype='g', v2=game) +# # for item in roles: +# # user = item['v0'] +# # data_auth = await crud.authority.get_data_auth(db, username=request.user.name, game=game) +# # if not data_auth: +# # values = await ck.distinct(game, 'event', '#event_name') +# # return schemas.Msg(code=0, msg='ok', data={ +# # 'data': values, +# # 'game': game, +# # 'name': '全部事件' +# # }) +# # data_auth_id = data_auth['data_auth_id'] +# # data = await crud.data_auth.get(data_auth_id) +# # return schemas.Msg(code=0, msg='ok', data=data) +# # +# # # data_auth = await crud.authority.get_data_auth(db, username=request.user.name, game=game) +# # # if not data_auth: +# # # values = await ck.distinct(game, 'event', '#event_name') +# # # return schemas.Msg(code=0, msg='ok', data={ +# # # 'data': values, +# # # 'game': game, +# # # 'name': '全部事件' +# # # }) +# # # data_auth_id = data_auth['data_auth_id'] +# # # data = await crud.data_auth.get(data_auth_id) +# # return schemas.Msg(code=0, msg='ok') +# +# +# @router.post("/add_role") +# async def add_role(request: Request, +# data_in: schemas.CasbinRoleCreate, +# game: str = Depends(deps.get_game_project), # db: AsyncIOMotorDatabase = Depends(get_database), # current_user: schemas.UserDB = Depends(deps.get_current_user) # ) -> schemas.Msg: -# """设置账号角色""" -# casbin_enforcer.delete_user(data_id.name) -# casbin_enforcer.add_role_for_user(data_id.name, data_id.role_name) -# await crud.authority.update_one(db, {'ptype': 'g', 'v0': data_id.name}, dict(v1=data_id.role_name)) +# """创建角色""" +# +# # 不允许角色名和用户名一样 +# if await crud.user.get_by_user(db, name=data_in.role_name): +# return schemas.Msg(code=-1, msg='请改个名字') +# role_dom = game +# api_dict = dict() +# for r in request.app.routes: +# api_dict[r.path] = r.description if hasattr(r, 'description') else r.name +# # 角色有的接口权限 +# for obj in data_in.role_api: +# casbin_enforcer.add_policy(data_in.role_name, role_dom, obj, '*') +# await crud.authority.update_one(db, {'ptype': 'p', 'v0': data_in.role_name, 'v1': role_dom, 'v2': obj}, +# {'$set': {'api_name': api_dict.get(obj)}}) +# +# # 管理员默认拥有该角色 方便从db中读出 +# await crud.authority.create(db, 'g', settings.SUPERUSER_NAME, data_in.role_name, role_dom, '*', +# role_name=data_in.role_name, +# game=role_dom) # # return schemas.Msg(code=0, msg='ok') - -# @router.get("/delete_user") -# async def delete_user(request: Request, -# data_id: schemas.AccountDeleteUser, +# +# +# @router.post("/add_sys_role") +# async def add_sys_role(request: Request, +# data_in: schemas.CasbinRoleCreate, +# game: str = Depends(deps.get_game_project), +# db: AsyncIOMotorDatabase = Depends(get_database), +# current_user: schemas.UserDB = Depends(deps.get_current_user) +# ) -> schemas.Msg: +# """创建系统角色""" +# api_dict = dict() +# +# # 不允许角色名和用户名一样 +# if await crud.user.get_by_user(db, name=data_in.role_name): +# return schemas.Msg(code=-1, msg='请改个名字') +# +# for r in request.app.routes: +# api_dict[r.path] = r.description if hasattr(r, 'description') else r.name +# # 角色有的接口权限 +# for obj in data_in.role_api: +# casbin_enforcer.add_policy(data_in.role_name, '*', obj, '*') +# await crud.authority.create(db, 'p', data_in.role_name, '*', obj, '*', api_name=api_dict.get(obj)) +# +# # 管理员默认拥有该角色 方便从db中读出 +# await crud.authority.create(db, 'g', settings.SUPERUSER_NAME, data_in.role_name, +# role_name=data_in.role_name, +# game='*') +# +# return schemas.Msg(code=0, msg='ok') +# +# +# @router.post("/add_account") +# async def add_account(request: Request, +# +# data_in: schemas.AccountsCreate, +# game: str = Depends(deps.get_game_project), # db: AsyncIOMotorDatabase = Depends(get_database), # current_user: schemas.UserDB = Depends(deps.get_current_user) # ) -> schemas.Msg: -# pass -# return schemas.Msg(code=0, msg='暂时没有') +# """添加账号""" +# +# # 用户名不能与角色名重复 +# roles = casbin_enforcer.get_all_roles() +# accounts = {item.username for item in data_in.accounts} +# # 用户名不能与已存在的重复 +# exists_user = await crud.user.get_all_user(db) +# if accounts & set(roles) or accounts & set(exists_user): +# return schemas.Msg(code=-1, msg='已存在', data=list(set(accounts) & set(roles) | accounts & set(exists_user))) +# +# """创建账号 并设置角色""" +# for item in data_in.accounts: +# account = schemas.UserCreate(name=item.username, password=settings.DEFAULT_PASSWORD) +# try: +# await crud.user.create(db, account) +# except pymongo.errors.DuplicateKeyError: +# return schemas.Msg(code=-1, msg='用户名已存在') +# +# casbin_enforcer.add_grouping_policy(item.username, item.role_name, game) +# # 设置数据权限 +# await crud.authority.set_data_auth(db, +# schemas.DataAuthSet(username=item.username, data_auth_id=item.data_auth_id), +# game) +# +# # 添加到项目成员 +# await crud.project.add_members(db, schemas.ProjectMember(project_id=data_in.project_id, members=list(accounts))) +# +# return schemas.Msg(code=0, msg='ok') +# +# +# @router.get("/all_role") +# async def all_role(request: Request, +# db: AsyncIOMotorDatabase = Depends(get_database), +# game: str = Depends(deps.get_game_project), +# current_user: schemas.UserDB = Depends(deps.get_current_user) +# ) -> schemas.Msg: +# """获取所有角色""" +# +# app = request.app +# api_data = {} +# for r in app.routes: +# title = r.tags[0] if hasattr(r, 'description') else None +# if not title: +# continue +# api_data[r.path] = { +# 'api': r.path, +# 'title': title, +# 'name': r.description if hasattr(r, 'description') else r.name +# } +# +# """获取域内所有角色""" +# roles = await crud.authority.find_many(db, {'role_name': {'$exists': 1}, 'game': game}) +# dom_data = [{'role': item['v1'], 'title': item['role_name'], 'id': str(item['_id'])} for item in roles] +# for item in dom_data: +# q = await crud.authority.get_role_dom_authority(db, item['role'], game, api_data) +# item['authority'] = [{'title': k, 'child': v} for k, v in q.items()] +# +# # 获取系统角色 +# roles = await crud.authority.find_many(db, {'role_name':{'$exists': 1}, 'game':'*'}) +# sys_data = [{'role': item['v1'], 'title': item['role_name'], 'id': str(item['_id'])} for item in roles] +# for item in sys_data: +# q = await crud.authority.get_role_dom_authority(db, item['role'], dom=game, api_data=api_data) +# item['authority'] = [{'title': k, 'child': v} for k, v in q.items()] +# +# data = { +# 'dom_role': dom_data, +# 'sys_role': sys_data +# } +# return schemas.Msg(code=0, msg='ok', data=data) +# +# # @router.post("/set_role") +# # async def set_role(request: Request, +# # data_id: schemas.AccountSetRole, +# # db: AsyncIOMotorDatabase = Depends(get_database), +# # current_user: schemas.UserDB = Depends(deps.get_current_user) +# # ) -> schemas.Msg: +# # """设置账号角色""" +# # casbin_enforcer.delete_user(data_id.name) +# # casbin_enforcer.add_role_for_user(data_id.name, data_id.role_name) +# # await crud.authority.update_one(db, {'ptype': 'g', 'v0': data_id.name}, dict(v1=data_id.role_name)) +# # +# # return schemas.Msg(code=0, msg='ok') +# +# # @router.get("/delete_user") +# # async def delete_user(request: Request, +# # data_id: schemas.AccountDeleteUser, +# # db: AsyncIOMotorDatabase = Depends(get_database), +# # current_user: schemas.UserDB = Depends(deps.get_current_user) +# # ) -> schemas.Msg: +# # pass +# # return schemas.Msg(code=0, msg='暂时没有') diff --git a/api/api_v1/endpoints/data_auth.py b/api/api_v1/endpoints/data_auth.py index 34d31dd..bc448e5 100644 --- a/api/api_v1/endpoints/data_auth.py +++ b/api/api_v1/endpoints/data_auth.py @@ -15,7 +15,7 @@ from db import get_database from api import deps from db.ckdb import CKDrive, get_ck_db from db.redisdb import get_redis_pool, RedisDrive -from utils import casbin_enforcer +# from utils import casbin_enforcer router = APIRouter() diff --git a/api/api_v1/endpoints/project.py b/api/api_v1/endpoints/project.py index a645b45..7b8edea 100644 --- a/api/api_v1/endpoints/project.py +++ b/api/api_v1/endpoints/project.py @@ -9,7 +9,7 @@ from core.config import settings from db import get_database from db.ckdb import CKDrive, get_ck_db from schemas.project import ProjectCreate -from utils import casbin_enforcer +# from utils import casbin_enforcer router = APIRouter() @@ -47,15 +47,15 @@ async def create( # await crud.data_auth.create(db, data_auth, data_in.game) # 新建项目管理员权限 - role_name = f'{data_in.game}_admin' - role_dom = data_in.game - casbin_enforcer.add_policy(role_name, role_dom, '*', '*') - await crud.authority.create(db, 'p', role_name, role_dom, '*', '*') + # role_name = f'{data_in.game}_admin' + # role_dom = data_in.game + # casbin_enforcer.add_policy(role_name, role_dom, '*', '*') + # await crud.authority.create(db, 'p', role_name, role_dom, '*', '*') # 添加角色 - await crud.authority.create(db, 'g', settings.SUPERUSER_NAME, role_name, '*', '*', role_name='系统项目管理员', game='*') - # 添加数据权限 - await crud.authority.set_data_auth(db, schemas.DataAuthSet(username=request.user.username, data_auth_id='*'), - game=data_in.game, v1=role_name) + # await crud.authority.create(db, 'g', settings.SUPERUSER_NAME, role_name, '*', '*', role_name='系统项目管理员', game='*') + # # 添加数据权限 + # await crud.authority.set_data_auth(db, schemas.DataAuthSet(username=request.user.username, data_auth_id='*'), + # game=data_in.game, v1=role_name) return schemas.Msg(code=0, msg='创建成功') @@ -120,11 +120,11 @@ async def add_members(request: Request, """项目添加成员""" for item in data_in.members: - casbin_enforcer.add_grouping_policy(item.username, item.role_name, game) - # 设置数据权限 - await crud.authority.set_data_auth(db, - schemas.DataAuthSet(username=item.username, data_auth_id=item.data_auth_id), - game) + # casbin_enforcer.add_grouping_policy(item.username, item.role_name, game) + # # 设置数据权限 + # await crud.authority.set_data_auth(db, + # schemas.DataAuthSet(username=item.username, data_auth_id=item.data_auth_id), + # game) folder = schemas.FolderCreate( name='未分组', @@ -196,9 +196,9 @@ async def members(request: Request, current_user: schemas.UserDB = Depends(deps.get_current_user) ): """删除项目成员""" - casbin_enforcer.delete_roles_for_user_in_domain(data_in.username, data_in.role, game) + # casbin_enforcer.delete_roles_for_user_in_domain(data_in.username, data_in.role, game) await crud.project.del_members(db, data_in) - await crud.authority.delete(db, ptype='g', v2=game, v0=data_in.username) + # await crud.authority.delete(db, ptype='g', v2=game, v0=data_in.username) return schemas.Msg(code=0, msg='ok') diff --git a/crud/base.py b/crud/base.py index a82d647..059a905 100644 --- a/crud/base.py +++ b/crud/base.py @@ -40,7 +40,7 @@ class CRUDBase: return await db[self.coll_name].delete_many(filter, collation, hint, session) async def delete_id(self, db, *args): - return await db[self.coll_name].delete_one({'_id': {'$in': list(args)}}) + return await db[self.coll_name].delete_many({'_id': {'$in': list(args)}}) async def update_one(self, db, filter, update, upsert=False): res = await db[self.coll_name].update_one(filter, update, upsert) @@ -52,5 +52,8 @@ class CRUDBase: async def distinct(self, db, key, filter=None): return await db[self.coll_name].distinct(key, filter) + async def find_ids(self, db, ids, *args, **kwargs): + return await self.find_many(db, {'_id': {'$in': ids}}, *args, **kwargs) + # async def _create_index(self, db: AsyncIOMotorDatabase, *args, **kwargs): # return await db[self.coll_name].create_index(*args, **kwargs) diff --git a/crud/crud_api_list.py b/crud/crud_api_list.py index 760ac8c..b7667c5 100644 --- a/crud/crud_api_list.py +++ b/crud/crud_api_list.py @@ -15,14 +15,12 @@ class CRUDApiList(CRUDBase): async def edit_api(self, db: AsyncIOMotorDatabase, data_in: schemas.EditApi): where = {'_id': data_in.id} - data = {'$set': data_in.dict()} - + data = {'$set': data_in.dict(exclude={'id'})} return await self.update_one(db, where, data) - async def all_api(self, db: AsyncIOMotorDatabase, game): - where = {'game': game} - return await self.find_many(db, where) + async def all_api(self, db: AsyncIOMotorDatabase): + return await self.find_many(db) diff --git a/middleware/casbin.py b/middleware/casbin.py index ed1436c..7b5d794 100644 --- a/middleware/casbin.py +++ b/middleware/casbin.py @@ -1,3 +1,4 @@ + from utils.casbin.enforcer import Enforcer from fastapi import HTTPException from starlette.authentication import BaseUser @@ -33,7 +34,7 @@ class CasbinMiddleware: await self.app(scope, receive, send) return - if self._enforce(scope, receive): + if await self._enforce(scope, receive): await self.app(scope, receive, send) return else: @@ -45,7 +46,7 @@ class CasbinMiddleware: await response(scope, receive, send) return - def _enforce(self, scope: Scope, receive: Receive) -> bool: + async def _enforce(self, scope: Scope, receive: Receive) -> bool: """ Enforce a request diff --git a/schemas/api_list.py b/schemas/api_list.py index 8811a11..4f3b261 100644 --- a/schemas/api_list.py +++ b/schemas/api_list.py @@ -29,5 +29,7 @@ class DelApi(BaseModel): ids: List[str] = Field(..., description='要删除的id') -class EditApi(ApiBase): +class EditApi(BaseModel): id: str = Field(..., description='要编辑的id') + name: str + desc: str diff --git a/utils/adapter.py b/utils/adapter.py index 6143202..f71baef 100644 --- a/utils/adapter.py +++ b/utils/adapter.py @@ -26,7 +26,7 @@ class CasbinRule: for i, v in enumerate([self.v0, self.v1, self.v2, self.v3, self.v4, self.v5]): if v is None: - break + continue d['v' + str(i)] = v return d @@ -47,20 +47,24 @@ class Adapter(persist.Adapter): self._collection = db[collection] @staticmethod - def format_policy(ptype, args): + def format_policy(ptype, field_values, field_index=0): line = CasbinRule(ptype=ptype) - if len(args) > 0: - line.v0 = args[0] - if len(args) > 1: - line.v1 = args[1] - if len(args) > 2: - line.v2 = args[2] - if len(args) > 3: - line.v3 = args[3] - if len(args) > 4: - line.v4 = args[4] - if len(args) > 5: - line.v5 = args[5] + + for i in range(field_index, field_index+len(field_values)): + line.__setattr__(f'v{i}', field_values[i - field_index]) + + # if len(args) > 0: + # line.v0 = args[0] + # if len(args) > 1: + # line.v1 = args[1] + # if len(args) > 2: + # line.v2 = args[2] + # if len(args) > 3: + # line.v3 = args[3] + # if len(args) > 4: + # line.v4 = args[4] + # if len(args) > 5: + # line.v5 = args[5] return line @@ -132,7 +136,7 @@ class Adapter(persist.Adapter): """ delete policy rules for matching filters from mongodb """ - line = self.format_policy(ptype, field_values) + line = self.format_policy(ptype, field_values, field_index) self._collection.delete_one(line.dict())