leguadmin/xbackend
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

1

Browse Source
This commit is contained in:
wuaho 2021-08-05 21:17:27 +08:00
parent bf61a4d8d1
commit 9bbea48a7b
10 changed files with 318 additions and 301 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
api/api_v1/api.py
View File

@ -5,7 +5,7 @@ from .endpoints import folder
from .endpoints import space from .endpoints import space
from .endpoints import dashboard from .endpoints import dashboard
from .endpoints import report from .endpoints import report
from .endpoints import authority # from .endpoints import authority
from .endpoints import data_mana from .endpoints import data_mana
from .endpoints import query from .endpoints import query
from .endpoints import xquery from .endpoints import xquery
@ -24,7 +24,7 @@ api_router.include_router(space.router, tags=["空间接口"], prefix='/space')
api_router.include_router(dashboard.router, tags=["看板接口"], prefix='/dashboard') api_router.include_router(dashboard.router, tags=["看板接口"], prefix='/dashboard')
api_router.include_router(report.router, tags=["报表接口"], prefix='/report') api_router.include_router(report.router, tags=["报表接口"], prefix='/report')
api_router.include_router(authority.router, tags=["权限管理接口"], prefix='/authority') # api_router.include_router(authority.router, tags=["权限管理接口"], prefix='/authority')
api_router.include_router(data_auth.router, tags=["数据权限"], prefix='/data_auth') api_router.include_router(data_auth.router, tags=["数据权限"], prefix='/data_auth')
api_router.include_router(data_mana.router, tags=["数据管理"], prefix='/data_mana') api_router.include_router(data_mana.router, tags=["数据管理"], prefix='/data_mana')

15
api/api_v1/authz/authz.py
View File

@ -83,7 +83,6 @@ async def remove_policy(
@router.get("/api_list") @router.get("/api_list")
async def api_list( async def api_list(
request: Request, request: Request,
game: str,
db: AsyncIOMotorDatabase = Depends(get_database), db: AsyncIOMotorDatabase = Depends(get_database),
current_user: schemas.UserDB = Depends(deps.get_current_user)): current_user: schemas.UserDB = Depends(deps.get_current_user)):
""" """
@ -92,7 +91,7 @@ async def api_list(
已经添加的api 已经添加的api
标记 已添加的权限 标记 已添加的权限
""" """
res = await crud.api_list.all_api(db, game) res = await crud.api_list.all_api(db)
return schemas.Msg(code=0, msg='ok', data=res) return schemas.Msg(code=0, msg='ok', data=res)
@ -106,7 +105,10 @@ async def add_api(
""" """
添加api 添加api
""" """
try:
res = await crud.api_list.add_api(db, data_in) res = await crud.api_list.add_api(db, data_in)
except Exception as e:
return schemas.Msg(code=-1, msg='已经存在')
return schemas.Msg(code=0, msg='ok', data=res.matched_count) return schemas.Msg(code=0, msg='ok', data=res.matched_count)
@ -119,7 +121,14 @@ async def del_api(
""" """
删除api 删除api
""" """
# 删除规则
paths = await crud.api_list.find_ids(db, data_in.ids, {'path': 1})
for item in paths:
casbin_enforcer.remove_filtered_policy(2, item['path'])
# 删除保存的记录
res = await crud.api_list.del_api(db, data_in) res = await crud.api_list.del_api(db, data_in)
return schemas.Msg(code=0, msg='ok', data=res.deleted_count) return schemas.Msg(code=0, msg='ok', data=res.deleted_count)
@ -133,7 +142,7 @@ async def edit_api(
编辑api 编辑api
""" """
res = await crud.api_list.edit_api(db, data_in) res = await crud.api_list.edit_api(db, data_in)
return schemas.Msg(code=0, msg='ok', data=res.deleted_count) return schemas.Msg(code=0, msg='ok', data=res.matched_count)
@router.get("/domain") @router.get("/domain")

456
api/api_v1/endpoints/authority.py
View File

@ -1,84 +1,59 @@
import pymongo # import pymongo
from fastapi import APIRouter, Depends, Request # from fastapi import APIRouter, Depends, Request
from motor.motor_asyncio import AsyncIOMotorDatabase # from motor.motor_asyncio import AsyncIOMotorDatabase
import crud, schemas # import crud, schemas
from core.config import settings # from core.config import settings
from core.security import get_password_hash # from core.security import get_password_hash
#
from db import get_database # from db import get_database
from api import deps # from api import deps
from db.ckdb import CKDrive, get_ck_db # from db.ckdb import CKDrive, get_ck_db
from utils import casbin_enforcer # from utils import casbin_enforcer
#
router = APIRouter() # router = APIRouter()
#
#
@router.get("/api_list") # @router.get("/api_list")
async def api_list(request: Request, # async def api_list(request: Request,
current_user: schemas.UserDB = Depends(deps.get_current_user)) -> schemas.Msg: # current_user: schemas.UserDB = Depends(deps.get_current_user)) -> schemas.Msg:
"""api 列表""" # """api 列表"""
app = request.app # app = request.app
data = {} # data = {}
for r in app.routes: # for r in app.routes:
title = r.tags[0] if hasattr(r, 'description') else None # title = r.tags[0] if hasattr(r, 'description') else None
if not title: # if not title:
continue # continue
data.setdefault(title, {'list': []}) # data.setdefault(title, {'list': []})
path = r.path # path = r.path
name = r.description if hasattr(r, 'description') else r.name # name = r.description if hasattr(r, 'description') else r.name
data[title]['list'].append({'api': path, 'title': name}) # data[title]['list'].append({'api': path, 'title': name})
#
res = [{'title': k, 'list': v['list']} for k, v in data.items()] # res = [{'title': k, 'list': v['list']} for k, v in data.items()]
#
return schemas.Msg(code=0, msg='ok', data=res) # return schemas.Msg(code=0, msg='ok', data=res)
#
#
@router.post('/set_data_auth') # @router.post('/set_data_auth')
async def set_data_auth(request: Request, # async def set_data_auth(request: Request,
data_id: schemas.DataAuthSet, # data_id: schemas.DataAuthSet,
game: str = Depends(deps.get_game_project), # game: str = Depends(deps.get_game_project),
db: AsyncIOMotorDatabase = Depends(get_database), # db: AsyncIOMotorDatabase = Depends(get_database),
current_user: schemas.UserDB = Depends(deps.get_current_user) # current_user: schemas.UserDB = Depends(deps.get_current_user)
) -> schemas.Msg: # ) -> schemas.Msg:
"""设置用户数据权限""" # """设置用户数据权限"""
await crud.authority.set_data_auth(db, data_id, game=game) # await crud.authority.set_data_auth(db, data_id, game=game)
return schemas.Msg(code=0, msg='ok', data=data_id) # return schemas.Msg(code=0, msg='ok', data=data_id)
#
#
@router.get('/get_user_data_auth') # @router.get('/get_user_data_auth')
async def get_user_data_auth(request: Request, # async def get_user_data_auth(request: Request,
game: str = Depends(deps.get_game_project),
db: AsyncIOMotorDatabase = Depends(get_database),
ck: CKDrive = Depends(get_ck_db),
current_user: schemas.UserDB = Depends(deps.get_current_user)
) -> schemas.Msg:
"""获取当前用户数据权限"""
data_auth = await crud.authority.get_data_auth(db, username=request.user.name, game=game)
if not data_auth:
values = await ck.distinct(game, 'event', '#event_name')
return schemas.Msg(code=0, msg='ok', data={
'data': values,
'game': game,
'name': '全部事件'
})
data_auth_id = data_auth['data_auth_id']
data = await crud.data_auth.get(data_auth_id)
return schemas.Msg(code=0, msg='ok', data=data)
# @router.get('/get_users_data_auth')
# async def get_users_data_auth(request: Request,
# game: str = Depends(deps.get_game_project), # game: str = Depends(deps.get_game_project),
# db: AsyncIOMotorDatabase = Depends(get_database), # db: AsyncIOMotorDatabase = Depends(get_database),
# ck: CKDrive = Depends(get_ck_db), # ck: CKDrive = Depends(get_ck_db),
# current_user: schemas.UserDB = Depends(deps.get_current_user) # current_user: schemas.UserDB = Depends(deps.get_current_user)
# ) -> schemas.Msg: # ) -> schemas.Msg:
# """获取当前项目所有用户数据权限""" # """获取当前用户数据权限"""
# #
# roles = await crud.authority.find_many(db, ptype='g', v2=game)
# for item in roles:
# user = item['v0']
# data_auth = await crud.authority.get_data_auth(db, username=request.user.name, game=game) # data_auth = await crud.authority.get_data_auth(db, username=request.user.name, game=game)
# if not data_auth: # if not data_auth:
# values = await ck.distinct(game, 'event', '#event_name') # values = await ck.distinct(game, 'event', '#event_name')
@ -91,6 +66,19 @@ async def get_user_data_auth(request: Request,
# data = await crud.data_auth.get(data_auth_id) # data = await crud.data_auth.get(data_auth_id)
# return schemas.Msg(code=0, msg='ok', data=data) # return schemas.Msg(code=0, msg='ok', data=data)
# #
#
# # @router.get('/get_users_data_auth')
# # async def get_users_data_auth(request: Request,
# # game: str = Depends(deps.get_game_project),
# # db: AsyncIOMotorDatabase = Depends(get_database),
# # ck: CKDrive = Depends(get_ck_db),
# # current_user: schemas.UserDB = Depends(deps.get_current_user)
# # ) -> schemas.Msg:
# # """获取当前项目所有用户数据权限"""
# #
# # roles = await crud.authority.find_many(db, ptype='g', v2=game)
# # for item in roles:
# # user = item['v0']
# # data_auth = await crud.authority.get_data_auth(db, username=request.user.name, game=game) # # data_auth = await crud.authority.get_data_auth(db, username=request.user.name, game=game)
# # if not data_auth: # # if not data_auth:
# # values = await ck.distinct(game, 'event', '#event_name') # # values = await ck.distinct(game, 'event', '#event_name')
@ -101,164 +89,176 @@ async def get_user_data_auth(request: Request,
# # }) # # })
# # data_auth_id = data_auth['data_auth_id'] # # data_auth_id = data_auth['data_auth_id']
# # data = await crud.data_auth.get(data_auth_id) # # data = await crud.data_auth.get(data_auth_id)
# return schemas.Msg(code=0, msg='ok') # # return schemas.Msg(code=0, msg='ok', data=data)
# #
# # # data_auth = await crud.authority.get_data_auth(db, username=request.user.name, game=game)
@router.post("/add_role") # # # if not data_auth:
async def add_role(request: Request, # # # values = await ck.distinct(game, 'event', '#event_name')
data_in: schemas.CasbinRoleCreate, # # # return schemas.Msg(code=0, msg='ok', data={
game: str = Depends(deps.get_game_project), # # # 'data': values,
db: AsyncIOMotorDatabase = Depends(get_database), # # # 'game': game,
current_user: schemas.UserDB = Depends(deps.get_current_user) # # # 'name': '全部事件'
) -> schemas.Msg: # # # })
"""创建角色""" # # # data_auth_id = data_auth['data_auth_id']
# # # data = await crud.data_auth.get(data_auth_id)
# 不允许角色名和用户名一样 # # return schemas.Msg(code=0, msg='ok')
if await crud.user.get_by_user(db, name=data_in.role_name): #
return schemas.Msg(code=-1, msg='请改个名字') #
role_dom = game # @router.post("/add_role")
api_dict = dict() # async def add_role(request: Request,
for r in request.app.routes: # data_in: schemas.CasbinRoleCreate,
api_dict[r.path] = r.description if hasattr(r, 'description') else r.name # game: str = Depends(deps.get_game_project),
# 角色有的接口权限
for obj in data_in.role_api:
casbin_enforcer.add_policy(data_in.role_name, role_dom, obj, '*')
await crud.authority.update_one(db, {'ptype': 'p', 'v0': data_in.role_name, 'v1': role_dom, 'v2': obj},
{'$set': {'api_name': api_dict.get(obj)}})
# 管理员默认拥有该角色 方便从db中读出
await crud.authority.create(db, 'g', settings.SUPERUSER_NAME, data_in.role_name, role_dom, '*',
role_name=data_in.role_name,
game=role_dom)
return schemas.Msg(code=0, msg='ok')
@router.post("/add_sys_role")
async def add_sys_role(request: Request,
data_in: schemas.CasbinRoleCreate,
game: str = Depends(deps.get_game_project),
db: AsyncIOMotorDatabase = Depends(get_database),
current_user: schemas.UserDB = Depends(deps.get_current_user)
) -> schemas.Msg:
"""创建系统角色"""
api_dict = dict()
# 不允许角色名和用户名一样
if await crud.user.get_by_user(db, name=data_in.role_name):
return schemas.Msg(code=-1, msg='请改个名字')
for r in request.app.routes:
api_dict[r.path] = r.description if hasattr(r, 'description') else r.name
# 角色有的接口权限
for obj in data_in.role_api:
casbin_enforcer.add_policy(data_in.role_name, '*', obj, '*')
await crud.authority.create(db, 'p', data_in.role_name, '*', obj, '*', api_name=api_dict.get(obj))
# 管理员默认拥有该角色 方便从db中读出
await crud.authority.create(db, 'g', settings.SUPERUSER_NAME, data_in.role_name,
role_name=data_in.role_name,
game='*')
return schemas.Msg(code=0, msg='ok')
@router.post("/add_account")
async def add_account(request: Request,
data_in: schemas.AccountsCreate,
game: str = Depends(deps.get_game_project),
db: AsyncIOMotorDatabase = Depends(get_database),
current_user: schemas.UserDB = Depends(deps.get_current_user)
) -> schemas.Msg:
"""添加账号"""
# 用户名不能与角色名重复
roles = casbin_enforcer.get_all_roles()
accounts = {item.username for item in data_in.accounts}
# 用户名不能与已存在的重复
exists_user = await crud.user.get_all_user(db)
if accounts & set(roles) or accounts & set(exists_user):
return schemas.Msg(code=-1, msg='已存在', data=list(set(accounts) & set(roles) | accounts & set(exists_user)))
"""创建账号 并设置角色"""
for item in data_in.accounts:
account = schemas.UserCreate(name=item.username, password=settings.DEFAULT_PASSWORD)
try:
await crud.user.create(db, account)
except pymongo.errors.DuplicateKeyError:
return schemas.Msg(code=-1, msg='用户名已存在')
casbin_enforcer.add_grouping_policy(item.username, item.role_name, game)
# 设置数据权限
await crud.authority.set_data_auth(db,
schemas.DataAuthSet(username=item.username, data_auth_id=item.data_auth_id),
game)
# 添加到项目成员
await crud.project.add_members(db, schemas.ProjectMember(project_id=data_in.project_id, members=list(accounts)))
return schemas.Msg(code=0, msg='ok')
@router.get("/all_role")
async def all_role(request: Request,
db: AsyncIOMotorDatabase = Depends(get_database),
game: str = Depends(deps.get_game_project),
current_user: schemas.UserDB = Depends(deps.get_current_user)
) -> schemas.Msg:
"""获取所有角色"""
app = request.app
api_data = {}
for r in app.routes:
title = r.tags[0] if hasattr(r, 'description') else None
if not title:
continue
api_data[r.path] = {
'api': r.path,
'title': title,
'name': r.description if hasattr(r, 'description') else r.name
}
"""获取域内所有角色"""
roles = await crud.authority.find_many(db, {'role_name': {'$exists': 1}, 'game': game})
dom_data = [{'role': item['v1'], 'title': item['role_name'], 'id': str(item['_id'])} for item in roles]
for item in dom_data:
q = await crud.authority.get_role_dom_authority(db, item['role'], game, api_data)
item['authority'] = [{'title': k, 'child': v} for k, v in q.items()]
# 获取系统角色
roles = await crud.authority.find_many(db, {'role_name':{'$exists': 1}, 'game':'*'})
sys_data = [{'role': item['v1'], 'title': item['role_name'], 'id': str(item['_id'])} for item in roles]
for item in sys_data:
q = await crud.authority.get_role_dom_authority(db, item['role'], dom=game, api_data=api_data)
item['authority'] = [{'title': k, 'child': v} for k, v in q.items()]
data = {
'dom_role': dom_data,
'sys_role': sys_data
}
return schemas.Msg(code=0, msg='ok', data=data)
# @router.post("/set_role")
# async def set_role(request: Request,
# data_id: schemas.AccountSetRole,
# db: AsyncIOMotorDatabase = Depends(get_database), # db: AsyncIOMotorDatabase = Depends(get_database),
# current_user: schemas.UserDB = Depends(deps.get_current_user) # current_user: schemas.UserDB = Depends(deps.get_current_user)
# ) -> schemas.Msg: # ) -> schemas.Msg:
# """设置账号角色""" # """创建角色"""
# casbin_enforcer.delete_user(data_id.name) #
# casbin_enforcer.add_role_for_user(data_id.name, data_id.role_name) # # 不允许角色名和用户名一样
# await crud.authority.update_one(db, {'ptype': 'g', 'v0': data_id.name}, dict(v1=data_id.role_name)) # if await crud.user.get_by_user(db, name=data_in.role_name):
# return schemas.Msg(code=-1, msg='请改个名字')
# role_dom = game
# api_dict = dict()
# for r in request.app.routes:
# api_dict[r.path] = r.description if hasattr(r, 'description') else r.name
# # 角色有的接口权限
# for obj in data_in.role_api:
# casbin_enforcer.add_policy(data_in.role_name, role_dom, obj, '*')
# await crud.authority.update_one(db, {'ptype': 'p', 'v0': data_in.role_name, 'v1': role_dom, 'v2': obj},
# {'$set': {'api_name': api_dict.get(obj)}})
#
# # 管理员默认拥有该角色 方便从db中读出
# await crud.authority.create(db, 'g', settings.SUPERUSER_NAME, data_in.role_name, role_dom, '*',
# role_name=data_in.role_name,
# game=role_dom)
# #
# return schemas.Msg(code=0, msg='ok') # return schemas.Msg(code=0, msg='ok')
#
# @router.get("/delete_user") #
# async def delete_user(request: Request, # @router.post("/add_sys_role")
# data_id: schemas.AccountDeleteUser, # async def add_sys_role(request: Request,
# data_in: schemas.CasbinRoleCreate,
# game: str = Depends(deps.get_game_project),
# db: AsyncIOMotorDatabase = Depends(get_database), # db: AsyncIOMotorDatabase = Depends(get_database),
# current_user: schemas.UserDB = Depends(deps.get_current_user) # current_user: schemas.UserDB = Depends(deps.get_current_user)
# ) -> schemas.Msg: # ) -> schemas.Msg:
# pass # """创建系统角色"""
# return schemas.Msg(code=0, msg='暂时没有') # api_dict = dict()
#
# # 不允许角色名和用户名一样
# if await crud.user.get_by_user(db, name=data_in.role_name):
# return schemas.Msg(code=-1, msg='请改个名字')
#
# for r in request.app.routes:
# api_dict[r.path] = r.description if hasattr(r, 'description') else r.name
# # 角色有的接口权限
# for obj in data_in.role_api:
# casbin_enforcer.add_policy(data_in.role_name, '*', obj, '*')
# await crud.authority.create(db, 'p', data_in.role_name, '*', obj, '*', api_name=api_dict.get(obj))
#
# # 管理员默认拥有该角色 方便从db中读出
# await crud.authority.create(db, 'g', settings.SUPERUSER_NAME, data_in.role_name,
# role_name=data_in.role_name,
# game='*')
#
# return schemas.Msg(code=0, msg='ok')
#
#
# @router.post("/add_account")
# async def add_account(request: Request,
#
# data_in: schemas.AccountsCreate,
# game: str = Depends(deps.get_game_project),
# db: AsyncIOMotorDatabase = Depends(get_database),
# current_user: schemas.UserDB = Depends(deps.get_current_user)
# ) -> schemas.Msg:
# """添加账号"""
#
# # 用户名不能与角色名重复
# roles = casbin_enforcer.get_all_roles()
# accounts = {item.username for item in data_in.accounts}
# # 用户名不能与已存在的重复
# exists_user = await crud.user.get_all_user(db)
# if accounts & set(roles) or accounts & set(exists_user):
# return schemas.Msg(code=-1, msg='已存在', data=list(set(accounts) & set(roles) | accounts & set(exists_user)))
#
# """创建账号 并设置角色"""
# for item in data_in.accounts:
# account = schemas.UserCreate(name=item.username, password=settings.DEFAULT_PASSWORD)
# try:
# await crud.user.create(db, account)
# except pymongo.errors.DuplicateKeyError:
# return schemas.Msg(code=-1, msg='用户名已存在')
#
# casbin_enforcer.add_grouping_policy(item.username, item.role_name, game)
# # 设置数据权限
# await crud.authority.set_data_auth(db,
# schemas.DataAuthSet(username=item.username, data_auth_id=item.data_auth_id),
# game)
#
# # 添加到项目成员
# await crud.project.add_members(db, schemas.ProjectMember(project_id=data_in.project_id, members=list(accounts)))
#
# return schemas.Msg(code=0, msg='ok')
#
#
# @router.get("/all_role")
# async def all_role(request: Request,
# db: AsyncIOMotorDatabase = Depends(get_database),
# game: str = Depends(deps.get_game_project),
# current_user: schemas.UserDB = Depends(deps.get_current_user)
# ) -> schemas.Msg:
# """获取所有角色"""
#
# app = request.app
# api_data = {}
# for r in app.routes:
# title = r.tags[0] if hasattr(r, 'description') else None
# if not title:
# continue
# api_data[r.path] = {
# 'api': r.path,
# 'title': title,
# 'name': r.description if hasattr(r, 'description') else r.name
# }
#
# """获取域内所有角色"""
# roles = await crud.authority.find_many(db, {'role_name': {'$exists': 1}, 'game': game})
# dom_data = [{'role': item['v1'], 'title': item['role_name'], 'id': str(item['_id'])} for item in roles]
# for item in dom_data:
# q = await crud.authority.get_role_dom_authority(db, item['role'], game, api_data)
# item['authority'] = [{'title': k, 'child': v} for k, v in q.items()]
#
# # 获取系统角色
# roles = await crud.authority.find_many(db, {'role_name':{'$exists': 1}, 'game':'*'})
# sys_data = [{'role': item['v1'], 'title': item['role_name'], 'id': str(item['_id'])} for item in roles]
# for item in sys_data:
# q = await crud.authority.get_role_dom_authority(db, item['role'], dom=game, api_data=api_data)
# item['authority'] = [{'title': k, 'child': v} for k, v in q.items()]
#
# data = {
# 'dom_role': dom_data,
# 'sys_role': sys_data
# }
# return schemas.Msg(code=0, msg='ok', data=data)
#
# # @router.post("/set_role")
# # async def set_role(request: Request,
# # data_id: schemas.AccountSetRole,
# # db: AsyncIOMotorDatabase = Depends(get_database),
# # current_user: schemas.UserDB = Depends(deps.get_current_user)
# # ) -> schemas.Msg:
# # """设置账号角色"""
# # casbin_enforcer.delete_user(data_id.name)
# # casbin_enforcer.add_role_for_user(data_id.name, data_id.role_name)
# # await crud.authority.update_one(db, {'ptype': 'g', 'v0': data_id.name}, dict(v1=data_id.role_name))
# #
# # return schemas.Msg(code=0, msg='ok')
#
# # @router.get("/delete_user")
# # async def delete_user(request: Request,
# # data_id: schemas.AccountDeleteUser,
# # db: AsyncIOMotorDatabase = Depends(get_database),
# # current_user: schemas.UserDB = Depends(deps.get_current_user)
# # ) -> schemas.Msg:
# # pass
# # return schemas.Msg(code=0, msg='暂时没有')

2
api/api_v1/endpoints/data_auth.py
View File

@ -15,7 +15,7 @@ from db import get_database
from api import deps from api import deps
from db.ckdb import CKDrive, get_ck_db from db.ckdb import CKDrive, get_ck_db
from db.redisdb import get_redis_pool, RedisDrive from db.redisdb import get_redis_pool, RedisDrive
from utils import casbin_enforcer # from utils import casbin_enforcer
router = APIRouter() router = APIRouter()

32
api/api_v1/endpoints/project.py
View File

@ -9,7 +9,7 @@ from core.config import settings
from db import get_database from db import get_database
from db.ckdb import CKDrive, get_ck_db from db.ckdb import CKDrive, get_ck_db
from schemas.project import ProjectCreate from schemas.project import ProjectCreate
from utils import casbin_enforcer # from utils import casbin_enforcer
router = APIRouter() router = APIRouter()
@ -47,15 +47,15 @@ async def create(
# await crud.data_auth.create(db, data_auth, data_in.game) # await crud.data_auth.create(db, data_auth, data_in.game)
# 新建项目管理员权限 # 新建项目管理员权限
role_name = f'{data_in.game}_admin' # role_name = f'{data_in.game}_admin'
role_dom = data_in.game # role_dom = data_in.game
casbin_enforcer.add_policy(role_name, role_dom, '*', '*') # casbin_enforcer.add_policy(role_name, role_dom, '*', '*')
await crud.authority.create(db, 'p', role_name, role_dom, '*', '*') # await crud.authority.create(db, 'p', role_name, role_dom, '*', '*')
# 添加角色 # 添加角色
await crud.authority.create(db, 'g', settings.SUPERUSER_NAME, role_name, '*', '*', role_name='系统项目管理员', game='*') # await crud.authority.create(db, 'g', settings.SUPERUSER_NAME, role_name, '*', '*', role_name='系统项目管理员', game='*')
# 添加数据权限 # # 添加数据权限
await crud.authority.set_data_auth(db, schemas.DataAuthSet(username=request.user.username, data_auth_id='*'), # await crud.authority.set_data_auth(db, schemas.DataAuthSet(username=request.user.username, data_auth_id='*'),
game=data_in.game, v1=role_name) # game=data_in.game, v1=role_name)
return schemas.Msg(code=0, msg='创建成功') return schemas.Msg(code=0, msg='创建成功')
@ -120,11 +120,11 @@ async def add_members(request: Request,
"""项目添加成员""" """项目添加成员"""
for item in data_in.members: for item in data_in.members:
casbin_enforcer.add_grouping_policy(item.username, item.role_name, game) # casbin_enforcer.add_grouping_policy(item.username, item.role_name, game)
# 设置数据权限 # # 设置数据权限
await crud.authority.set_data_auth(db, # await crud.authority.set_data_auth(db,
schemas.DataAuthSet(username=item.username, data_auth_id=item.data_auth_id), # schemas.DataAuthSet(username=item.username, data_auth_id=item.data_auth_id),
game) # game)
folder = schemas.FolderCreate( folder = schemas.FolderCreate(
name='未分组', name='未分组',
@ -196,9 +196,9 @@ async def members(request: Request,
current_user: schemas.UserDB = Depends(deps.get_current_user) current_user: schemas.UserDB = Depends(deps.get_current_user)
): ):
"""删除项目成员""" """删除项目成员"""
casbin_enforcer.delete_roles_for_user_in_domain(data_in.username, data_in.role, game) # casbin_enforcer.delete_roles_for_user_in_domain(data_in.username, data_in.role, game)
await crud.project.del_members(db, data_in) await crud.project.del_members(db, data_in)
await crud.authority.delete(db, ptype='g', v2=game, v0=data_in.username) # await crud.authority.delete(db, ptype='g', v2=game, v0=data_in.username)
return schemas.Msg(code=0, msg='ok') return schemas.Msg(code=0, msg='ok')

5
crud/base.py
View File

@ -40,7 +40,7 @@ class CRUDBase:
return await db[self.coll_name].delete_many(filter, collation, hint, session) return await db[self.coll_name].delete_many(filter, collation, hint, session)
async def delete_id(self, db, *args): async def delete_id(self, db, *args):
return await db[self.coll_name].delete_one({'_id': {'$in': list(args)}}) return await db[self.coll_name].delete_many({'_id': {'$in': list(args)}})
async def update_one(self, db, filter, update, upsert=False): async def update_one(self, db, filter, update, upsert=False):
res = await db[self.coll_name].update_one(filter, update, upsert) res = await db[self.coll_name].update_one(filter, update, upsert)
@ -52,5 +52,8 @@ class CRUDBase:
async def distinct(self, db, key, filter=None): async def distinct(self, db, key, filter=None):
return await db[self.coll_name].distinct(key, filter) return await db[self.coll_name].distinct(key, filter)
async def find_ids(self, db, ids, *args, **kwargs):
return await self.find_many(db, {'_id': {'$in': ids}}, *args, **kwargs)
# async def _create_index(self, db: AsyncIOMotorDatabase, *args, **kwargs): # async def _create_index(self, db: AsyncIOMotorDatabase, *args, **kwargs):
# return await db[self.coll_name].create_index(*args, **kwargs) # return await db[self.coll_name].create_index(*args, **kwargs)

8
crud/crud_api_list.py
View File

@ -15,14 +15,12 @@ class CRUDApiList(CRUDBase):
async def edit_api(self, db: AsyncIOMotorDatabase, data_in: schemas.EditApi): async def edit_api(self, db: AsyncIOMotorDatabase, data_in: schemas.EditApi):
where = {'_id': data_in.id} where = {'_id': data_in.id}
data = {'$set': data_in.dict()} data = {'$set': data_in.dict(exclude={'id'})}
return await self.update_one(db, where, data) return await self.update_one(db, where, data)
async def all_api(self, db: AsyncIOMotorDatabase, game):
where = {'game': game}
return await self.find_many(db, where) async def all_api(self, db: AsyncIOMotorDatabase):
return await self.find_many(db)

5
middleware/casbin.py
View File

@ -1,3 +1,4 @@
from utils.casbin.enforcer import Enforcer from utils.casbin.enforcer import Enforcer
from fastapi import HTTPException from fastapi import HTTPException
from starlette.authentication import BaseUser from starlette.authentication import BaseUser
@ -33,7 +34,7 @@ class CasbinMiddleware:
await self.app(scope, receive, send) await self.app(scope, receive, send)
return return
if self._enforce(scope, receive): if await self._enforce(scope, receive):
await self.app(scope, receive, send) await self.app(scope, receive, send)
return return
else: else:
@ -45,7 +46,7 @@ class CasbinMiddleware:
await response(scope, receive, send) await response(scope, receive, send)
return return
def _enforce(self, scope: Scope, receive: Receive) -> bool: async def _enforce(self, scope: Scope, receive: Receive) -> bool:
""" """
Enforce a request Enforce a request

4
schemas/api_list.py
View File

@ -29,5 +29,7 @@ class DelApi(BaseModel):
ids: List[str] = Field(..., description='要删除的id') ids: List[str] = Field(..., description='要删除的id')
class EditApi(ApiBase): class EditApi(BaseModel):
id: str = Field(..., description='要编辑的id') id: str = Field(..., description='要编辑的id')
name: str
desc: str

34
utils/adapter.py
View File

@ -26,7 +26,7 @@ class CasbinRule:
for i, v in enumerate([self.v0, self.v1, self.v2, self.v3, self.v4, self.v5]): for i, v in enumerate([self.v0, self.v1, self.v2, self.v3, self.v4, self.v5]):
if v is None: if v is None:
break continue
d['v' + str(i)] = v d['v' + str(i)] = v
return d return d
@ -47,20 +47,24 @@ class Adapter(persist.Adapter):
self._collection = db[collection] self._collection = db[collection]
@staticmethod @staticmethod
def format_policy(ptype, args): def format_policy(ptype, field_values, field_index=0):
line = CasbinRule(ptype=ptype) line = CasbinRule(ptype=ptype)
if len(args) > 0:
line.v0 = args[0] for i in range(field_index, field_index+len(field_values)):
if len(args) > 1: line.__setattr__(f'v{i}', field_values[i - field_index])
line.v1 = args[1]
if len(args) > 2: # if len(args) > 0:
line.v2 = args[2] # line.v0 = args[0]
if len(args) > 3: # if len(args) > 1:
line.v3 = args[3] # line.v1 = args[1]
if len(args) > 4: # if len(args) > 2:
line.v4 = args[4] # line.v2 = args[2]
if len(args) > 5: # if len(args) > 3:
line.v5 = args[5] # line.v3 = args[3]
# if len(args) > 4:
# line.v4 = args[4]
# if len(args) > 5:
# line.v5 = args[5]
return line return line
@ -132,7 +136,7 @@ class Adapter(persist.Adapter):
""" """
delete policy rules for matching filters from mongodb delete policy rules for matching filters from mongodb
""" """
line = self.format_policy(ptype, field_values) line = self.format_policy(ptype, field_values, field_index)
self._collection.delete_one(line.dict()) self._collection.delete_one(line.dict())