267 lines
11 KiB
Python
267 lines
11 KiB
Python
import pymongo
|
|
from fastapi import APIRouter, Depends, Request
|
|
from motor.motor_asyncio import AsyncIOMotorDatabase
|
|
import crud, schemas
|
|
from core.config import settings
|
|
from core.security import get_password_hash
|
|
|
|
from db import get_database
|
|
from api import deps
|
|
from db.ckdb import CKDrive, get_ck_db
|
|
from utils import casbin_enforcer
|
|
|
|
router = APIRouter()
|
|
|
|
|
|
@router.get("/api_list")
|
|
async def api_list(request: Request,
|
|
current_user: schemas.UserDB = Depends(deps.get_current_user)) -> schemas.Msg:
|
|
"""api 列表"""
|
|
app = request.app
|
|
data = {}
|
|
for r in app.routes:
|
|
title = r.tags[0] if hasattr(r, 'description') else None
|
|
if not title:
|
|
continue
|
|
data.setdefault(title, {'list': []})
|
|
path = r.path
|
|
name = r.description if hasattr(r, 'description') else r.name
|
|
data[title]['list'].append({'api': path, 'title': name})
|
|
|
|
res = [{'title': k, 'list': v['list']} for k, v in data.items()]
|
|
|
|
return schemas.Msg(code=0, msg='ok', data=res)
|
|
|
|
|
|
@router.post('/set_data_auth')
|
|
async def set_data_auth(request: Request,
|
|
data_id: schemas.DataAuthSet,
|
|
game: str = Depends(deps.get_game_project),
|
|
db: AsyncIOMotorDatabase = Depends(get_database),
|
|
current_user: schemas.UserDB = Depends(deps.get_current_user)
|
|
) -> schemas.Msg:
|
|
"""设置用户数据权限"""
|
|
await crud.authority.set_data_auth(db, data_id, game=game)
|
|
return schemas.Msg(code=0, msg='ok', data=data_id)
|
|
|
|
|
|
@router.get('/get_user_data_auth')
|
|
async def get_user_data_auth(request: Request,
|
|
game: str = Depends(deps.get_game_project),
|
|
db: AsyncIOMotorDatabase = Depends(get_database),
|
|
ck: CKDrive = Depends(get_ck_db),
|
|
current_user: schemas.UserDB = Depends(deps.get_current_user)
|
|
) -> schemas.Msg:
|
|
"""获取当前用户数据权限"""
|
|
|
|
data_auth = await crud.authority.get_data_auth(db, username=request.user.name, game=game)
|
|
if not data_auth:
|
|
values = await ck.distinct(game, 'event', '#event_name')
|
|
return schemas.Msg(code=0, msg='ok', data={
|
|
'data': values,
|
|
'game': game,
|
|
'name': '全部事件'
|
|
})
|
|
data_auth_id = data_auth['data_auth_id']
|
|
data = await crud.data_auth.get(data_auth_id)
|
|
return schemas.Msg(code=0, msg='ok', data=data)
|
|
|
|
|
|
# @router.get('/get_users_data_auth')
|
|
# async def get_users_data_auth(request: Request,
|
|
# game: str = Depends(deps.get_game_project),
|
|
# db: AsyncIOMotorDatabase = Depends(get_database),
|
|
# ck: CKDrive = Depends(get_ck_db),
|
|
# current_user: schemas.UserDB = Depends(deps.get_current_user)
|
|
# ) -> schemas.Msg:
|
|
# """获取当前项目所有用户数据权限"""
|
|
#
|
|
# roles = await crud.authority.find_many(db, ptype='g', v2=game)
|
|
# for item in roles:
|
|
# user = item['v0']
|
|
# data_auth = await crud.authority.get_data_auth(db, username=request.user.name, game=game)
|
|
# if not data_auth:
|
|
# values = await ck.distinct(game, 'event', '#event_name')
|
|
# return schemas.Msg(code=0, msg='ok', data={
|
|
# 'data': values,
|
|
# 'game': game,
|
|
# 'name': '全部事件'
|
|
# })
|
|
# data_auth_id = data_auth['data_auth_id']
|
|
# data = await crud.data_auth.get(data_auth_id)
|
|
# return schemas.Msg(code=0, msg='ok', data=data)
|
|
#
|
|
# # data_auth = await crud.authority.get_data_auth(db, username=request.user.name, game=game)
|
|
# # if not data_auth:
|
|
# # values = await ck.distinct(game, 'event', '#event_name')
|
|
# # return schemas.Msg(code=0, msg='ok', data={
|
|
# # 'data': values,
|
|
# # 'game': game,
|
|
# # 'name': '全部事件'
|
|
# # })
|
|
# # data_auth_id = data_auth['data_auth_id']
|
|
# # data = await crud.data_auth.get(data_auth_id)
|
|
# return schemas.Msg(code=0, msg='ok')
|
|
|
|
|
|
@router.post("/add_role")
|
|
async def add_role(request: Request,
|
|
data_in: schemas.CasbinRoleCreate,
|
|
game: str = Depends(deps.get_game_project),
|
|
db: AsyncIOMotorDatabase = Depends(get_database),
|
|
current_user: schemas.UserDB = Depends(deps.get_current_user)
|
|
) -> schemas.Msg:
|
|
"""创建角色"""
|
|
|
|
# 不允许角色名和用户名一样
|
|
if await crud.user.get_by_user(db, name=data_in.role_name):
|
|
return schemas.Msg(code=-1, msg='请改个名字')
|
|
role_dom = game
|
|
api_dict = dict()
|
|
for r in request.app.routes:
|
|
api_dict[r.path] = r.description if hasattr(r, 'description') else r.name
|
|
# 角色有的接口权限
|
|
for obj in data_in.role_api:
|
|
casbin_enforcer.add_policy(data_in.role_name, role_dom, obj, '*')
|
|
await crud.authority.update_one(db, {'ptype': 'p', 'v0': data_in.role_name, 'v1': role_dom, 'v2': obj},
|
|
{'$set': {'api_name': api_dict.get(obj)}})
|
|
|
|
# 管理员默认拥有该角色 方便从db中读出
|
|
await crud.authority.create(db, 'g', settings.SUPERUSER_NAME, data_in.role_name, '*', '*',
|
|
role_name=data_in.role_name,
|
|
game=role_dom)
|
|
|
|
return schemas.Msg(code=0, msg='ok')
|
|
|
|
|
|
@router.post("/add_sys_role")
|
|
async def add_sys_role(request: Request,
|
|
data_in: schemas.CasbinRoleCreate,
|
|
game: str = Depends(deps.get_game_project),
|
|
db: AsyncIOMotorDatabase = Depends(get_database),
|
|
current_user: schemas.UserDB = Depends(deps.get_current_user)
|
|
) -> schemas.Msg:
|
|
"""创建系统角色"""
|
|
api_dict = dict()
|
|
|
|
# 不允许角色名和用户名一样
|
|
if await crud.user.get_by_user(db, name=data_in.role_name):
|
|
return schemas.Msg(code=-1, msg='请改个名字')
|
|
|
|
for r in request.app.routes:
|
|
api_dict[r.path] = r.description if hasattr(r, 'description') else r.name
|
|
# 角色有的接口权限
|
|
for obj in data_in.role_api:
|
|
casbin_enforcer.add_policy(data_in.role_name, '*', obj, '*')
|
|
await crud.authority.create(db, 'p', data_in.role_name, '*', obj, '*', api_name=api_dict.get(obj))
|
|
|
|
# 管理员默认拥有该角色 方便从db中读出
|
|
await crud.authority.create(db, 'g', settings.SUPERUSER_NAME, data_in.role_name,
|
|
role_name=data_in.role_name,
|
|
game='*')
|
|
|
|
return schemas.Msg(code=0, msg='ok')
|
|
|
|
|
|
@router.post("/add_account")
|
|
async def add_account(request: Request,
|
|
|
|
data_in: schemas.AccountsCreate,
|
|
game: str = Depends(deps.get_game_project),
|
|
db: AsyncIOMotorDatabase = Depends(get_database),
|
|
current_user: schemas.UserDB = Depends(deps.get_current_user)
|
|
) -> schemas.Msg:
|
|
"""添加账号"""
|
|
|
|
# 用户名不能与角色名重复
|
|
roles = casbin_enforcer.get_all_roles()
|
|
accounts = {item.username for item in data_in.accounts}
|
|
# 用户名不能与已存在的重复
|
|
exists_user = await crud.user.get_all_user(db)
|
|
if accounts & set(roles) or accounts & set(exists_user):
|
|
return schemas.Msg(code=-1, msg='已存在', data=list(set(accounts) & set(roles) | accounts & set(exists_user)))
|
|
|
|
"""创建账号 并设置角色"""
|
|
for item in data_in.accounts:
|
|
account = schemas.UserCreate(name=item.username, password=settings.DEFAULT_PASSWORD)
|
|
try:
|
|
await crud.user.create(db, account)
|
|
except pymongo.errors.DuplicateKeyError:
|
|
return schemas.Msg(code=-1, msg='用户名已存在')
|
|
|
|
casbin_enforcer.add_grouping_policy(item.username, item.role_name, game)
|
|
# 设置数据权限
|
|
await crud.authority.set_data_auth(db,
|
|
schemas.DataAuthSet(username=item.username, data_auth_id=item.data_auth_id),
|
|
game)
|
|
|
|
# 添加到项目成员
|
|
await crud.project.add_members(db, schemas.ProjectMember(project_id=data_in.project_id, members=list(accounts)))
|
|
|
|
return schemas.Msg(code=0, msg='ok')
|
|
|
|
|
|
@router.get("/all_role")
|
|
async def all_role(request: Request,
|
|
db: AsyncIOMotorDatabase = Depends(get_database),
|
|
game: str = Depends(deps.get_game_project),
|
|
current_user: schemas.UserDB = Depends(deps.get_current_user)
|
|
) -> schemas.Msg:
|
|
"""获取所有角色"""
|
|
|
|
app = request.app
|
|
api_data = {}
|
|
for r in app.routes:
|
|
title = r.tags[0] if hasattr(r, 'description') else None
|
|
if not title:
|
|
continue
|
|
api_data[r.path] = {
|
|
'api': r.path,
|
|
'title': title,
|
|
'name': r.description if hasattr(r, 'description') else r.name
|
|
}
|
|
|
|
"""获取域内所有角色"""
|
|
roles = await crud.authority.find_many(db, role_name={'$exists': 1}, game=game)
|
|
dom_data = [{'role': item['v1'], 'title': item['role_name'], 'id': str(item['_id'])} for item in roles]
|
|
for item in dom_data:
|
|
q = await crud.authority.get_role_dom_authority(db, item['role'], game, api_data)
|
|
item['authority'] = [{'title': k, 'child': v} for k, v in q.items()]
|
|
|
|
# 获取系统角色
|
|
roles = await crud.authority.find_many(db, role_name={'$exists': 1}, game='*')
|
|
sys_data = [{'role': item['v1'], 'title': item['role_name'], 'id': str(item['_id'])} for item in roles]
|
|
for item in sys_data:
|
|
q = await crud.authority.get_role_dom_authority(db, item['role'], dom='*', api_data=api_data)
|
|
item['authority'] = [{'title': k, 'child': v} for k, v in q.items()]
|
|
|
|
data = {
|
|
'dom_role': dom_data,
|
|
'sys_role': sys_data
|
|
}
|
|
return schemas.Msg(code=0, msg='ok', data=data)
|
|
|
|
|
|
|
|
# @router.post("/set_role")
|
|
# async def set_role(request: Request,
|
|
# data_id: schemas.AccountSetRole,
|
|
# db: AsyncIOMotorDatabase = Depends(get_database),
|
|
# current_user: schemas.UserDB = Depends(deps.get_current_user)
|
|
# ) -> schemas.Msg:
|
|
# """设置账号角色"""
|
|
# casbin_enforcer.delete_user(data_id.name)
|
|
# casbin_enforcer.add_role_for_user(data_id.name, data_id.role_name)
|
|
# await crud.authority.update_one(db, {'ptype': 'g', 'v0': data_id.name}, dict(v1=data_id.role_name))
|
|
#
|
|
# return schemas.Msg(code=0, msg='ok')
|
|
|
|
# @router.get("/delete_user")
|
|
# async def delete_user(request: Request,
|
|
# data_id: schemas.AccountDeleteUser,
|
|
# db: AsyncIOMotorDatabase = Depends(get_database),
|
|
# current_user: schemas.UserDB = Depends(deps.get_current_user)
|
|
# ) -> schemas.Msg:
|
|
# pass
|
|
# return schemas.Msg(code=0, msg='暂时没有')
|