mirror of
https://github.com/fastapi-practices/fastapi_best_architecture.git
synced 2025-08-20 08:11:50 +08:00
234 lines
7.2 KiB
Python
234 lines
7.2 KiB
Python
#!/usr/bin/env python3
|
|
# -*- coding: utf-8 -*-
|
|
from typing import Annotated
|
|
from uuid import UUID
|
|
|
|
from fastapi import APIRouter, Depends, Query
|
|
|
|
from backend.app.common.jwt import DependsJwtAuth
|
|
from backend.app.common.pagination import DependsPagination, paging_data
|
|
from backend.app.common.permission import RequestPermission
|
|
from backend.app.common.rbac import DependsRBAC
|
|
from backend.app.common.response.response_schema import ResponseModel, response_base
|
|
from backend.app.database.db_mysql import CurrentSession
|
|
from backend.app.schemas.casbin_rule import (
|
|
CreatePolicyParam,
|
|
CreateUserRoleParam,
|
|
DeleteAllPoliciesParam,
|
|
DeletePolicyParam,
|
|
DeleteUserRoleParam,
|
|
GetPolicyListDetails,
|
|
UpdatePolicyParam,
|
|
)
|
|
from backend.app.services.casbin_service import casbin_service
|
|
|
|
router = APIRouter()
|
|
|
|
|
|
@router.get(
|
|
'',
|
|
summary='(模糊条件)分页获取所有权限规则',
|
|
dependencies=[
|
|
DependsJwtAuth,
|
|
DependsPagination,
|
|
],
|
|
)
|
|
async def get_pagination_casbin(
|
|
db: CurrentSession,
|
|
ptype: Annotated[str | None, Query(description='规则类型, p / g')] = None,
|
|
sub: Annotated[str | None, Query(description='用户 uuid / 角色')] = None,
|
|
) -> ResponseModel:
|
|
casbin_select = await casbin_service.get_casbin_list(ptype=ptype, sub=sub)
|
|
page_data = await paging_data(db, casbin_select, GetPolicyListDetails)
|
|
return await response_base.success(data=page_data)
|
|
|
|
|
|
@router.get('/policies', summary='获取所有P权限规则', dependencies=[DependsJwtAuth])
|
|
async def get_all_policies(role: Annotated[int | None, Query(description='角色ID')] = None) -> ResponseModel:
|
|
policies = await casbin_service.get_policy_list(role=role)
|
|
return await response_base.success(data=policies)
|
|
|
|
|
|
@router.post(
|
|
'/policy',
|
|
summary='添加P权限规则',
|
|
dependencies=[
|
|
Depends(RequestPermission('casbin:p:add')),
|
|
DependsRBAC,
|
|
],
|
|
)
|
|
async def create_policy(p: CreatePolicyParam) -> ResponseModel:
|
|
"""
|
|
p 规则:
|
|
|
|
- 推荐添加基于角色的访问权限, 需配合添加 g 规则才能真正拥有访问权限,适合配置全局接口访问策略<br>
|
|
**格式**: 角色 role + 访问路径 path + 访问方法 method
|
|
|
|
- 如果添加基于用户的访问权限, 不需配合添加 g 规则就能真正拥有权限,适合配置指定用户接口访问策略<br>
|
|
**格式**: 用户 uuid + 访问路径 path + 访问方法 method
|
|
"""
|
|
data = await casbin_service.create_policy(p=p)
|
|
return await response_base.success(data=data)
|
|
|
|
|
|
@router.post(
|
|
'/policies',
|
|
summary='添加多组P权限规则',
|
|
dependencies=[
|
|
Depends(RequestPermission('casbin:p:group:add')),
|
|
DependsRBAC,
|
|
],
|
|
)
|
|
async def create_policies(ps: list[CreatePolicyParam]) -> ResponseModel:
|
|
data = await casbin_service.create_policies(ps=ps)
|
|
return await response_base.success(data=data)
|
|
|
|
|
|
@router.put(
|
|
'/policy',
|
|
summary='更新P权限规则',
|
|
dependencies=[
|
|
Depends(RequestPermission('casbin:p:edit')),
|
|
DependsRBAC,
|
|
],
|
|
)
|
|
async def update_policy(old: UpdatePolicyParam, new: UpdatePolicyParam) -> ResponseModel:
|
|
data = await casbin_service.update_policy(old=old, new=new)
|
|
return await response_base.success(data=data)
|
|
|
|
|
|
@router.put(
|
|
'/policies',
|
|
summary='更新多组P权限规则',
|
|
dependencies=[
|
|
Depends(RequestPermission('casbin:p:group:edit')),
|
|
DependsRBAC,
|
|
],
|
|
)
|
|
async def update_policies(old: list[UpdatePolicyParam], new: list[UpdatePolicyParam]) -> ResponseModel:
|
|
data = await casbin_service.update_policies(old=old, new=new)
|
|
return await response_base.success(data=data)
|
|
|
|
|
|
@router.delete(
|
|
'/policy',
|
|
summary='删除P权限规则',
|
|
dependencies=[
|
|
Depends(RequestPermission('casbin:p:del')),
|
|
DependsRBAC,
|
|
],
|
|
)
|
|
async def delete_policy(p: DeletePolicyParam) -> ResponseModel:
|
|
data = await casbin_service.delete_policy(p=p)
|
|
return await response_base.success(data=data)
|
|
|
|
|
|
@router.delete(
|
|
'/policies',
|
|
summary='删除多组P权限规则',
|
|
dependencies=[
|
|
Depends(RequestPermission('casbin:p:group:del')),
|
|
DependsRBAC,
|
|
],
|
|
)
|
|
async def delete_policies(ps: list[DeletePolicyParam]) -> ResponseModel:
|
|
data = await casbin_service.delete_policies(ps=ps)
|
|
return await response_base.success(data=data)
|
|
|
|
|
|
@router.delete(
|
|
'/policies/all',
|
|
summary='删除所有P权限规则',
|
|
dependencies=[
|
|
Depends(RequestPermission('casbin:p:empty')),
|
|
DependsRBAC,
|
|
],
|
|
)
|
|
async def delete_all_policies(sub: DeleteAllPoliciesParam) -> ResponseModel:
|
|
count = await casbin_service.delete_all_policies(sub=sub)
|
|
if count > 0:
|
|
return await response_base.success()
|
|
return await response_base.fail()
|
|
|
|
|
|
@router.get('/groups', summary='获取所有G权限规则', dependencies=[DependsJwtAuth])
|
|
async def get_all_groups() -> ResponseModel:
|
|
data = await casbin_service.get_group_list()
|
|
return await response_base.success(data=data)
|
|
|
|
|
|
@router.post(
|
|
'/group',
|
|
summary='添加G权限规则',
|
|
dependencies=[
|
|
Depends(RequestPermission('casbin:g:add')),
|
|
DependsRBAC,
|
|
],
|
|
)
|
|
async def create_group(g: CreateUserRoleParam) -> ResponseModel:
|
|
"""
|
|
g 规则 (**依赖 p 规则**):
|
|
|
|
- 如果在 p 规则中添加了基于角色的访问权限, 则还需要在 g 规则中添加基于用户组的访问权限, 才能真正拥有访问权限<br>
|
|
**格式**: 用户 uuid + 角色 role
|
|
|
|
- 如果在 p 策略中添加了基于用户的访问权限, 则不添加相应的 g 规则能直接拥有访问权限<br>
|
|
但是拥有的不是用户角色的所有权限, 而只是单一的对应的 p 规则所添加的访问权限
|
|
"""
|
|
data = await casbin_service.create_group(g=g)
|
|
return await response_base.success(data=data)
|
|
|
|
|
|
@router.post(
|
|
'/groups',
|
|
summary='添加多组G权限规则',
|
|
dependencies=[
|
|
Depends(RequestPermission('casbin:g:group:add')),
|
|
DependsRBAC,
|
|
],
|
|
)
|
|
async def create_groups(gs: list[CreateUserRoleParam]) -> ResponseModel:
|
|
data = await casbin_service.create_groups(gs=gs)
|
|
return await response_base.success(data=data)
|
|
|
|
|
|
@router.delete(
|
|
'/group',
|
|
summary='删除G权限规则',
|
|
dependencies=[
|
|
Depends(RequestPermission('casbin:g:del')),
|
|
DependsRBAC,
|
|
],
|
|
)
|
|
async def delete_group(g: DeleteUserRoleParam) -> ResponseModel:
|
|
data = await casbin_service.delete_group(g=g)
|
|
return await response_base.success(data=data)
|
|
|
|
|
|
@router.delete(
|
|
'/groups',
|
|
summary='删除多组G权限规则',
|
|
dependencies=[
|
|
Depends(RequestPermission('casbin:g:group:del')),
|
|
DependsRBAC,
|
|
],
|
|
)
|
|
async def delete_groups(gs: list[DeleteUserRoleParam]) -> ResponseModel:
|
|
data = await casbin_service.delete_groups(gs=gs)
|
|
return await response_base.success(data=data)
|
|
|
|
|
|
@router.delete(
|
|
'/groups/all',
|
|
summary='删除所有G权限规则',
|
|
dependencies=[
|
|
Depends(RequestPermission('casbin:g:empty')),
|
|
DependsRBAC,
|
|
],
|
|
)
|
|
async def delete_all_groups(uuid: Annotated[UUID, Query(...)]) -> ResponseModel:
|
|
count = await casbin_service.delete_all_groups(uuid=uuid)
|
|
if count > 0:
|
|
return await response_base.success()
|
|
return await response_base.fail()
|