perf: 优化角色管理模块数据权限

ruoyi-fastapi-backend/module_admin/controller/role_controller.py

@@ -30,7 +30,7 @@ async def get_system_role_dept_tree(request: Request, role_id: int, query_db: As
     
     
 @roleController.get("/list", response_model=PageResponseModel, dependencies=[Depends(CheckUserInterfaceAuth('system:role:list'))])
-async def get_system_role_list(request: Request, role_page_query: RolePageQueryModel = Depends(RolePageQueryModel.as_query), query_db: AsyncSession = Depends(get_db), data_scope_sql: str = Depends(GetDataScope('role_query.columns'))):
+async def get_system_role_list(request: Request, role_page_query: RolePageQueryModel = Depends(RolePageQueryModel.as_query), query_db: AsyncSession = Depends(get_db), data_scope_sql: str = Depends(GetDataScope('SysDept'))):
     role_page_query_result = await RoleService.get_role_list_services(query_db, role_page_query, data_scope_sql, is_page=True)
     logger.info('获取成功')
 
@@ -54,10 +54,10 @@ async def add_system_role(request: Request, add_role: AddRoleModel, query_db: As
 @roleController.put("", dependencies=[Depends(CheckUserInterfaceAuth('system:role:edit'))])
 @ValidateFields(validate_model='edit_role')
 @log_decorator(title='角色管理', business_type=BusinessType.UPDATE)
-async def edit_system_role(request: Request, edit_role: AddRoleModel, query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user), data_scope_sql: str = Depends(GetDataScope('role_query'))):
+async def edit_system_role(request: Request, edit_role: AddRoleModel, query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user), data_scope_sql: str = Depends(GetDataScope('SysDept'))):
     await RoleService.check_role_allowed_services(edit_role)
     if not current_user.user.admin:
-        await RoleService.check_role_data_scope_services(query_db, edit_role.role_id, data_scope_sql)
+        await RoleService.check_role_data_scope_services(query_db, str(edit_role.role_id), data_scope_sql)
     edit_role.update_by = current_user.user.user_name
     edit_role.update_time = datetime.now()
     edit_role_result = await RoleService.edit_role_services(query_db, edit_role)
@@ -68,10 +68,10 @@ async def edit_system_role(request: Request, edit_role: AddRoleModel, query_db:
 
 @roleController.put("/dataScope", dependencies=[Depends(CheckUserInterfaceAuth('system:role:edit'))])
 @log_decorator(title='角色管理', business_type=BusinessType.GRANT)
-async def edit_system_role_datascope(request: Request, role_data_scope: AddRoleModel, query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user), data_scope_sql: str = Depends(GetDataScope('role_query'))):
+async def edit_system_role_datascope(request: Request, role_data_scope: AddRoleModel, query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user), data_scope_sql: str = Depends(GetDataScope('SysDept'))):
     await RoleService.check_role_allowed_services(role_data_scope)
     if not current_user.user.admin:
-        await RoleService.check_role_data_scope_services(query_db, role_data_scope.role_id, data_scope_sql)
+        await RoleService.check_role_data_scope_services(query_db, str(role_data_scope.role_id), data_scope_sql)
     edit_role = AddRoleModel(
         roleId=role_data_scope.role_id,
         dataScope=role_data_scope.data_scope,
@@ -88,12 +88,12 @@ async def edit_system_role_datascope(request: Request, role_data_scope: AddRoleM
     
 @roleController.delete("/{role_ids}", dependencies=[Depends(CheckUserInterfaceAuth('system:role:remove'))])
 @log_decorator(title='角色管理', business_type=BusinessType.DELETE)
-async def delete_system_role(request: Request, role_ids: str, query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user), data_scope_sql: str = Depends(GetDataScope('role_query'))):
+async def delete_system_role(request: Request, role_ids: str, query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user), data_scope_sql: str = Depends(GetDataScope('SysDept'))):
     role_id_list = role_ids.split(',')
     for role_id in role_id_list:
         await RoleService.check_role_allowed_services(RoleModel(roleId=int(role_id)))
         if not current_user.user.admin:
-            await RoleService.check_role_data_scope_services(query_db, int(role_id), data_scope_sql)
+            await RoleService.check_role_data_scope_services(query_db, role_id, data_scope_sql)
     delete_role = DeleteRoleModel(
         roleIds=role_ids,
         updateBy=current_user.user.user_name,
@@ -106,9 +106,9 @@ async def delete_system_role(request: Request, role_ids: str, query_db: AsyncSes
     
     
 @roleController.get("/{role_id}", response_model=RoleModel, dependencies=[Depends(CheckUserInterfaceAuth('system:role:query'))])
-async def query_detail_system_role(request: Request, role_id: int, query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user), data_scope_sql: str = Depends(GetDataScope('role_query'))):
+async def query_detail_system_role(request: Request, role_id: int, query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user), data_scope_sql: str = Depends(GetDataScope('SysDept'))):
     if not current_user.user.admin:
-        await RoleService.check_role_data_scope_services(query_db, role_id, data_scope_sql)
+        await RoleService.check_role_data_scope_services(query_db, str(role_id), data_scope_sql)
     role_detail_result = await RoleService.role_detail_services(query_db, role_id)
     logger.info(f'获取role_id为{role_id}的信息成功')
 
@@ -117,7 +117,7 @@ async def query_detail_system_role(request: Request, role_id: int, query_db: Asy
 
 @roleController.post("/export", dependencies=[Depends(CheckUserInterfaceAuth('system:role:export'))])
 @log_decorator(title='角色管理', business_type=BusinessType.EXPORT)
-async def export_system_role_list(request: Request, role_page_query: RolePageQueryModel = Depends(RolePageQueryModel.as_form), query_db: AsyncSession = Depends(get_db), data_scope_sql: str = Depends(GetDataScope('role_query'))):
+async def export_system_role_list(request: Request, role_page_query: RolePageQueryModel = Depends(RolePageQueryModel.as_form), query_db: AsyncSession = Depends(get_db), data_scope_sql: str = Depends(GetDataScope('SysDept'))):
     # 获取全量数据
     role_query_result = await RoleService.get_role_list_services(query_db, role_page_query, data_scope_sql, is_page=False)
     role_export_result = await RoleService.export_role_list_services(role_query_result)
@@ -128,10 +128,10 @@ async def export_system_role_list(request: Request, role_page_query: RolePageQue
 
 @roleController.put("/changeStatus", dependencies=[Depends(CheckUserInterfaceAuth('system:role:edit'))])
 @log_decorator(title='角色管理', business_type=BusinessType.UPDATE)
-async def reset_system_role_status(request: Request, change_role: AddRoleModel, query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user), data_scope_sql: str = Depends(GetDataScope('role_query'))):
+async def reset_system_role_status(request: Request, change_role: AddRoleModel, query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user), data_scope_sql: str = Depends(GetDataScope('SysDept'))):
     await RoleService.check_role_allowed_services(change_role)
     if not current_user.user.admin:
-        await RoleService.check_role_data_scope_services(query_db, change_role.role_id, data_scope_sql)
+        await RoleService.check_role_data_scope_services(query_db, str(change_role.role_id), data_scope_sql)
     edit_role = AddRoleModel(
         roleId=change_role.role_id,
         status=change_role.status,
@@ -163,9 +163,9 @@ async def get_system_unallocated_user_list(request: Request, user_role: UserRole
 
 @roleController.put("/authUser/selectAll", dependencies=[Depends(CheckUserInterfaceAuth('system:role:edit'))])
 @log_decorator(title='角色管理', business_type=BusinessType.GRANT)
-async def add_system_role_user(request: Request, add_role_user: CrudUserRoleModel = Depends(CrudUserRoleModel.as_query), query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user), data_scope_sql: str = Depends(GetDataScope('role_query'))):
+async def add_system_role_user(request: Request, add_role_user: CrudUserRoleModel = Depends(CrudUserRoleModel.as_query), query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user), data_scope_sql: str = Depends(GetDataScope('SysDept'))):
     if not current_user.user.admin:
-        await RoleService.check_role_data_scope_services(query_db, add_role_user.role_id, data_scope_sql)
+        await RoleService.check_role_data_scope_services(query_db, str(add_role_user.role_id), data_scope_sql)
     add_role_user_result = await UserService.add_user_role_services(query_db, add_role_user)
     logger.info(add_role_user_result.message)
 

ruoyi-fastapi-backend/module_admin/dao/role_dao.py

@@ -107,10 +107,10 @@ class RoleDao:
         :param is_page: 是否开启分页
         :return: 角色列表信息对象
         """
-        role_query = (select(SysRole, SysUser.user_id, SysDept.dept_id)
+        query = select(SysRole) \
-            .join(SysUserRole, SysUserRole.role_id == SysRole.role_id, isouter=True)
+            .join(SysUserRole, SysUserRole.role_id == SysRole.role_id, isouter=True) \
-            .join(SysUser, SysUser.user_id == SysUserRole.user_id, isouter=True)
+            .join(SysUser, SysUser.user_id == SysUserRole.user_id, isouter=True) \
-            .join(SysDept, SysDept.dept_id == SysUser.dept_id, isouter=True)
+            .join(SysDept, SysDept.dept_id == SysUser.dept_id, isouter=True) \
             .where(SysRole.del_flag == '0',
                    SysRole.role_name.like(f'%{query_object.role_name}%') if query_object.role_name else True,
                    SysRole.role_key.like(f'%{query_object.role_key}%') if query_object.role_key else True,
@@ -118,12 +118,10 @@ class RoleDao:
                    SysRole.create_time.between(
                        datetime.combine(datetime.strptime(query_object.begin_time, '%Y-%m-%d'), time(00, 00, 00)),
                        datetime.combine(datetime.strptime(query_object.end_time, '%Y-%m-%d'), time(23, 59, 59)))
-                   if query_object.begin_time and query_object.end_time else True)
+                   if query_object.begin_time and query_object.end_time else True,
-            .order_by(SysRole.role_sort)).subquery()
+                   eval(data_scope_sql)) \
-        query = select(SysRole) \
+            .order_by(SysRole.role_sort) \
-            .select_from(role_query) \
+            .distinct()
-            .join(SysRole, SysRole.role_id == role_query.columns.role_id) \
-            .where(eval(data_scope_sql)).distinct()
         role_list = await PageUtil.paginate(db, query, query_object.page_num, query_object.page_size, is_page)
 
         return role_list

ruoyi-fastapi-backend/module_admin/service/role_service.py

@@ -68,19 +68,20 @@ class RoleService:
             return CrudResponseModel(is_success=True, message='校验通过')
 
     @classmethod
-    async def check_role_data_scope_services(cls, query_db: AsyncSession, role_id: int, data_scope_sql: str):
+    async def check_role_data_scope_services(cls, query_db: AsyncSession, role_ids: str, data_scope_sql: str):
         """
         校验角色是否有数据权限service
         :param query_db: orm对象
-        :param role_id: 角色id
+        :param role_ids: 角色id
         :param data_scope_sql: 数据权限对应的查询sql语句
         :return: 校验结果
         """
-        roles = await RoleDao.get_role_list(query_db, RolePageQueryModel(roleId=role_id), data_scope_sql, is_page=False)
+        for role_id in role_ids.split(','):
-        if roles:
+            roles = await RoleDao.get_role_list(query_db, RolePageQueryModel(roleId=int(role_id)), data_scope_sql, is_page=False)
-            return CrudResponseModel(is_success=True, message='校验通过')
+            if roles:
-        else:
+                return CrudResponseModel(is_success=True, message='校验通过')
-            raise ServiceException(message='没有权限访问角色数据')
+            else:
+                raise ServiceException(message='没有权限访问角色数据')
 
     @classmethod
     async def check_role_name_unique_services(cls, query_db: AsyncSession, page_object: RoleModel):