PowLu/RuoYi-Vue3-FastAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

perf: 优化用户管理模块部分接口数据权限校验

Browse Source
This commit is contained in:
insistence
2024-07-11 21:38:44 +08:00
parent d0eafb1e09
commit 449b7581d8
2 changed files with 52 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
ruoyi-fastapi-backend/module_admin/controller/user_controller.py
View File

@@ -5,6 +5,7 @@ from config.get_db import get_db
from config.env import UploadConfig from config.env import UploadConfig
from module_admin.service.login_service import LoginService from module_admin.service.login_service import LoginService
from module_admin.service.user_service import * from module_admin.service.user_service import *
from module_admin.service.role_service import RoleService
from module_admin.service.dept_service import DeptService from module_admin.service.dept_service import DeptService
from module_admin.aspect.interface_auth import CheckUserInterfaceAuth from module_admin.aspect.interface_auth import CheckUserInterfaceAuth
from module_admin.aspect.data_scope import GetDataScope from module_admin.aspect.data_scope import GetDataScope
@@ -40,7 +41,13 @@ async def get_system_user_list(request: Request, user_page_query: UserPageQueryM
@userController.post("", dependencies=[Depends(CheckUserInterfaceAuth('system:user:add'))]) @userController.post("", dependencies=[Depends(CheckUserInterfaceAuth('system:user:add'))])
@ValidateFields(validate_model='add_user') @ValidateFields(validate_model='add_user')
@log_decorator(title='用户管理', business_type=BusinessType.INSERT) @log_decorator(title='用户管理', business_type=BusinessType.INSERT)
async def add_system_user(request: Request, add_user: AddUserModel, query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user)): async def add_system_user(request: Request, add_user: AddUserModel, query_db: AsyncSession = Depends(get_db),
current_user: CurrentUserModel = Depends(LoginService.get_current_user),
dept_data_scope_sql: str = Depends(GetDataScope('SysDept')),
role_data_scope_sql: str = Depends(GetDataScope('SysDept'))):
if not current_user.user.admin:
await DeptService.check_dept_data_scope_services(query_db, add_user.dept_id, dept_data_scope_sql)
await RoleService.check_role_data_scope_services(query_db, ','.join(add_user.role_ids), role_data_scope_sql)
add_user.password = PwdUtil.get_password_hash(add_user.password) add_user.password = PwdUtil.get_password_hash(add_user.password)
add_user.create_by = current_user.user.user_name add_user.create_by = current_user.user.user_name
add_user.create_time = datetime.now() add_user.create_time = datetime.now()
@@ -55,10 +62,16 @@ async def add_system_user(request: Request, add_user: AddUserModel, query_db: As
@userController.put("", dependencies=[Depends(CheckUserInterfaceAuth('system:user:edit'))]) @userController.put("", dependencies=[Depends(CheckUserInterfaceAuth('system:user:edit'))])
@ValidateFields(validate_model='edit_user') @ValidateFields(validate_model='edit_user')
@log_decorator(title='用户管理', business_type=BusinessType.UPDATE) @log_decorator(title='用户管理', business_type=BusinessType.UPDATE)
async def edit_system_user(request: Request, edit_user: EditUserModel, query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user), data_scope_sql: str = Depends(GetDataScope('SysUser'))): async def edit_system_user(request: Request, edit_user: EditUserModel, query_db: AsyncSession = Depends(get_db),
current_user: CurrentUserModel = Depends(LoginService.get_current_user),
user_data_scope_sql: str = Depends(GetDataScope('SysUser')),
dept_data_scope_sql: str = Depends(GetDataScope('SysDept')),
role_data_scope_sql: str = Depends(GetDataScope('SysDept'))):
await UserService.check_user_allowed_services(edit_user) await UserService.check_user_allowed_services(edit_user)
if not current_user.user.admin: if not current_user.user.admin:
await UserService.check_user_data_scope_services(query_db, edit_user.user_id, data_scope_sql) await UserService.check_user_data_scope_services(query_db, edit_user.user_id, user_data_scope_sql)
await DeptService.check_dept_data_scope_services(query_db, edit_user.dept_id, dept_data_scope_sql)
await RoleService.check_role_data_scope_services(query_db, ','.join(edit_user.role_ids), role_data_scope_sql)
edit_user.update_by = current_user.user.user_name edit_user.update_by = current_user.user.user_name
edit_user.update_time = datetime.now() edit_user.update_time = datetime.now()
edit_user_result = await UserService.edit_user_services(query_db, edit_user) edit_user_result = await UserService.edit_user_services(query_db, edit_user)
@@ -138,7 +151,9 @@ async def query_detail_system_user(request: Request, query_db: AsyncSession = De
@userController.get("/{user_id}", response_model=UserDetailModel, dependencies=[Depends(CheckUserInterfaceAuth('system:user:query'))]) @userController.get("/{user_id}", response_model=UserDetailModel, dependencies=[Depends(CheckUserInterfaceAuth('system:user:query'))])
@userController.get("/", response_model=UserDetailModel, dependencies=[Depends(CheckUserInterfaceAuth('system:user:query'))]) @userController.get("/", response_model=UserDetailModel, dependencies=[Depends(CheckUserInterfaceAuth('system:user:query'))])
async def query_detail_system_user(request: Request, user_id: Optional[Union[int, str]] = '', query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user)): async def query_detail_system_user(request: Request, user_id: Optional[Union[int, str]] = '', query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user), data_scope_sql: str = Depends(GetDataScope('SysUser'))):
if user_id and not current_user.user.admin:
await UserService.check_user_data_scope_services(query_db, user_id, data_scope_sql)
detail_user_result = await UserService.user_detail_services(query_db, user_id) detail_user_result = await UserService.user_detail_services(query_db, user_id)
logger.info(f'获取user_id为{user_id}的信息成功') logger.info(f'获取user_id为{user_id}的信息成功')
@@ -214,8 +229,13 @@ async def reset_system_user_password(request: Request, reset_password: ResetPass
@userController.post("/importData", dependencies=[Depends(CheckUserInterfaceAuth('system:user:import'))]) @userController.post("/importData", dependencies=[Depends(CheckUserInterfaceAuth('system:user:import'))])
@log_decorator(title='用户管理', business_type=BusinessType.IMPORT) @log_decorator(title='用户管理', business_type=BusinessType.IMPORT)
async def batch_import_system_user(request: Request, file: UploadFile = File(...), update_support: bool = Query(alias='updateSupport'), query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user)): async def batch_import_system_user(request: Request, file: UploadFile = File(...),
batch_import_result = await UserService.batch_import_user_services(query_db, file, update_support, current_user) update_support: bool = Query(alias='updateSupport'),
query_db: AsyncSession = Depends(get_db),
current_user: CurrentUserModel = Depends(LoginService.get_current_user),
user_data_scope_sql: str = Depends(GetDataScope('SysUser')),
dept_data_scope_sql: str = Depends(GetDataScope('SysDept'))):
batch_import_result = await UserService.batch_import_user_services(request, query_db, file, update_support, current_user, user_data_scope_sql, dept_data_scope_sql)
logger.info(batch_import_result.message) logger.info(batch_import_result.message)
return ResponseUtil.success(msg=batch_import_result.message) return ResponseUtil.success(msg=batch_import_result.message)
@@ -251,9 +271,14 @@ async def get_system_allocated_role_list(request: Request, user_id: int, query_d
@userController.put("/authRole", response_model=UserRoleResponseModel, dependencies=[Depends(CheckUserInterfaceAuth('system:user:edit'))]) @userController.put("/authRole", response_model=UserRoleResponseModel, dependencies=[Depends(CheckUserInterfaceAuth('system:user:edit'))])
@log_decorator(title='用户管理', business_type=BusinessType.GRANT) @log_decorator(title='用户管理', business_type=BusinessType.GRANT)
async def update_system_role_user(request: Request, user_id: int = Query(alias='userId'), role_ids: str = Query(alias='roleIds'), query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user), data_scope_sql: str = Depends(GetDataScope('SysUser'))): async def update_system_role_user(request: Request, user_id: int = Query(alias='userId'), role_ids: str = Query(alias='roleIds'),
query_db: AsyncSession = Depends(get_db),
current_user: CurrentUserModel = Depends(LoginService.get_current_user),
user_data_scope_sql: str = Depends(GetDataScope('SysUser')),
role_data_scope_sql: str = Depends(GetDataScope('SysDept'))):
if not current_user.user.admin: if not current_user.user.admin:
await UserService.check_user_data_scope_services(query_db, user_id, data_scope_sql) await UserService.check_user_data_scope_services(query_db, user_id, user_data_scope_sql)
await RoleService.check_role_data_scope_services(query_db, role_ids, role_data_scope_sql)
add_user_role_result = await UserService.add_user_role_services(query_db, CrudUserRoleModel(userId=user_id, roleIds=role_ids)) add_user_role_result = await UserService.add_user_role_services(query_db, CrudUserRoleModel(userId=user_id, roleIds=role_ids))
logger.info(add_user_role_result.message) logger.info(add_user_role_result.message)

24
ruoyi-fastapi-backend/module_admin/service/user_service.py
View File

@@ -1,6 +1,8 @@
from fastapi import UploadFile from fastapi import Request, UploadFile
from module_admin.service.role_service import RoleService from module_admin.service.role_service import RoleService
from module_admin.service.dept_service import DeptService
from module_admin.service.post_service import PostService, PostPageQueryModel from module_admin.service.post_service import PostService, PostPageQueryModel
from module_admin.service.config_service import ConfigService
from module_admin.entity.vo.common_vo import CrudResponseModel from module_admin.entity.vo.common_vo import CrudResponseModel
from module_admin.dao.user_dao import * from module_admin.dao.user_dao import *
from config.constant import CommonConstant from config.constant import CommonConstant
@@ -298,13 +300,16 @@ class UserService:
raise e raise e
@classmethod @classmethod
async def batch_import_user_services(cls, query_db: AsyncSession, file: UploadFile, update_support: bool, current_user: CurrentUserModel): async def batch_import_user_services(cls, request: Request, query_db: AsyncSession, file: UploadFile, update_support: bool, current_user: CurrentUserModel, user_data_scope_sql: str, dept_data_scope_sql: str):
""" """
批量导入用户service 批量导入用户service
:param request: Request对象
:param query_db: orm对象 :param query_db: orm对象
:param file: 用户导入文件对象 :param file: 用户导入文件对象
:param update_support: 用户存在时是否更新 :param update_support: 用户存在时是否更新
:param current_user: 当前用户对象 :param current_user: 当前用户对象
:param user_data_scope_sql: 用户数据权限sql
:param dept_data_scope_sql: 部门数据权限sql
:return: 批量导入用户结果 :return: 批量导入用户结果
""" """
header_dict = { header_dict = {
@@ -338,7 +343,7 @@ class UserService:
add_user = UserModel( add_user = UserModel(
deptId=row['dept_id'], deptId=row['dept_id'],
userName=row['user_name'], userName=row['user_name'],
password=PwdUtil.get_password_hash('123456'), password=PwdUtil.get_password_hash(await ConfigService.query_config_list_from_cache_services(request.app.state.redis, 'sys.user.initPassword')),
nickName=row['nick_name'], nickName=row['nick_name'],
email=row['email'], email=row['email'],
phonenumber=str(row['phonenumber']), phonenumber=str(row['phonenumber']),
@@ -352,7 +357,7 @@ class UserService:
user_info = await UserDao.get_user_by_info(query_db, UserModel(userName=row['user_name'])) user_info = await UserDao.get_user_by_info(query_db, UserModel(userName=row['user_name']))
if user_info: if user_info:
if update_support: if update_support:
edit_user = UserModel( edit_user_model = UserModel(
userId=user_info.user_id, userId=user_info.user_id,
deptId=row['dept_id'], deptId=row['dept_id'],
userName=row['user_name'], userName=row['user_name'],
@@ -363,11 +368,20 @@ class UserService:
status=row['status'], status=row['status'],
updateBy=current_user.user.user_name, updateBy=current_user.user.user_name,
updateTime=datetime.now() updateTime=datetime.now()
).model_dump(exclude_unset=True) )
edit_user_model.validate_fields()
await cls.check_user_allowed_services(edit_user_model)
if not current_user.user.admin:
await cls.check_user_data_scope_services(query_db, edit_user_model.user_id, user_data_scope_sql)
await DeptService.check_dept_data_scope_services(query_db, edit_user_model.dept_id, dept_data_scope_sql)
edit_user = edit_user_model.model_dump(exclude_unset=True)
await UserDao.edit_user_dao(query_db, edit_user) await UserDao.edit_user_dao(query_db, edit_user)
else: else:
add_error_result.append(f"{count}.用户账号{row['user_name']}已存在") add_error_result.append(f"{count}.用户账号{row['user_name']}已存在")
else: else:
add_user.validate_fields()
if not current_user.user.admin:
await DeptService.check_dept_data_scope_services(query_db, add_user.dept_id, dept_data_scope_sql)
await UserDao.add_user_dao(query_db, add_user) await UserDao.add_user_dao(query_db, add_user)
await query_db.commit() await query_db.commit()
return CrudResponseModel(is_success=True, message='\n'.join(add_error_result)) return CrudResponseModel(is_success=True, message='\n'.join(add_error_result))