perf: 优化用户管理模块部分接口数据权限校验

2024-07-11 21:38:44 +08:00
parent d0eafb1e09
commit 449b7581d8
2 changed files with 52 additions and 13 deletions
--- a/ruoyi-fastapi-backend/module_admin/controller/user_controller.py
+++ b/ruoyi-fastapi-backend/module_admin/controller/user_controller.py
@@ -5,6 +5,7 @@ from config.get_db import get_db
 from config.env import UploadConfig
 from module_admin.service.login_service import LoginService
 from module_admin.service.user_service import *
+from module_admin.service.role_service import RoleService
 from module_admin.service.dept_service import DeptService
 from module_admin.aspect.interface_auth import CheckUserInterfaceAuth
 from module_admin.aspect.data_scope import GetDataScope
@@ -40,7 +41,13 @@ async def get_system_user_list(request: Request, user_page_query: UserPageQueryM
@userController.post("", dependencies=[Depends(CheckUserInterfaceAuth('system:user:add'))])
@ValidateFields(validate_model='add_user')
@log_decorator(title='用户管理', business_type=BusinessType.INSERT)
-async def add_system_user(request: Request, add_user: AddUserModel, query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user)):
+async def add_system_user(request: Request, add_user: AddUserModel, query_db: AsyncSession = Depends(get_db),
+                          current_user: CurrentUserModel = Depends(LoginService.get_current_user),
+                          dept_data_scope_sql: str = Depends(GetDataScope('SysDept')),
+                          role_data_scope_sql: str = Depends(GetDataScope('SysDept'))):
+    if not current_user.user.admin:
+        await DeptService.check_dept_data_scope_services(query_db, add_user.dept_id, dept_data_scope_sql)
+        await RoleService.check_role_data_scope_services(query_db, ','.join(add_user.role_ids), role_data_scope_sql)
    add_user.password = PwdUtil.get_password_hash(add_user.password)
    add_user.create_by = current_user.user.user_name
    add_user.create_time = datetime.now()
@@ -55,10 +62,16 @@ async def add_system_user(request: Request, add_user: AddUserModel, query_db: As
@userController.put("", dependencies=[Depends(CheckUserInterfaceAuth('system:user:edit'))])
@ValidateFields(validate_model='edit_user')
@log_decorator(title='用户管理', business_type=BusinessType.UPDATE)
-async def edit_system_user(request: Request, edit_user: EditUserModel, query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user), data_scope_sql: str = Depends(GetDataScope('SysUser'))):
+async def edit_system_user(request: Request, edit_user: EditUserModel, query_db: AsyncSession = Depends(get_db),
+                           current_user: CurrentUserModel = Depends(LoginService.get_current_user),
+                           user_data_scope_sql: str = Depends(GetDataScope('SysUser')),
+                           dept_data_scope_sql: str = Depends(GetDataScope('SysDept')),
+                           role_data_scope_sql: str = Depends(GetDataScope('SysDept'))):
    await UserService.check_user_allowed_services(edit_user)
    if not current_user.user.admin:
-        await UserService.check_user_data_scope_services(query_db, edit_user.user_id, data_scope_sql)
+        await UserService.check_user_data_scope_services(query_db, edit_user.user_id, user_data_scope_sql)
+        await DeptService.check_dept_data_scope_services(query_db, edit_user.dept_id, dept_data_scope_sql)
+        await RoleService.check_role_data_scope_services(query_db, ','.join(edit_user.role_ids), role_data_scope_sql)
    edit_user.update_by = current_user.user.user_name
    edit_user.update_time = datetime.now()
    edit_user_result = await UserService.edit_user_services(query_db, edit_user)
@@ -138,7 +151,9 @@ async def query_detail_system_user(request: Request, query_db: AsyncSession = De

@userController.get("/{user_id}", response_model=UserDetailModel, dependencies=[Depends(CheckUserInterfaceAuth('system:user:query'))])
@userController.get("/", response_model=UserDetailModel, dependencies=[Depends(CheckUserInterfaceAuth('system:user:query'))])
-async def query_detail_system_user(request: Request, user_id: Optional[Union[int, str]] = '', query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user)):
+async def query_detail_system_user(request: Request, user_id: Optional[Union[int, str]] = '', query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user), data_scope_sql: str = Depends(GetDataScope('SysUser'))):
+    if user_id and not current_user.user.admin:
+        await UserService.check_user_data_scope_services(query_db, user_id, data_scope_sql)
    detail_user_result = await UserService.user_detail_services(query_db, user_id)
    logger.info(f'获取user_id为{user_id}的信息成功')

@@ -214,8 +229,13 @@ async def reset_system_user_password(request: Request, reset_password: ResetPass

@userController.post("/importData", dependencies=[Depends(CheckUserInterfaceAuth('system:user:import'))])
@log_decorator(title='用户管理', business_type=BusinessType.IMPORT)
-async def batch_import_system_user(request: Request, file: UploadFile = File(...), update_support: bool = Query(alias='updateSupport'), query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user)):
-    batch_import_result = await UserService.batch_import_user_services(query_db, file, update_support, current_user)
+async def batch_import_system_user(request: Request, file: UploadFile = File(...),
+                                   update_support: bool = Query(alias='updateSupport'),
+                                   query_db: AsyncSession = Depends(get_db),
+                                   current_user: CurrentUserModel = Depends(LoginService.get_current_user),
+                                   user_data_scope_sql: str = Depends(GetDataScope('SysUser')),
+                                   dept_data_scope_sql: str = Depends(GetDataScope('SysDept'))):
+    batch_import_result = await UserService.batch_import_user_services(request, query_db, file, update_support, current_user, user_data_scope_sql, dept_data_scope_sql)
    logger.info(batch_import_result.message)

    return ResponseUtil.success(msg=batch_import_result.message)
@@ -251,9 +271,14 @@ async def get_system_allocated_role_list(request: Request, user_id: int, query_d

@userController.put("/authRole", response_model=UserRoleResponseModel, dependencies=[Depends(CheckUserInterfaceAuth('system:user:edit'))])
@log_decorator(title='用户管理', business_type=BusinessType.GRANT)
-async def update_system_role_user(request: Request, user_id: int = Query(alias='userId'), role_ids: str = Query(alias='roleIds'), query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user), data_scope_sql: str = Depends(GetDataScope('SysUser'))):
+async def update_system_role_user(request: Request, user_id: int = Query(alias='userId'), role_ids: str = Query(alias='roleIds'),
+                                  query_db: AsyncSession = Depends(get_db),
+                                  current_user: CurrentUserModel = Depends(LoginService.get_current_user),
+                                  user_data_scope_sql: str = Depends(GetDataScope('SysUser')),
+                                  role_data_scope_sql: str = Depends(GetDataScope('SysDept'))):
    if not current_user.user.admin:
-        await UserService.check_user_data_scope_services(query_db, user_id, data_scope_sql)
+        await UserService.check_user_data_scope_services(query_db, user_id, user_data_scope_sql)
+        await RoleService.check_role_data_scope_services(query_db, role_ids, role_data_scope_sql)
    add_user_role_result = await UserService.add_user_role_services(query_db, CrudUserRoleModel(userId=user_id, roleIds=role_ids))
    logger.info(add_user_role_result.message)

--- a/ruoyi-fastapi-backend/module_admin/service/user_service.py
+++ b/ruoyi-fastapi-backend/module_admin/service/user_service.py
@@ -1,6 +1,8 @@
-from fastapi import UploadFile
+from fastapi import Request, UploadFile
 from module_admin.service.role_service import RoleService
+from module_admin.service.dept_service import DeptService
 from module_admin.service.post_service import PostService, PostPageQueryModel
+from module_admin.service.config_service import ConfigService
 from module_admin.entity.vo.common_vo import CrudResponseModel
 from module_admin.dao.user_dao import *
 from config.constant import CommonConstant
@@ -298,13 +300,16 @@ class UserService:
            raise e

    @classmethod
-    async def batch_import_user_services(cls, query_db: AsyncSession, file: UploadFile, update_support: bool, current_user: CurrentUserModel):
+    async def batch_import_user_services(cls, request: Request, query_db: AsyncSession, file: UploadFile, update_support: bool, current_user: CurrentUserModel, user_data_scope_sql: str, dept_data_scope_sql: str):
        """
        批量导入用户service
+        :param request: Request对象
        :param query_db: orm对象
        :param file: 用户导入文件对象
        :param update_support: 用户存在时是否更新
        :param current_user: 当前用户对象
+        :param user_data_scope_sql: 用户数据权限sql
+        :param dept_data_scope_sql: 部门数据权限sql
        :return: 批量导入用户结果
        """
        header_dict = {
@@ -338,7 +343,7 @@ class UserService:
                add_user = UserModel(
                    deptId=row['dept_id'],
                    userName=row['user_name'],
-                    password=PwdUtil.get_password_hash('123456'),
+                    password=PwdUtil.get_password_hash(await ConfigService.query_config_list_from_cache_services(request.app.state.redis, 'sys.user.initPassword')),
                    nickName=row['nick_name'],
                    email=row['email'],
                    phonenumber=str(row['phonenumber']),
@@ -352,7 +357,7 @@ class UserService:
                user_info = await UserDao.get_user_by_info(query_db, UserModel(userName=row['user_name']))
                if user_info:
                    if update_support:
-                        edit_user = UserModel(
+                        edit_user_model = UserModel(
                            userId=user_info.user_id,
                            deptId=row['dept_id'],
                            userName=row['user_name'],
@@ -363,11 +368,20 @@ class UserService:
                            status=row['status'],
                            updateBy=current_user.user.user_name,
                            updateTime=datetime.now()
-                        ).model_dump(exclude_unset=True)
+                        )
+                        edit_user_model.validate_fields()
+                        await cls.check_user_allowed_services(edit_user_model)
+                        if not current_user.user.admin:
+                            await cls.check_user_data_scope_services(query_db, edit_user_model.user_id, user_data_scope_sql)
+                            await DeptService.check_dept_data_scope_services(query_db, edit_user_model.dept_id, dept_data_scope_sql)
+                        edit_user = edit_user_model.model_dump(exclude_unset=True)
                        await UserDao.edit_user_dao(query_db, edit_user)
                    else:
                        add_error_result.append(f"{count}.用户账号{row['user_name']}已存在")
                else:
+                    add_user.validate_fields()
+                    if not current_user.user.admin:
+                        await DeptService.check_dept_data_scope_services(query_db, add_user.dept_id, dept_data_scope_sql)
                    await UserDao.add_user_dao(query_db, add_user)
            await query_db.commit()
            return CrudResponseModel(is_success=True, message='\n'.join(add_error_result))