From 7df6616e546b853c5344a317d9d601a42272bb7c Mon Sep 17 00:00:00 2001 From: insistence <3055204202@qq.com> Date: Mon, 15 Jul 2024 21:31:01 +0800 Subject: [PATCH] =?UTF-8?q?refactor:=20=E9=87=8D=E6=9E=84=E6=95=B0?= =?UTF-8?q?=E6=8D=AE=E6=9D=83=E9=99=90=E9=80=BB=E8=BE=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../module_admin/aspect/data_scope.py | 62 ++++++++++++++----- .../module_admin/dao/dept_dao.py | 1 + .../module_admin/dao/role_dao.py | 1 + 3 files changed, 47 insertions(+), 17 deletions(-) diff --git a/ruoyi-fastapi-backend/module_admin/aspect/data_scope.py b/ruoyi-fastapi-backend/module_admin/aspect/data_scope.py index 7183a88..bcb2887 100644 --- a/ruoyi-fastapi-backend/module_admin/aspect/data_scope.py +++ b/ruoyi-fastapi-backend/module_admin/aspect/data_scope.py @@ -9,6 +9,12 @@ class GetDataScope: 获取当前用户数据权限对应的查询sql语句 """ + DATA_SCOPE_ALL = '1' + DATA_SCOPE_CUSTOM = '2' + DATA_SCOPE_DEPT = '3' + DATA_SCOPE_DEPT_AND_CHILD = '4' + DATA_SCOPE_SELF = '5' + def __init__( self, query_alias: Optional[str] = '', @@ -16,6 +22,14 @@ class GetDataScope: user_alias: Optional[str] = 'user_id', dept_alias: Optional[str] = 'dept_id', ): + """ + 获取当前用户数据权限对应的查询sql语句 + + :param query_alias: 所要查询表对应的sqlalchemy模型名称,默认为'' + :param db_alias: orm对象别名,默认为'db' + :param user_alias: 用户id字段别名,默认为'user_id' + :param dept_alias: 部门id字段别名,默认为'dept_id' + """ self.query_alias = query_alias self.db_alias = db_alias self.user_alias = user_alias @@ -24,23 +38,37 @@ class GetDataScope: def __call__(self, current_user: CurrentUserModel = Depends(LoginService.get_current_user)): user_id = current_user.user.user_id dept_id = current_user.user.dept_id - role_datascope_list = [ - dict(role_id=item.role_id, data_scope=int(item.data_scope)) for item in current_user.user.role + custom_data_scope_role_id_list = [ + item.role_id for item in current_user.user.role if item.data_scope == self.DATA_SCOPE_CUSTOM ] - max_data_scope_dict = min(role_datascope_list, key=lambda x: x['data_scope']) - max_role_id = max_data_scope_dict['role_id'] - max_data_scope = max_data_scope_dict['data_scope'] - if self.query_alias == '' or max_data_scope == 1 or user_id == 1: - param_sql = '1 == 1' - elif max_data_scope == 2: - param_sql = f"{self.query_alias}.{self.dept_alias}.in_(select(SysRoleDept.dept_id).where(SysRoleDept.role_id == {max_role_id})) if hasattr({self.query_alias}, '{self.dept_alias}') else 1 == 0" - elif max_data_scope == 3: - param_sql = f"{self.query_alias}.{self.dept_alias} == {dept_id} if hasattr({self.query_alias}, '{self.dept_alias}') else 1 == 0" - elif max_data_scope == 4: - param_sql = f"{self.query_alias}.{self.dept_alias}.in_(select(SysDept.dept_id).where(or_(SysDept.dept_id == {dept_id}, func.find_in_set({dept_id}, SysDept.ancestors)))) if hasattr({self.query_alias}, '{self.dept_alias}') else 1 == 0" - elif max_data_scope == 5: - param_sql = f"{self.query_alias}.{self.user_alias} == {user_id} if hasattr({self.query_alias}, '{self.user_alias}') else 1 == 0" - else: - param_sql = '1 == 0' + param_sql_list = [] + for role in current_user.user.role: + if current_user.user.admin or role.data_scope == self.DATA_SCOPE_ALL: + param_sql_list = ['1 == 1'] + break + elif role.data_scope == self.DATA_SCOPE_CUSTOM: + if len(custom_data_scope_role_id_list) > 1: + param_sql_list.append( + f"{self.query_alias}.{self.dept_alias}.in_(select(SysRoleDept.dept_id).where(SysRoleDept.role_id.in_({custom_data_scope_role_id_list}))) if hasattr({self.query_alias}, '{self.dept_alias}') else 1 == 0" + ) + else: + param_sql_list.append( + f"{self.query_alias}.{self.dept_alias}.in_(select(SysRoleDept.dept_id).where(SysRoleDept.role_id == {role.role_id})) if hasattr({self.query_alias}, '{self.dept_alias}') else 1 == 0" + ) + elif role.data_scope == self.DATA_SCOPE_DEPT: + param_sql_list.append( + f"{self.query_alias}.{self.dept_alias} == {dept_id} if hasattr({self.query_alias}, '{self.dept_alias}') else 1 == 0" + ) + elif role.data_scope == self.DATA_SCOPE_DEPT_AND_CHILD: + param_sql_list.append( + f"{self.query_alias}.{self.dept_alias}.in_(select(SysDept.dept_id).where(or_(SysDept.dept_id == {dept_id}, func.find_in_set({dept_id}, SysDept.ancestors)))) if hasattr({self.query_alias}, '{self.dept_alias}') else 1 == 0" + ) + elif role.data_scope == self.DATA_SCOPE_SELF: + param_sql_list.append( + f"{self.query_alias}.{self.user_alias} == {user_id} if hasattr({self.query_alias}, '{self.user_alias}') else 1 == 0" + ) + else: + param_sql_list.append('1 == 0') + param_sql = f"or_({', '.join(param_sql_list)})" return param_sql diff --git a/ruoyi-fastapi-backend/module_admin/dao/dept_dao.py b/ruoyi-fastapi-backend/module_admin/dao/dept_dao.py index 8a4d64d..f450210 100644 --- a/ruoyi-fastapi-backend/module_admin/dao/dept_dao.py +++ b/ruoyi-fastapi-backend/module_admin/dao/dept_dao.py @@ -161,6 +161,7 @@ class DeptDao: select(SysDept) .where( SysDept.del_flag == '0', + SysDept.dept_id == page_object.dept_id if page_object.dept_id is not None else True, SysDept.status == page_object.status if page_object.status else True, SysDept.dept_name.like(f'%{page_object.dept_name}%') if page_object.dept_name else True, eval(data_scope_sql), diff --git a/ruoyi-fastapi-backend/module_admin/dao/role_dao.py b/ruoyi-fastapi-backend/module_admin/dao/role_dao.py index 6c6bb43..534c7f3 100644 --- a/ruoyi-fastapi-backend/module_admin/dao/role_dao.py +++ b/ruoyi-fastapi-backend/module_admin/dao/role_dao.py @@ -144,6 +144,7 @@ class RoleDao: .join(SysDept, SysDept.dept_id == SysUser.dept_id, isouter=True) .where( SysRole.del_flag == '0', + SysRole.role_id == query_object.role_id if query_object.role_id is not None else True, SysRole.role_name.like(f'%{query_object.role_name}%') if query_object.role_name else True, SysRole.role_key.like(f'%{query_object.role_key}%') if query_object.role_key else True, SysRole.status == query_object.status if query_object.status else True,