530f02a66a
- 日报/周报/月报改为结构化卡片推送(column_set布局) - 新增 report:daily/weekly/monthly 权限到角色管理 - 产出统计只算中期制作阶段动画秒数 - 效率之星改为跨项目加权通过率 - AI点评补充风险数据源 - 禁用多余admin账号,股东角色加报告权限 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
119 lines
3.9 KiB
Python
119 lines
3.9 KiB
Python
"""角色管理路由"""
|
|
from fastapi import APIRouter, Depends, HTTPException
|
|
from sqlalchemy.orm import Session
|
|
from typing import List
|
|
from database import get_db
|
|
from models import Role, User, ALL_PERMISSIONS, PERMISSION_KEYS
|
|
from auth import get_current_user, require_permission
|
|
|
|
router = APIRouter(prefix="/api/roles", tags=["角色管理"])
|
|
|
|
|
|
@router.get("/permissions")
|
|
def get_all_permissions(current_user: User = Depends(get_current_user)):
|
|
"""获取系统全部权限定义(供前端勾选面板使用)"""
|
|
groups = {}
|
|
for key, label, group in ALL_PERMISSIONS:
|
|
if group not in groups:
|
|
groups[group] = []
|
|
groups[group].append({"key": key, "label": label})
|
|
return [{"group": g, "permissions": perms} for g, perms in groups.items()]
|
|
|
|
|
|
@router.get("")
|
|
def list_roles(
|
|
db: Session = Depends(get_db),
|
|
current_user: User = Depends(get_current_user)
|
|
):
|
|
roles = db.query(Role).order_by(Role.is_system.desc(), Role.id).all()
|
|
return [
|
|
{
|
|
"id": r.id,
|
|
"name": r.name,
|
|
"description": r.description,
|
|
"permissions": r.permissions or [],
|
|
"is_system": bool(r.is_system),
|
|
"exempt_submission": bool(r.exempt_submission),
|
|
"user_count": db.query(User).filter(User.role_id == r.id).count(),
|
|
"created_at": r.created_at,
|
|
}
|
|
for r in roles
|
|
]
|
|
|
|
|
|
@router.post("")
|
|
def create_role(
|
|
req: dict,
|
|
db: Session = Depends(get_db),
|
|
current_user: User = Depends(require_permission("role:manage"))
|
|
):
|
|
name = req.get("name", "").strip()
|
|
if not name:
|
|
raise HTTPException(status_code=400, detail="角色名称不能为空")
|
|
if db.query(Role).filter(Role.name == name).first():
|
|
raise HTTPException(status_code=400, detail="角色名称已存在")
|
|
|
|
perms = [p for p in req.get("permissions", []) if p in PERMISSION_KEYS]
|
|
role = Role(
|
|
name=name,
|
|
description=req.get("description", ""),
|
|
permissions=perms,
|
|
is_system=0,
|
|
exempt_submission=1 if req.get("exempt_submission") else 0,
|
|
)
|
|
db.add(role)
|
|
db.commit()
|
|
db.refresh(role)
|
|
return {"id": role.id, "name": role.name, "message": "角色已创建"}
|
|
|
|
|
|
@router.put("/{role_id}")
|
|
def update_role(
|
|
role_id: int,
|
|
req: dict,
|
|
db: Session = Depends(get_db),
|
|
current_user: User = Depends(require_permission("role:manage"))
|
|
):
|
|
role = db.query(Role).filter(Role.id == role_id).first()
|
|
if not role:
|
|
raise HTTPException(status_code=404, detail="角色不存在")
|
|
|
|
name = req.get("name")
|
|
if name is not None:
|
|
name = name.strip()
|
|
existing = db.query(Role).filter(Role.name == name, Role.id != role_id).first()
|
|
if existing:
|
|
raise HTTPException(status_code=400, detail="角色名称已存在")
|
|
role.name = name
|
|
|
|
if "description" in req:
|
|
role.description = req["description"]
|
|
|
|
if "permissions" in req:
|
|
role.permissions = [p for p in req["permissions"] if p in PERMISSION_KEYS]
|
|
|
|
if "exempt_submission" in req:
|
|
role.exempt_submission = 1 if req["exempt_submission"] else 0
|
|
|
|
db.commit()
|
|
return {"message": "角色已更新"}
|
|
|
|
|
|
@router.delete("/{role_id}")
|
|
def delete_role(
|
|
role_id: int,
|
|
db: Session = Depends(get_db),
|
|
current_user: User = Depends(require_permission("role:manage"))
|
|
):
|
|
role = db.query(Role).filter(Role.id == role_id).first()
|
|
if not role:
|
|
raise HTTPException(status_code=404, detail="角色不存在")
|
|
if role.is_system:
|
|
raise HTTPException(status_code=400, detail="系统内置角色不可删除")
|
|
user_count = db.query(User).filter(User.role_id == role_id).count()
|
|
if user_count > 0:
|
|
raise HTTPException(status_code=400, detail=f"该角色下还有 {user_count} 个用户,请先转移用户再删除")
|
|
db.delete(role)
|
|
db.commit()
|
|
return {"message": "角色已删除"}
|