developers
/
vue-fastapi-admin
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

perf: 优化用户管理模块部分接口数据权限校验

master
insistence 7 months ago
parent
d0eafb1e09
commit
449b7581d8
2 changed files with 52 additions and 13 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 41
      ruoyi-fastapi-backend/module_admin/controller/user_controller.py
  2. 24
      ruoyi-fastapi-backend/module_admin/service/user_service.py

41
ruoyi-fastapi-backend/module_admin/controller/user_controller.py
View File

@ -5,6 +5,7 @@ from config.get_db import get_db
from config.env import UploadConfig from config.env import UploadConfig
from module_admin.service.login_service import LoginService from module_admin.service.login_service import LoginService
from module_admin.service.user_service import * from module_admin.service.user_service import *
from module_admin.service.role_service import RoleService
from module_admin.service.dept_service import DeptService from module_admin.service.dept_service import DeptService
from module_admin.aspect.interface_auth import CheckUserInterfaceAuth from module_admin.aspect.interface_auth import CheckUserInterfaceAuth
from module_admin.aspect.data_scope import GetDataScope from module_admin.aspect.data_scope import GetDataScope
@ -40,7 +41,13 @@ async def get_system_user_list(request: Request, user_page_query: UserPageQueryM
@userController.post("", dependencies=[Depends(CheckUserInterfaceAuth('system:user:add'))]) @userController.post("", dependencies=[Depends(CheckUserInterfaceAuth('system:user:add'))])
@ValidateFields(validate_model='add_user') @ValidateFields(validate_model='add_user')
@log_decorator(title='用户管理', business_type=BusinessType.INSERT) @log_decorator(title='用户管理', business_type=BusinessType.INSERT)
async def add_system_user(request: Request, add_user: AddUserModel, query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user)): async def add_system_user(request: Request, add_user: AddUserModel, query_db: AsyncSession = Depends(get_db),
current_user: CurrentUserModel = Depends(LoginService.get_current_user),
dept_data_scope_sql: str = Depends(GetDataScope('SysDept')),
role_data_scope_sql: str = Depends(GetDataScope('SysDept'))):
if not current_user.user.admin:
await DeptService.check_dept_data_scope_services(query_db, add_user.dept_id, dept_data_scope_sql)
await RoleService.check_role_data_scope_services(query_db, ','.join(add_user.role_ids), role_data_scope_sql)
add_user.password = PwdUtil.get_password_hash(add_user.password) add_user.password = PwdUtil.get_password_hash(add_user.password)
add_user.create_by = current_user.user.user_name add_user.create_by = current_user.user.user_name
add_user.create_time = datetime.now() add_user.create_time = datetime.now()
@ -55,10 +62,16 @@ async def add_system_user(request: Request, add_user: AddUserModel, query_db: As
@userController.put("", dependencies=[Depends(CheckUserInterfaceAuth('system:user:edit'))]) @userController.put("", dependencies=[Depends(CheckUserInterfaceAuth('system:user:edit'))])
@ValidateFields(validate_model='edit_user') @ValidateFields(validate_model='edit_user')
@log_decorator(title='用户管理', business_type=BusinessType.UPDATE) @log_decorator(title='用户管理', business_type=BusinessType.UPDATE)
async def edit_system_user(request: Request, edit_user: EditUserModel, query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user), data_scope_sql: str = Depends(GetDataScope('SysUser'))): async def edit_system_user(request: Request, edit_user: EditUserModel, query_db: AsyncSession = Depends(get_db),
current_user: CurrentUserModel = Depends(LoginService.get_current_user),
user_data_scope_sql: str = Depends(GetDataScope('SysUser')),
dept_data_scope_sql: str = Depends(GetDataScope('SysDept')),
role_data_scope_sql: str = Depends(GetDataScope('SysDept'))):
await UserService.check_user_allowed_services(edit_user) await UserService.check_user_allowed_services(edit_user)
if not current_user.user.admin: if not current_user.user.admin:
await UserService.check_user_data_scope_services(query_db, edit_user.user_id, data_scope_sql) await UserService.check_user_data_scope_services(query_db, edit_user.user_id, user_data_scope_sql)
await DeptService.check_dept_data_scope_services(query_db, edit_user.dept_id, dept_data_scope_sql)
await RoleService.check_role_data_scope_services(query_db, ','.join(edit_user.role_ids), role_data_scope_sql)
edit_user.update_by = current_user.user.user_name edit_user.update_by = current_user.user.user_name
edit_user.update_time = datetime.now() edit_user.update_time = datetime.now()
edit_user_result = await UserService.edit_user_services(query_db, edit_user) edit_user_result = await UserService.edit_user_services(query_db, edit_user)
@ -138,7 +151,9 @@ async def query_detail_system_user(request: Request, query_db: AsyncSession = De
@userController.get("/{user_id}", response_model=UserDetailModel, dependencies=[Depends(CheckUserInterfaceAuth('system:user:query'))]) @userController.get("/{user_id}", response_model=UserDetailModel, dependencies=[Depends(CheckUserInterfaceAuth('system:user:query'))])
@userController.get("/", response_model=UserDetailModel, dependencies=[Depends(CheckUserInterfaceAuth('system:user:query'))]) @userController.get("/", response_model=UserDetailModel, dependencies=[Depends(CheckUserInterfaceAuth('system:user:query'))])
async def query_detail_system_user(request: Request, user_id: Optional[Union[int, str]] = '', query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user)): async def query_detail_system_user(request: Request, user_id: Optional[Union[int, str]] = '', query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user), data_scope_sql: str = Depends(GetDataScope('SysUser'))):
if user_id and not current_user.user.admin:
await UserService.check_user_data_scope_services(query_db, user_id, data_scope_sql)
detail_user_result = await UserService.user_detail_services(query_db, user_id) detail_user_result = await UserService.user_detail_services(query_db, user_id)
logger.info(f'获取user_id为{user_id}的信息成功') logger.info(f'获取user_id为{user_id}的信息成功')
@ -214,8 +229,13 @@ async def reset_system_user_password(request: Request, reset_password: ResetPass
@userController.post("/importData", dependencies=[Depends(CheckUserInterfaceAuth('system:user:import'))]) @userController.post("/importData", dependencies=[Depends(CheckUserInterfaceAuth('system:user:import'))])
@log_decorator(title='用户管理', business_type=BusinessType.IMPORT) @log_decorator(title='用户管理', business_type=BusinessType.IMPORT)
async def batch_import_system_user(request: Request, file: UploadFile = File(...), update_support: bool = Query(alias='updateSupport'), query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user)): async def batch_import_system_user(request: Request, file: UploadFile = File(...),
batch_import_result = await UserService.batch_import_user_services(query_db, file, update_support, current_user) update_support: bool = Query(alias='updateSupport'),
query_db: AsyncSession = Depends(get_db),
current_user: CurrentUserModel = Depends(LoginService.get_current_user),
user_data_scope_sql: str = Depends(GetDataScope('SysUser')),
dept_data_scope_sql: str = Depends(GetDataScope('SysDept'))):
batch_import_result = await UserService.batch_import_user_services(request, query_db, file, update_support, current_user, user_data_scope_sql, dept_data_scope_sql)
logger.info(batch_import_result.message) logger.info(batch_import_result.message)
return ResponseUtil.success(msg=batch_import_result.message) return ResponseUtil.success(msg=batch_import_result.message)
@ -251,9 +271,14 @@ async def get_system_allocated_role_list(request: Request, user_id: int, query_d
@userController.put("/authRole", response_model=UserRoleResponseModel, dependencies=[Depends(CheckUserInterfaceAuth('system:user:edit'))]) @userController.put("/authRole", response_model=UserRoleResponseModel, dependencies=[Depends(CheckUserInterfaceAuth('system:user:edit'))])
@log_decorator(title='用户管理', business_type=BusinessType.GRANT) @log_decorator(title='用户管理', business_type=BusinessType.GRANT)
async def update_system_role_user(request: Request, user_id: int = Query(alias='userId'), role_ids: str = Query(alias='roleIds'), query_db: AsyncSession = Depends(get_db), current_user: CurrentUserModel = Depends(LoginService.get_current_user), data_scope_sql: str = Depends(GetDataScope('SysUser'))): async def update_system_role_user(request: Request, user_id: int = Query(alias='userId'), role_ids: str = Query(alias='roleIds'),
query_db: AsyncSession = Depends(get_db),
current_user: CurrentUserModel = Depends(LoginService.get_current_user),
user_data_scope_sql: str = Depends(GetDataScope('SysUser')),
role_data_scope_sql: str = Depends(GetDataScope('SysDept'))):
if not current_user.user.admin: if not current_user.user.admin:
await UserService.check_user_data_scope_services(query_db, user_id, data_scope_sql) await UserService.check_user_data_scope_services(query_db, user_id, user_data_scope_sql)
await RoleService.check_role_data_scope_services(query_db, role_ids, role_data_scope_sql)
add_user_role_result = await UserService.add_user_role_services(query_db, CrudUserRoleModel(userId=user_id, roleIds=role_ids)) add_user_role_result = await UserService.add_user_role_services(query_db, CrudUserRoleModel(userId=user_id, roleIds=role_ids))
logger.info(add_user_role_result.message) logger.info(add_user_role_result.message)

24
ruoyi-fastapi-backend/module_admin/service/user_service.py
View File

@ -1,6 +1,8 @@
from fastapi import UploadFile from fastapi import Request, UploadFile
from module_admin.service.role_service import RoleService from module_admin.service.role_service import RoleService
from module_admin.service.dept_service import DeptService
from module_admin.service.post_service import PostService, PostPageQueryModel from module_admin.service.post_service import PostService, PostPageQueryModel
from module_admin.service.config_service import ConfigService
from module_admin.entity.vo.common_vo import CrudResponseModel from module_admin.entity.vo.common_vo import CrudResponseModel
from module_admin.dao.user_dao import * from module_admin.dao.user_dao import *
from config.constant import CommonConstant from config.constant import CommonConstant
@ -298,13 +300,16 @@ class UserService:
raise e raise e
@classmethod @classmethod
async def batch_import_user_services(cls, query_db: AsyncSession, file: UploadFile, update_support: bool, current_user: CurrentUserModel): async def batch_import_user_services(cls, request: Request, query_db: AsyncSession, file: UploadFile, update_support: bool, current_user: CurrentUserModel, user_data_scope_sql: str, dept_data_scope_sql: str):
""" """
批量导入用户service 批量导入用户service
:param request: Request对象
:param query_db: orm对象 :param query_db: orm对象
:param file: 用户导入文件对象 :param file: 用户导入文件对象
:param update_support: 用户存在时是否更新 :param update_support: 用户存在时是否更新
:param current_user: 当前用户对象 :param current_user: 当前用户对象
:param user_data_scope_sql: 用户数据权限sql
:param dept_data_scope_sql: 部门数据权限sql
:return: 批量导入用户结果 :return: 批量导入用户结果
""" """
header_dict = { header_dict = {
@ -338,7 +343,7 @@ class UserService:
add_user = UserModel( add_user = UserModel(
deptId=row['dept_id'], deptId=row['dept_id'],
userName=row['user_name'], userName=row['user_name'],
password=PwdUtil.get_password_hash('123456'), password=PwdUtil.get_password_hash(await ConfigService.query_config_list_from_cache_services(request.app.state.redis, 'sys.user.initPassword')),
nickName=row['nick_name'], nickName=row['nick_name'],
email=row['email'], email=row['email'],
phonenumber=str(row['phonenumber']), phonenumber=str(row['phonenumber']),
@ -352,7 +357,7 @@ class UserService:
user_info = await UserDao.get_user_by_info(query_db, UserModel(userName=row['user_name'])) user_info = await UserDao.get_user_by_info(query_db, UserModel(userName=row['user_name']))
if user_info: if user_info:
if update_support: if update_support:
edit_user = UserModel( edit_user_model = UserModel(
userId=user_info.user_id, userId=user_info.user_id,
deptId=row['dept_id'], deptId=row['dept_id'],
userName=row['user_name'], userName=row['user_name'],
@ -363,11 +368,20 @@ class UserService:
status=row['status'], status=row['status'],
updateBy=current_user.user.user_name, updateBy=current_user.user.user_name,
updateTime=datetime.now() updateTime=datetime.now()
).model_dump(exclude_unset=True) )
edit_user_model.validate_fields()
await cls.check_user_allowed_services(edit_user_model)
if not current_user.user.admin:
await cls.check_user_data_scope_services(query_db, edit_user_model.user_id, user_data_scope_sql)
await DeptService.check_dept_data_scope_services(query_db, edit_user_model.dept_id, dept_data_scope_sql)
edit_user = edit_user_model.model_dump(exclude_unset=True)
await UserDao.edit_user_dao(query_db, edit_user) await UserDao.edit_user_dao(query_db, edit_user)
else: else:
add_error_result.append(f"{count}.用户账号{row['user_name']}已存在") add_error_result.append(f"{count}.用户账号{row['user_name']}已存在")
else: else:
add_user.validate_fields()
if not current_user.user.admin:
await DeptService.check_dept_data_scope_services(query_db, add_user.dept_id, dept_data_scope_sql)
await UserDao.add_user_dao(query_db, add_user) await UserDao.add_user_dao(query_db, add_user)
await query_db.commit() await query_db.commit()
return CrudResponseModel(is_success=True, message='\n'.join(add_error_result)) return CrudResponseModel(is_success=True, message='\n'.join(add_error_result))

Write Preview
Loading…
Cancel
Save