fix: 修复普通用户也能获取下属部门的数据

2025-02-24 18:33:22 +08:00 · 2025-02-24 18:33:22 +08:00 · 8edb6badc4
commit 8edb6badc4
parent afe1ae8353
4 changed files with 57 additions and 19 deletions
--- a/annotation/auth.py
+++ b/annotation/auth.py
@ -40,3 +40,16 @@ class Auth:
            raise PermissionException(message="该用户无此接口权限！")

        return wrapper
+
+
+async def hasAuth(request: Request, permission: str) -> bool:
+    """
+    判断是有拥有某项权限
+    """
+    token = request.headers.get('Authorization')  # 直接使用 request 对象
+    current_user = await LoginController.get_current_user(request, token)
+    permissions = current_user.get('permissions')
+    if permission in permissions:
+        return True
+    else:
+        return False
--- a/api/code.py
+++ b/api/code.py
@ -16,7 +16,7 @@ from fastapi import APIRouter, Depends, Path, Request, Query
 from fastapi.encoders import jsonable_encoder
 from fastapi.responses import JSONResponse, FileResponse

-from annotation.auth import Auth
+from annotation.auth import Auth, hasAuth
 from annotation.log import Log
 from config.constant import BusinessType
 from config.env import ElasticSearchConfig
@ -476,10 +476,14 @@ async def get_code_log_list(request: Request,
        startTime = datetime.fromtimestamp(startTime)
        endTime = datetime.fromtimestamp(endTime)
        filterArgs['operation_time__range'] = [startTime, endTime]
-    if not department_id:
-        filterArgs['operator__department__id__in'] = sub_departments
+    if await hasAuth(request, "code:btn:logAdmin"):
+        if department_id:
+            filterArgs['operator__department__id'] = department_id
+        else:
+            filterArgs['operator__department__id__in'] = sub_departments
    else:
-        filterArgs['operator__department__id'] = department_id
+        if department_id:
+            filterArgs['operator__department__id'] = department_id
    count = await QueryCodeLog.filter(**filterArgs, operator__del_flag=1, del_flag=1).count()
    data = await QueryCodeLog.filter(**filterArgs, operator__del_flag=1, del_flag=1).order_by("-operation_time").offset(
        (page - 1) * pageSize).limit(pageSize).values(
@ -532,10 +536,14 @@ async def get_code_log_list(request: Request,
        startTime = datetime.fromtimestamp(startTime)
        endTime = datetime.fromtimestamp(endTime)
        filterArgs['operation_time__range'] = [startTime, endTime]
-    if not department_id:
-        filterArgs['operator__department__id__in'] = sub_departments
+    if await hasAuth(request, "code:btn:logAdmin"):
+        if department_id:
+            filterArgs['operator__department__id'] = department_id
+        else:
+            filterArgs['operator__department__id__in'] = sub_departments
    else:
-        filterArgs['operator__department__id'] = department_id
+        if department_id:
+            filterArgs['operator__department__id'] = department_id
    count = await QueryCodeLog.filter(**filterArgs, operator__del_flag=1, del_flag=1).count()
    data = await QueryCodeLog.filter(**filterArgs, operator__del_flag=1, del_flag=1).order_by("-operation_time").values(
        id="id",
--- a/api/log.py
+++ b/api/log.py
@ -12,7 +12,7 @@ from fastapi import APIRouter, Depends, Path, Query, Request
 from fastapi.encoders import jsonable_encoder
 from fastapi.responses import JSONResponse

-from annotation.auth import Auth
+from annotation.auth import Auth, hasAuth
 from annotation.log import Log
 from config.constant import BusinessType, RedisKeyConfig
 from controller.login import LoginController
@ -41,9 +41,8 @@ async def get_login_log(request: Request,
                        current_user: dict = Depends(LoginController.get_current_user),
                        ):
    sub_departments = current_user.get("sub_departments")
+    user_id = current_user.get("id")
    online_user_list = await LoginController.get_online_user(request, sub_departments)
-    online_user_list = list(
-        filter(lambda x: x["department_id"] in sub_departments, jsonable_encoder(online_user_list)))
    filterArgs = {
        f'{k}__contains': v for k, v in {
            'username': username,
@ -56,10 +55,18 @@ async def get_login_log(request: Request,
        startTime = datetime.fromtimestamp(float(startTime) / 1000)
        endTime = datetime.fromtimestamp(float(endTime) / 1000)
        filterArgs['login_time__range'] = [startTime, endTime]
-    if not department_id:
-        filterArgs['user__department__id__in'] = sub_departments
+    if await hasAuth(request, "login:btn:admin"):
+        online_user_list = list(
+            filter(lambda x: x["department_id"] in sub_departments, jsonable_encoder(online_user_list)))
+        if not department_id:
+            filterArgs['user__department__id__in'] = sub_departments
+        else:
+            filterArgs['user__department__id'] = department_id
    else:
-        filterArgs['user__department__id'] = department_id
+        online_user_list = list(
+            filter(lambda x: x["user_id"] == user_id, jsonable_encoder(online_user_list)))
+        if department_id:
+            filterArgs['user__department__id'] = department_id
    result = await LoginLog.filter(**filterArgs, user__del_flag=1, del_flag=1).offset(
        (page - 1) * pageSize).limit(pageSize).values(
        id="id",
@ -171,6 +178,7 @@ async def get_operation_log(request: Request,
                            current_user: dict = Depends(LoginController.get_current_user),
                            ):
    sub_departments = current_user.get("sub_departments")
+    user_id = current_user.get("id")
    filterArgs = {
        f'{k}__contains': v for k, v in {
            'operation_name': name,
@ -185,10 +193,15 @@ async def get_operation_log(request: Request,
        startTime = datetime.fromtimestamp(float(startTime) / 1000)
        endTime = datetime.fromtimestamp(float(endTime) / 1000)
        filterArgs['operation_time__range'] = [startTime, endTime]
-    if not department_id:
-        filterArgs['department__id__in'] = sub_departments
+    if await hasAuth(request, "operation:btn:admin"):
+        if not department_id:
+            filterArgs['department__id__in'] = sub_departments
+        else:
+            filterArgs['department__id'] = department_id
    else:
-        filterArgs['department__id'] = department_id
+        filterArgs['operator__id'] = user_id
+        if department_id:
+            filterArgs['department__id'] = department_id
    result = await OperationLog.filter(**filterArgs, operator__del_flag=1, del_flag=1).offset(
        (page - 1) * pageSize).limit(
        pageSize).values(
--- a/api/role.py
+++ b/api/role.py
@ -10,7 +10,7 @@ from typing import Optional
 from fastapi import APIRouter, Depends, Path, Query, Request
 from fastapi.responses import JSONResponse

-from annotation.auth import Auth
+from annotation.auth import Auth, hasAuth
 from annotation.log import Log
 from config.constant import BusinessType, RedisKeyConfig
 from controller.login import LoginController
@ -194,8 +194,12 @@ async def get_role_list(
            "status": status
        }.items() if v
    }
-    if not department_id:
-        filterArgs["department__id__in"] = current_user.get("sub_departments")
+    if await hasAuth(request, "role:btn:admin"):
+        if not department_id:
+            filterArgs["department__id__in"] = current_user.get("sub_departments")
+    else:
+        if department_id:
+            filterArgs["department__id"] = department_id
    total = await Role.filter(**filterArgs, del_flag=1).count()
    data = await Role.filter(**filterArgs, del_flag=1).offset(
        (page - 1) * pageSize).limit(