hiderfong/prop-data-guard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3ae151404b9abd9165b7d22a14776ed49e123ecb
prop-data-guard/backend/app/api/v1/datasource.py
T
hiderfong 8b2bc84399 feat: implement full RBAC role-based access control 
Backend:
- deps.py: add require_admin, require_manager, require_labeler, require_guest_or_above
- user.py: all write endpoints require admin
- datasource.py: write/sync endpoints require admin
- metadata.py: sync endpoint requires admin
- classification.py: category/rule write requires admin; results query requires guest+ with data isolation
- project.py: GET requires manager with created_by filtering; DELETE checks ownership
- task.py: my-tasks requires labeler with assignee_id filtering; create-task requires manager
- dashboard.py: requires guest_or_above
- report.py: requires guest_or_above
- project_service: list_projects adds created_by filter; list_results adds project_ids filter

Frontend:
- stores/user.ts: add hasRole, hasAnyRole, isAdmin, isManager, isLabeler, isSuperadmin
- router/index.ts: add roles to route meta; beforeEach checks role permissions
- Layout.vue: filter menu routes by user roles
- System.vue: hide add/edit/delete buttons for non-admins
- DataSource.vue: hide add/edit/delete/sync buttons for non-admins
- Project.vue: hide add/delete buttons for non-admins
2026-04-23 12:09:32 +08:00

82 lines
2.8 KiB
Python
Raw Blame History

from typing import Optional
from fastapi import APIRouter, Depends, Query
from sqlalchemy.orm import Session
from app.core.database import get_db
from app.models.user import User
from app.schemas.datasource import DataSourceCreate, DataSourceUpdate, DataSourceOut, DataSourceTest
from app.schemas.common import ResponseModel, ListResponse
from app.services import datasource_service
from app.api.deps import get_current_user, require_admin
router = APIRouter()
@router.get("", response_model=ListResponse[DataSourceOut])
def list_datasources(
page: int = Query(1, ge=1),
page_size: int = Query(20, ge=1, le=500),
keyword: Optional[str] = Query(None),
db: Session = Depends(get_db),
current_user: User = Depends(get_current_user),
):
items, total = datasource_service.list_datasources(db, keyword=keyword, page=page, page_size=page_size)
return ListResponse(data=[DataSourceOut.model_validate(i) for i in items], total=total, page=page, page_size=page_size)
@router.get("/{source_id}", response_model=ResponseModel[DataSourceOut])
def get_datasource(
source_id: int,
db: Session = Depends(get_db),
current_user: User = Depends(get_current_user),
):
item = datasource_service.get_datasource(db, source_id)
if not item:
from fastapi import HTTPException, status
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="数据源不存在")
return ResponseModel(data=DataSourceOut.model_validate(item))
@router.post("", response_model=ResponseModel[DataSourceOut])
def create_datasource(
req: DataSourceCreate,
db: Session = Depends(get_db),
current_user: User = Depends(require_admin),
):
item = datasource_service.create_datasource(db, req, current_user.id)
return ResponseModel(data=DataSourceOut.model_validate(item))
@router.put("/{source_id}", response_model=ResponseModel[DataSourceOut])
def update_datasource(
source_id: int,
req: DataSourceUpdate,
db: Session = Depends(get_db),
current_user: User = Depends(require_admin),
):
db_obj = datasource_service.get_datasource(db, source_id)
if not db_obj:
from fastapi import HTTPException, status
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="数据源不存在")
item = datasource_service.update_datasource(db, db_obj, req)
return ResponseModel(data=DataSourceOut.model_validate(item))
@router.delete("/{source_id}")
def delete_datasource(
source_id: int,
db: Session = Depends(get_db),
current_user: User = Depends(require_admin),
):
datasource_service.delete_datasource(db, source_id)
return ResponseModel(message="删除成功")
@router.post("/test-connection")
def test_connection(
req: DataSourceTest,
current_user: User = Depends(get_current_user),
):
result = datasource_service.test_connection(req)
return ResponseModel(data=result)
Reference in New Issue View Git Blame Copy Permalink