hiderfong/prop-data-guard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8b2bc843990e98bdfcc2d8c17e74cde65758b79e
prop-data-guard/backend/app/api/v1/user.py
T
hiderfong 8b2bc84399 feat: implement full RBAC role-based access control 
Backend:
- deps.py: add require_admin, require_manager, require_labeler, require_guest_or_above
- user.py: all write endpoints require admin
- datasource.py: write/sync endpoints require admin
- metadata.py: sync endpoint requires admin
- classification.py: category/rule write requires admin; results query requires guest+ with data isolation
- project.py: GET requires manager with created_by filtering; DELETE checks ownership
- task.py: my-tasks requires labeler with assignee_id filtering; create-task requires manager
- dashboard.py: requires guest_or_above
- report.py: requires guest_or_above
- project_service: list_projects adds created_by filter; list_results adds project_ids filter

Frontend:
- stores/user.ts: add hasRole, hasAnyRole, isAdmin, isManager, isLabeler, isSuperadmin
- router/index.ts: add roles to route meta; beforeEach checks role permissions
- Layout.vue: filter menu routes by user roles
- System.vue: hide add/edit/delete buttons for non-admins
- DataSource.vue: hide add/edit/delete/sync buttons for non-admins
- Project.vue: hide add/delete buttons for non-admins
2026-04-23 12:09:32 +08:00

84 lines
2.8 KiB
Python
Raw Blame History

from typing import Optional, List
from fastapi import APIRouter, Depends, Query
from sqlalchemy.orm import Session
from app.core.database import get_db
from app.models.user import User
from app.models.user import Role, Dept
from app.schemas.user import UserCreate, UserUpdate, UserOut, RoleOut, DeptOut
from app.schemas.common import ResponseModel, ListResponse, PageParams
from app.services import user_service
from app.api.deps import get_current_user, require_admin
router = APIRouter()
@router.get("/me", response_model=ResponseModel[UserOut])
def read_me(current_user: User = Depends(get_current_user)):
return ResponseModel(data=UserOut.model_validate(current_user))
@router.get("", response_model=ListResponse[UserOut])
def list_users(
page: int = Query(1, ge=1),
page_size: int = Query(20, ge=1, le=500),
keyword: Optional[str] = Query(None),
db: Session = Depends(get_db),
current_user: User = Depends(require_admin),
):
items, total = user_service.list_users(db, keyword=keyword, page=page, page_size=page_size)
return ListResponse(data=[UserOut.model_validate(u) for u in items], total=total, page=page, page_size=page_size)
@router.post("", response_model=ResponseModel[UserOut])
def create_user(
req: UserCreate,
db: Session = Depends(get_db),
current_user: User = Depends(require_admin),
):
user = user_service.create_user(db, req)
return ResponseModel(data=UserOut.model_validate(user))
@router.put("/{user_id}", response_model=ResponseModel[UserOut])
def update_user(
user_id: int,
req: UserUpdate,
db: Session = Depends(get_db),
current_user: User = Depends(require_admin),
):
user = user_service.get_user_by_id(db, user_id)
if not user:
from fastapi import HTTPException, status
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="用户不存在")
user = user_service.update_user(db, user, req)
return ResponseModel(data=UserOut.model_validate(user))
@router.delete("/{user_id}")
def delete_user(
user_id: int,
db: Session = Depends(get_db),
current_user: User = Depends(require_admin),
):
user_service.delete_user(db, user_id)
return ResponseModel(message="删除成功")
@router.get("/roles", response_model=ResponseModel[list[RoleOut]])
def list_roles(
db: Session = Depends(get_db),
current_user: User = Depends(get_current_user),
):
items = db.query(Role).order_by(Role.id).all()
return ResponseModel(data=[RoleOut.model_validate(r) for r in items])
@router.get("/depts", response_model=ResponseModel[list[DeptOut]])
def list_depts(
db: Session = Depends(get_db),
current_user: User = Depends(get_current_user),
):
items = db.query(Dept).order_by(Dept.sort_order).all()
return ResponseModel(data=[DeptOut.model_validate(d) for d in items])
Reference in New Issue View Git Blame Copy Permalink