权限管理,没有页面修改之前版本
This commit is contained in:
@ -80,7 +80,6 @@ def create_app():
|
||||
|
||||
# -----------------------------------------------------
|
||||
# 2.4 注册业务操作模块 (Transactions - 借还/维修/报废)
|
||||
# ★★★ 关键修改:将前缀改为 /api/v1/transactions 以匹配前端请求 ★★★
|
||||
# -----------------------------------------------------
|
||||
try:
|
||||
from app.api.v1.transactions import trans_bp
|
||||
@ -90,8 +89,7 @@ def create_app():
|
||||
app.register_blueprint(trans_bp, url_prefix='/api/transactions', name='trans_legacy')
|
||||
print("✅ Transactions 模块注册成功")
|
||||
except ImportError as e:
|
||||
# 允许模块不存在时不崩溃,但在开发借还功能时这里报错说明 trans_bp 定义有问题
|
||||
print(f"⚠️ 提示: Transaction 模块导入失败 (请检查 app/api/v1/transactions.py): {e}")
|
||||
print(f"⚠️ 提示: Transaction 模块导入失败: {e}")
|
||||
|
||||
# -----------------------------------------------------
|
||||
# 2.5 注册出库模块 (Outbound)
|
||||
@ -119,6 +117,19 @@ def create_app():
|
||||
except ImportError as e:
|
||||
print(f"❌ 错误: BOM 模块导入失败: {e}")
|
||||
|
||||
# -----------------------------------------------------
|
||||
# 2.7 注册权限管理模块 (Permission) - [新增]
|
||||
# -----------------------------------------------------
|
||||
try:
|
||||
from app.api.v1.permission import permission_bp
|
||||
# 标准: /api/v1/permissions/tree
|
||||
app.register_blueprint(permission_bp, url_prefix='/api/v1/permissions')
|
||||
# 兼容: /api/permissions/tree
|
||||
app.register_blueprint(permission_bp, url_prefix='/api/permissions', name='permission_legacy')
|
||||
print("✅ Permission 模块注册成功")
|
||||
except ImportError as e:
|
||||
print(f"❌ 错误: Permission 模块导入失败 (请检查 app/api/v1/permission.py 是否存在): {e}")
|
||||
|
||||
# =========================================================
|
||||
# 3. 预加载数据模型
|
||||
# =========================================================
|
||||
@ -133,8 +144,8 @@ def create_app():
|
||||
# 出库模型
|
||||
from app.models.outbound import TransOutbound
|
||||
|
||||
# 系统与业务模型
|
||||
from app.models.system import SysUser, SysLog
|
||||
# 系统与业务模型 (SysRolePermission 等在 models.system 中)
|
||||
from app.models.system import SysUser, SysLog, SysMenu, SysElement, SysRolePermission
|
||||
# 确保借还模型被加载
|
||||
from app.models.transaction import TransBorrow, TransRepair, TransScrap
|
||||
|
||||
@ -146,4 +157,4 @@ def create_app():
|
||||
except Exception as e:
|
||||
print(f"⚠️ 模型预加载发生未知错误: {e}")
|
||||
|
||||
return app
|
||||
return app
|
||||
@ -87,4 +87,21 @@ def delete_user(user_id):
|
||||
return jsonify({'msg': '删除成功'}), 200
|
||||
except Exception as e:
|
||||
current_app.logger.error(f"Delete User Failed: {str(e)}")
|
||||
return jsonify({'msg': str(e)}), 400
|
||||
return jsonify({'msg': str(e)}), 400
|
||||
|
||||
|
||||
@auth_bp.route('/my-permissions', methods=['GET'])
|
||||
@jwt_required()
|
||||
def get_my_permissions():
|
||||
"""获取当前登录用户的权限列表"""
|
||||
try:
|
||||
claims = get_jwt()
|
||||
role = claims.get('role')
|
||||
|
||||
# 调用 Service 获取权限
|
||||
permissions = AuthService.get_user_permissions(role)
|
||||
|
||||
return jsonify({'msg': '获取成功', 'data': permissions}), 200
|
||||
except Exception as e:
|
||||
current_app.logger.error(f"Get Permissions Failed: {str(e)}")
|
||||
return jsonify({'msg': '获取权限失败'}), 500
|
||||
48
inventory-backend/app/api/v1/permission.py
Normal file
48
inventory-backend/app/api/v1/permission.py
Normal file
@ -0,0 +1,48 @@
|
||||
# inventory-backend/app/api/v1/permission.py
|
||||
from flask import Blueprint, request, jsonify, current_app
|
||||
from flask_jwt_extended import jwt_required
|
||||
from app.services.permission_service import PermissionService
|
||||
|
||||
permission_bp = Blueprint('permission', __name__)
|
||||
|
||||
|
||||
@permission_bp.route('/tree', methods=['GET'])
|
||||
@jwt_required()
|
||||
def get_tree():
|
||||
"""获取权限树"""
|
||||
try:
|
||||
data = PermissionService.get_permission_tree()
|
||||
return jsonify({'code': 200, 'msg': '获取成功', 'data': data}), 200
|
||||
except Exception as e:
|
||||
# 打印详细错误到控制台,方便调试
|
||||
current_app.logger.error(f"Get Tree Failed: {str(e)}")
|
||||
# 返回 500 时带上错误信息
|
||||
return jsonify({'code': 500, 'msg': f'服务器内部错误: {str(e)}'}), 500
|
||||
|
||||
|
||||
@permission_bp.route('/role/<string:role_code>', methods=['GET'])
|
||||
@jwt_required()
|
||||
def get_role_perms(role_code):
|
||||
"""获取某个角色的权限列表"""
|
||||
try:
|
||||
data = PermissionService.get_role_permissions(role_code)
|
||||
return jsonify({'code': 200, 'msg': '获取成功', 'data': data}), 200
|
||||
except Exception as e:
|
||||
current_app.logger.error(f"Get Role Perms Failed: {str(e)}")
|
||||
return jsonify({'code': 500, 'msg': str(e)}), 500
|
||||
|
||||
|
||||
@permission_bp.route('/assign', methods=['POST'])
|
||||
@jwt_required()
|
||||
def assign_perms():
|
||||
"""保存权限分配"""
|
||||
try:
|
||||
data = request.get_json()
|
||||
role_code = data.get('role_code')
|
||||
permissions = data.get('permissions', []) # list of codes
|
||||
|
||||
PermissionService.assign_permissions(role_code, permissions)
|
||||
return jsonify({'code': 200, 'msg': '保存成功'}), 200
|
||||
except Exception as e:
|
||||
current_app.logger.error(f"Assign Perms Failed: {str(e)}")
|
||||
return jsonify({'code': 500, 'msg': str(e)}), 500
|
||||
@ -1,14 +1,17 @@
|
||||
# app/models/system.py
|
||||
# inventory-backend/app/models/system.py
|
||||
from app.extensions import db
|
||||
from werkzeug.security import generate_password_hash, check_password_hash
|
||||
from datetime import datetime
|
||||
|
||||
|
||||
# ==========================================
|
||||
# 1. 系统用户表
|
||||
# ==========================================
|
||||
class SysUser(db.Model):
|
||||
"""
|
||||
系统用户表
|
||||
对应数据库: sys_user
|
||||
username 字段存储格式约定: "真实姓名/登录账号" (例如: 张三/zhangsan)
|
||||
username 字段存储格式约定: "真实姓名/登录账号" (例如: 张三/zhangsan01)
|
||||
"""
|
||||
__tablename__ = 'sys_user'
|
||||
|
||||
@ -19,8 +22,7 @@ class SysUser(db.Model):
|
||||
role = db.Column(db.String(50))
|
||||
status = db.Column(db.String(20), default='active')
|
||||
password_hash = db.Column(db.Text)
|
||||
|
||||
# created_at 已在数据库脚本中移除,此处不再定义
|
||||
created_at = db.Column(db.DateTime, default=datetime.now)
|
||||
|
||||
def set_password(self, password):
|
||||
"""生成加密密码"""
|
||||
@ -45,23 +47,27 @@ class SysUser(db.Model):
|
||||
parts = raw_name.split('/')
|
||||
real_name = parts[0]
|
||||
acc_id = parts[1]
|
||||
# 格式化为前端展示格式: 张三(zhangsan)
|
||||
# 格式化为前端展示格式: 张三(zhangsan01)
|
||||
display_name = f"{real_name}({acc_id})"
|
||||
# 单独提取账号ID (如果前端需要单独用)
|
||||
account_id = acc_id
|
||||
|
||||
return {
|
||||
'id': self.id,
|
||||
'username': display_name, # 列表显示: 张三(zhangsan)
|
||||
'username': display_name, # 列表显示: 张三(zhangsan01)
|
||||
'raw_username': self.username, # 原始数据
|
||||
'account_id': account_id, # 纯账号ID: zhangsan
|
||||
'account_id': account_id, # 纯账号ID: zhangsan01
|
||||
'email': self.email,
|
||||
'department': self.department,
|
||||
'role': self.role,
|
||||
'status': self.status
|
||||
'status': self.status,
|
||||
'created_at': self.created_at.isoformat() if self.created_at else None
|
||||
}
|
||||
|
||||
|
||||
# ==========================================
|
||||
# 2. 系统日志表
|
||||
# ==========================================
|
||||
class SysLog(db.Model):
|
||||
"""
|
||||
系统操作日志表
|
||||
@ -88,4 +94,58 @@ class SysLog(db.Model):
|
||||
'module_name': self.module_name,
|
||||
'action_type': self.action_type,
|
||||
'description': self.description
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# ==========================================
|
||||
# 3. 权限管理模型 (RBAC) - [新增]
|
||||
# ==========================================
|
||||
|
||||
class SysMenu(db.Model):
|
||||
"""系统菜单/页面表"""
|
||||
__tablename__ = 'sys_menu'
|
||||
id = db.Column(db.Integer, primary_key=True)
|
||||
parent_id = db.Column(db.Integer, default=0)
|
||||
name = db.Column(db.String(50), nullable=False)
|
||||
code = db.Column(db.String(100), unique=True, nullable=False)
|
||||
path = db.Column(db.String(200))
|
||||
sort_order = db.Column(db.Integer, default=0)
|
||||
is_visible = db.Column(db.Boolean, default=True)
|
||||
|
||||
def to_dict(self):
|
||||
return {
|
||||
'id': self.id,
|
||||
'name': self.name,
|
||||
'code': self.code,
|
||||
'path': self.path,
|
||||
'type': 'menu' # 前端树形控件图标判断用
|
||||
}
|
||||
|
||||
|
||||
class SysElement(db.Model):
|
||||
"""页面元素/列定义表"""
|
||||
__tablename__ = 'sys_element'
|
||||
id = db.Column(db.Integer, primary_key=True)
|
||||
menu_code = db.Column(db.String(100), db.ForeignKey('sys_menu.code'))
|
||||
name = db.Column(db.String(100), nullable=False)
|
||||
code = db.Column(db.String(100), nullable=False) # 如: unit_price
|
||||
element_type = db.Column(db.String(20), default='column')
|
||||
|
||||
def to_dict(self):
|
||||
return {
|
||||
'id': self.id,
|
||||
'name': self.name,
|
||||
'code': self.code,
|
||||
'menu_code': self.menu_code,
|
||||
'type': 'element',
|
||||
'element_type': self.element_type
|
||||
}
|
||||
|
||||
|
||||
class SysRolePermission(db.Model):
|
||||
"""角色权限关联表"""
|
||||
__tablename__ = 'sys_role_permission'
|
||||
id = db.Column(db.Integer, primary_key=True)
|
||||
role_code = db.Column(db.String(50), nullable=False)
|
||||
target_code = db.Column(db.String(100), nullable=False) # menu_code 或 element_code
|
||||
type = db.Column(db.String(20), nullable=False) # 'menu' 或 'element'
|
||||
@ -1,11 +1,10 @@
|
||||
# app/services/auth_service.py
|
||||
from app.models.system import SysUser
|
||||
from app.models.system import SysUser, SysRolePermission # <== 引入 SysRolePermission
|
||||
from app.extensions import db
|
||||
from flask_jwt_extended import create_access_token
|
||||
from app.utils.constants import UserRole
|
||||
from datetime import timedelta
|
||||
|
||||
|
||||
class AuthService:
|
||||
# 硬编码的超级管理员凭证
|
||||
SUPER_ADMIN_USER = "IRIS"
|
||||
@ -211,4 +210,37 @@ class AuthService:
|
||||
|
||||
db.session.delete(user)
|
||||
db.session.commit()
|
||||
return True
|
||||
return True
|
||||
|
||||
@staticmethod
|
||||
def get_user_permissions(role_code):
|
||||
"""
|
||||
获取指定角色的所有权限代码列表
|
||||
返回格式: {
|
||||
'menus': ['inbound_buy', 'system_user'],
|
||||
'elements': ['inbound_buy:unit_price', ...]
|
||||
}
|
||||
"""
|
||||
# 1. 查菜单权限
|
||||
menu_perms = SysRolePermission.query.filter_by(
|
||||
role_code=role_code,
|
||||
type='menu'
|
||||
).all()
|
||||
menu_codes = [p.target_code for p in menu_perms]
|
||||
|
||||
# 2. 查元素(列)权限
|
||||
# 注意:这里我们只返回用户拥有的。前端逻辑是:"如果列配置了Key且用户没这个Key,则隐藏"
|
||||
element_perms = SysRolePermission.query.filter_by(
|
||||
role_code=role_code,
|
||||
type='element'
|
||||
).all()
|
||||
|
||||
# 这里的 target_code 就是列的 code (如 unit_price)
|
||||
# 为了防止不同页面有相同列名导致的混淆,我们之前数据库设计是做了隔离的
|
||||
# 但为了前端处理方便,我们直接返回列的 code 集合
|
||||
element_codes = [p.target_code for p in element_perms]
|
||||
|
||||
return {
|
||||
'menus': menu_codes,
|
||||
'elements': element_codes
|
||||
}
|
||||
89
inventory-backend/app/services/permission_service.py
Normal file
89
inventory-backend/app/services/permission_service.py
Normal file
@ -0,0 +1,89 @@
|
||||
# inventory-backend/app/services/permission_service.py
|
||||
from app.models.system import SysMenu, SysElement, SysRolePermission
|
||||
from app.extensions import db
|
||||
|
||||
|
||||
class PermissionService:
|
||||
@staticmethod
|
||||
def get_permission_tree():
|
||||
"""
|
||||
获取完整的权限树(菜单 -> 元素)
|
||||
供前端权限配置页面展示
|
||||
"""
|
||||
# 1. 获取所有菜单
|
||||
menus = SysMenu.query.order_by(SysMenu.sort_order).all()
|
||||
# 2. 获取所有元素
|
||||
elements = SysElement.query.all()
|
||||
|
||||
# 3. 组装树结构
|
||||
tree_data = []
|
||||
for menu in menus:
|
||||
menu_dict = menu.to_dict()
|
||||
|
||||
# 找该菜单下的所有元素
|
||||
children = []
|
||||
for el in elements:
|
||||
if el.menu_code == menu.code:
|
||||
children.append(el.to_dict())
|
||||
|
||||
# 如果有子元素,加到 children
|
||||
if children:
|
||||
menu_dict['children'] = children
|
||||
|
||||
tree_data.append(menu_dict)
|
||||
|
||||
return tree_data
|
||||
|
||||
@staticmethod
|
||||
def get_role_permissions(role_code):
|
||||
"""获取指定角色拥有的所有权限Code"""
|
||||
perms = SysRolePermission.query.filter_by(role_code=role_code).all()
|
||||
|
||||
# 将结果分为 menus 和 elements (虽然前端目前合并处理,但分开更清晰)
|
||||
menu_codes = []
|
||||
element_codes = []
|
||||
|
||||
for p in perms:
|
||||
if p.type == 'menu':
|
||||
menu_codes.append(p.target_code)
|
||||
else:
|
||||
element_codes.append(p.target_code)
|
||||
|
||||
# 返回结构适配前端
|
||||
return {
|
||||
'menus': menu_codes,
|
||||
'elements': element_codes
|
||||
}
|
||||
|
||||
@staticmethod
|
||||
def assign_permissions(role_code, permission_codes):
|
||||
"""
|
||||
保存角色的权限
|
||||
permission_codes: 前端传来的 list,包含 menu_code 和 element_code
|
||||
"""
|
||||
if not role_code:
|
||||
raise ValueError("角色代码不能为空")
|
||||
|
||||
# 1. 删除该角色旧的所有权限
|
||||
SysRolePermission.query.filter_by(role_code=role_code).delete()
|
||||
|
||||
# 2. 批量添加新权限
|
||||
if permission_codes and len(permission_codes) > 0:
|
||||
# 预先获取所有菜单代码,用于判断类型
|
||||
all_menu_codes = {m.code for m in SysMenu.query.all()}
|
||||
|
||||
new_records = []
|
||||
for code in permission_codes:
|
||||
# 简单判断:如果在菜单表里有,就是 menu,否则是 element
|
||||
p_type = 'menu' if code in all_menu_codes else 'element'
|
||||
|
||||
new_records.append(SysRolePermission(
|
||||
role_code=role_code,
|
||||
target_code=code,
|
||||
type=p_type
|
||||
))
|
||||
|
||||
db.session.add_all(new_records)
|
||||
|
||||
db.session.commit()
|
||||
return True
|
||||
Reference in New Issue
Block a user