feat: 用户登录完成后返回有web_menu的权限

dataelement · Jun 19, 2024 · 13ded49 · 13ded49
1 parent 997cada
commit 13ded49
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 16 deletions.
diff --git a/src/backend/bisheng/api/services/user_service.py b/src/backend/bisheng/api/services/user_service.py
@@ -12,8 +12,6 @@
 from bisheng.database.models.user_role import UserRoleDao
 from fastapi import HTTPException
 from fastapi_jwt_auth import AuthJWT
-from bisheng.database.models.user import UserDao
-from bisheng.database.models.user_group import UserGroupDao
 
 
 class UserPayload:
@@ -88,26 +86,34 @@ def sso_login():
 
 
 def gen_user_role(db_user: User):
-    # 查询角色
+    # 查询用户的角色列表
     db_user_role = UserRoleDao.get_user_roles(db_user.user_id)
-    if next((user_role for user_role in db_user_role if user_role.role_id == 1), None):
-        # 是管理员，忽略其他的角色
-        role = 'admin'
-    else:
+    role = ""
+    role_ids = []
+    for user_role in db_user_role:
+        if user_role.role_id == 1:
+            # 是管理员，忽略其他的角色
+            role = 'admin'
+        else:
+            role_ids.append(user_role.role_id)
+    if role != "admin":
         # 判断是否是用户组管理员
         db_user_groups = UserGroupDao.get_user_admin_group(db_user.user_id)
         if len(db_user_groups) > 0:
             role = 'group_admin'
         else:
-            role = [user_role.role_id for user_role in db_user_role]
-    return role
+            role = role_ids
+    # 获取用户的菜单栏权限列表
+    web_menu = RoleAccessDao.get_role_access(role_ids, AccessType.WEB_MENU)
+    web_menu = list(set([one.third_id for one in web_menu]))
+    return role, web_menu
 
 
 def gen_user_jwt(db_user: User):
     if 1 == db_user.delete:
         raise HTTPException(status_code=500, detail='该账号已被禁用，请联系管理员')
     # 查询角色
-    role = gen_user_role(db_user)
+    role, web_menu = gen_user_role(db_user)
     # 生成JWT令牌
     payload = {'user_name': db_user.user_name, 'user_id': db_user.user_id, 'role': role}
     # Create the tokens and passing to set_access_cookies or set_refresh_cookies
@@ -116,7 +122,7 @@ def gen_user_jwt(db_user: User):
     refresh_token = AuthJWT().create_refresh_token(subject=db_user.user_name)
 
     # Set the JWT cookies in the response
-    return access_token, refresh_token, role
+    return access_token, refresh_token, role, web_menu
 
 
 def get_knowledge_list_by_access(role_id: int, name: str, page_num: int, page_size: int):

diff --git a/src/backend/bisheng/api/v1/user.py b/src/backend/bisheng/api/v1/user.py
@@ -101,7 +101,7 @@ async def sso(*, user: UserCreate):
                 user_exist = UserDao.add_user_and_default_role(user_exist)
             UserGroupDao.add_default_user_group(user_exist.user_id)
 
-        access_token, refresh_token, _ = gen_user_jwt(user_exist)
+        access_token, refresh_token, _, _ = gen_user_jwt(user_exist)
         return resp_200({'access_token': access_token, 'refresh_token': refresh_token})
     else:
         raise ValueError('不支持接口')
@@ -158,13 +158,13 @@ async def login(*, user: UserLogin, Authorize: AuthJWT = Depends()):
         if (datetime.now() - db_user.password_update_time).days >= password_conf.password_valid_period:
             return UserPasswordExpireError.return_resp()
 
-    access_token, refresh_token, role = gen_user_jwt(db_user)
+    access_token, refresh_token, role, web_menu = gen_user_jwt(db_user)
 
     # Set the JWT cookies in the response
     Authorize.set_access_cookies(access_token)
     Authorize.set_refresh_cookies(refresh_token)
 
-    return resp_200(UserRead(role=str(role), access_token=access_token, **db_user.__dict__))
+    return resp_200(UserRead(role=str(role), web_menu=web_menu, access_token=access_token, **db_user.__dict__))
 
 
 @router.get('/user/admin', response_model=UnifiedResponseModel[UserRead], status_code=200)
@@ -197,8 +197,8 @@ async def get_info(Authorize: AuthJWT = Depends()):
     try:
         user_id = payload.get('user_id')
         db_user = UserDao.get_user(user_id)
-        role = gen_user_role(db_user)
-        return resp_200(UserRead(role=str(role), **db_user.__dict__))
+        role, web_menu = gen_user_role(db_user)
+        return resp_200(UserRead(role=str(role), web_menu=web_menu, **db_user.__dict__))
     except Exception:
         raise HTTPException(status_code=500, detail='用户信息失败')
 

diff --git a/src/backend/bisheng/database/models/role_access.py b/src/backend/bisheng/database/models/role_access.py
@@ -47,6 +47,8 @@ class AccessType(Enum):
     GPTS_TOOL_READ = 7
     GPTS_TOOL_WRITE = 8
 
+    WEB_MENU = 99  # 前端菜单栏权限限制
+
 
 class RoleRefresh(BaseModel):
     role_id: int

diff --git a/src/backend/bisheng/database/models/user.py b/src/backend/bisheng/database/models/user.py
@@ -44,6 +44,7 @@ class UserRead(UserBase):
     user_id: Optional[int]
     role: Optional[str]
     access_token: Optional[str]
+    web_menu: Optional[List[str]]
 
 
 class UserQuery(UserBase):