Skip to content

Commit f883248

Browse files
amisadminamisadmin
committed
perf: 优化项目结构, 方便后期将BaseAuthFieldModelAdmin,BaseAuthSelectModelAdmin加入fastapi-amis-admin
1 parent 61c19df commit f883248

File tree

1 file changed

+35
-15
lines changed

1 file changed

+35
-15
lines changed

fastapi_user_auth/mixins/admin.py

Lines changed: 35 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -73,7 +73,7 @@ class SoftDeleteModelAdmin(AutoTimeModelAdmin):
7373

7474
def __init__(self, app: "AdminApp"):
7575
super().__init__(app)
76-
assert hasattr(self.model, "delete_time"), "SoftDeleteAdminMixin需要在模型中定义delete_time字段"
76+
assert hasattr(self.model, "delete_time"), "SoftDeleteModelAdmin需要在模型中定义delete_time字段"
7777

7878
async def get_select(self, request: Request):
7979
sel = await super().get_select(request)
@@ -92,7 +92,7 @@ async def get_list_table(self, request: Request) -> TableCRUD:
9292
return table
9393

9494

95-
class AuthFieldModelAdmin(admin.ModelAdmin):
95+
class BaseAuthFieldModelAdmin(admin.ModelAdmin):
9696
"""字段级别权限控制模型管理.
9797
- xxx_permission_fields:
9898
1.动作权限字段,可以通过覆盖这些属性来控制哪些字段需要进行权限验证.
@@ -164,10 +164,7 @@ def filter_permission_fields(self) -> Dict[str, str]:
164164

165165
async def has_field_permission(self, request: Request, field: str, action: str = "") -> bool:
166166
"""判断用户是否有字段权限"""
167-
subject = await self.site.auth.get_current_user_identity(request) or SystemUserEnum.GUEST
168-
action += ""
169-
effect = self.site.auth.enforcer.enforce("u:" + subject, self.unique_id, f"page:{action}:{field}", f"page:{action}")
170-
return effect
167+
return True
171168

172169
async def get_deny_fields(self, request: Request, action: str = None) -> Set[str]:
173170
"""获取没有权限的字段"""
@@ -191,7 +188,7 @@ async def get_deny_fields(self, request: Request, action: str = None) -> Set[str
191188
fields = {field for field in check_fields if not await self.has_field_permission(request, field, action)}
192189
request_cache[action] = fields
193190
if cache_key not in request.scope:
194-
request.scope[f"{self.unique_id}_exclude_fields"] = request_cache
191+
request.scope[cache_key] = request_cache
195192
return fields
196193

197194
async def on_list_after(self, request: Request, result: Result, data: ItemListSchema, **kwargs) -> ItemListSchema:
@@ -257,23 +254,31 @@ async def get_list_column(self, request: Request, modelfield: ModelField) -> Opt
257254
return column
258255

259256

260-
class AuthSelectModelAdmin(admin.ModelAdmin):
257+
class AuthFieldModelAdmin(BaseAuthFieldModelAdmin):
258+
async def has_field_permission(self, request: Request, field: str, action: str = "") -> bool:
259+
"""判断用户是否有字段权限"""
260+
subject = await self.site.auth.get_current_user_identity(request) or SystemUserEnum.GUEST
261+
action += ""
262+
effect = self.site.auth.enforcer.enforce("u:" + subject, self.unique_id, f"page:{action}:{field}", f"page:{action}")
263+
return effect
264+
265+
266+
class BaseAuthSelectModelAdmin(admin.ModelAdmin):
261267
"""包含选择数据集权限控制的模型管理"""
262268

263269
select_permissions: List[SelectPerm] = []
264270
"""需要进行权限控制的数据集列表"""
265271

266272
async def has_select_permission(self, request: Request, name: str) -> bool:
267273
"""判断用户是否有数据集权限"""
268-
subject = await self.site.auth.get_current_user_identity(request) or SystemUserEnum.GUEST
269-
effect = self.site.auth.enforcer.enforce("u:" + subject, self.unique_id, f"page:select:{name}", "page:select")
270-
return effect
274+
return True
271275

272276
async def get_select(self, request: Request) -> Select:
273277
sel = await super().get_select(request)
274-
subject = await self.site.auth.get_current_user_identity(request)
275-
if subject == SystemUserEnum.ROOT:
276-
return sel
278+
return await self.filter_select(request, sel)
279+
280+
async def filter_select(self, request: Request, sel: Select) -> Select:
281+
"""在sel中添加权限过滤条件"""
277282
for permission in self.select_permissions:
278283
if not isinstance(permission, SelectPerm):
279284
continue
@@ -286,7 +291,22 @@ async def get_select(self, request: Request) -> Select:
286291
return sel
287292

288293

289-
class AuthFieldFormAdmin(admin.FormAdmin):
294+
class AuthSelectModelAdmin(BaseAuthSelectModelAdmin):
295+
async def has_select_permission(self, request: Request, name: str) -> bool:
296+
"""判断用户是否有数据集权限"""
297+
subject = await self.site.auth.get_current_user_identity(request) or SystemUserEnum.GUEST
298+
effect = self.site.auth.enforcer.enforce("u:" + subject, self.unique_id, f"page:select:{name}", "page:select")
299+
return effect
300+
301+
async def filter_select(self, request: Request, sel: Select) -> Select:
302+
"""在sel中添加权限过滤条件"""
303+
subject = await self.site.auth.get_current_user_identity(request)
304+
if subject == SystemUserEnum.ROOT:
305+
return sel
306+
return await super().filter_select(request, sel)
307+
308+
309+
class BaseAuthFieldFormAdmin(admin.FormAdmin):
290310
"""#todo 字段级别权限控制表单管理"""
291311

292312
pass

0 commit comments

Comments
 (0)