Add more Casbin related interfaces (#195)

* Add more Casbin related interfaces

* lint

* update delete all api paths

* fix decimal data format

* update add user interface return

* fix add user interface return

* fix interface path is wrong

* lint

Author: wu-clan

backend/app/api/v1/casbin.py

@@ -16,6 +16,8 @@
     CreateUserRole,
     DeleteUserRole,
     GetAllPolicy,
+    DeleteAllPolicies,
+    DeleteAllUserRoles,
 )
 from backend.app.services.casbin_service import CasbinService
 
@@ -33,13 +35,13 @@ async def get_all_casbin(
     return await response_base.success(data=page_data)
 
 
-@router.get('/policy', summary='获取所有访问权限规则', dependencies=[DependsJwtAuth])
+@router.get('/policy', summary='获取所有P权限规则', dependencies=[DependsJwtAuth])
 async def get_all_policies():
     policies = await CasbinService.get_policy_list()
     return await response_base.success(data=policies)
 
 
-@router.post('/policy', summary='添加访问权限', dependencies=[DependsRBAC])
+@router.post('/policy', summary='添加P权限规则', dependencies=[DependsRBAC])
 async def create_policy(p: CreatePolicy):
     """
     p 规则:
@@ -54,25 +56,51 @@ async def create_policy(p: CreatePolicy):
     return await response_base.success(data=data)
 
 
-@router.put('/policy', summary='更新访问权限', dependencies=[DependsRBAC])
+@router.post('/policies', summary='添加多组P权限规则', dependencies=[DependsRBAC])
+async def create_policies(ps: list[CreatePolicy]):
+    data = await CasbinService.create_policies(ps=ps)
+    return await response_base.success(data=data)
+
+
+@router.put('/policy', summary='更新P权限规则', dependencies=[DependsRBAC])
 async def update_policy(old: UpdatePolicy, new: UpdatePolicy):
     data = await CasbinService.update_policy(old=old, new=new)
     return await response_base.success(data=data)
 
 
-@router.delete('/policy', summary='删除访问权限', dependencies=[DependsRBAC])
+@router.put('/policies', summary='更新多组P权限规则', dependencies=[DependsRBAC])
+async def update_policies(old: list[UpdatePolicy], new: list[UpdatePolicy]):
+    data = await CasbinService.update_policies(old=old, new=new)
+    return await response_base.success(data=data)
+
+
+@router.delete('/policy', summary='删除P权限规则', dependencies=[DependsRBAC])
 async def delete_policy(p: DeletePolicy):
     data = await CasbinService.delete_policy(p=p)
     return await response_base.success(data=data)
 
 
-@router.get('/group', summary='获取所有组访问权限规则', dependencies=[DependsJwtAuth])
+@router.delete('/policies', summary='删除多组P权限规则', dependencies=[DependsRBAC])
+async def delete_policies(ps: list[DeletePolicy]):
+    data = await CasbinService.delete_policies(ps=ps)
+    return await response_base.success(data=data)
+
+
+@router.delete('/policies/all', summary='删除所有P权限规则', dependencies=[DependsRBAC])
+async def delete_all_policies(sub: DeleteAllPolicies):
+    count = await CasbinService.delete_all_policies(sub=sub)
+    if count > 0:
+        return await response_base.success()
+    return await response_base.fail()
+
+
+@router.get('/group', summary='获取所有G权限规则', dependencies=[DependsJwtAuth])
 async def get_all_groups():
     data = await CasbinService.get_group_list()
     return await response_base.success(data=data)
 
 
-@router.post('/group', summary='添加组访问权限', dependencies=[DependsRBAC])
+@router.post('/group', summary='添加G权限规则', dependencies=[DependsRBAC])
 async def create_group(g: CreateUserRole):
     """
     g 规则 (**依赖 p 规则**):
@@ -87,7 +115,27 @@ async def create_group(g: CreateUserRole):
     return await response_base.success(data=data)
 
 
-@router.delete('/group', summary='删除组访问权限', dependencies=[DependsRBAC])
+@router.post('/groups', summary='添加多组G权限规则', dependencies=[DependsRBAC])
+async def create_groups(gs: list[CreateUserRole]):
+    data = await CasbinService.create_groups(gs=gs)
+    return await response_base.success(data=data)
+
+
+@router.delete('/group', summary='删除G权限规则', dependencies=[DependsRBAC])
 async def delete_group(g: DeleteUserRole):
     data = await CasbinService.delete_group(g=g)
     return await response_base.success(data=data)
+
+
+@router.delete('/groups', summary='删除多组G权限规则', dependencies=[DependsRBAC])
+async def delete_groups(gs: list[DeleteUserRole]):
+    data = await CasbinService.delete_groups(gs=gs)
+    return await response_base.success(data=data)
+
+
+@router.delete('/groups/all', summary='删除所有G权限规则', dependencies=[DependsRBAC])
+async def delete_all_groups(uuid: DeleteAllUserRoles):
+    count = await CasbinService.delete_all_groups(uuid=uuid)
+    if count > 0:
+        return await response_base.success()
+    return await response_base.fail()

backend/app/api/v1/user.py

@@ -34,7 +34,9 @@ async def user_register(obj: RegisterUser):
 @router.post('/add', summary='添加用户', dependencies=[DependsRBAC])
 async def add_user(obj: AddUser):
     await UserService.add(obj=obj)
-    return await response_base.success()
+    current_user = await UserService.get_userinfo(username=obj.username)
+    data = GetAllUserInfo(**select_to_json(current_user))
+    return await response_base.success(data=data)
 
 
 @router.post('/password/reset', summary='密码重置', dependencies=[DependsJwtAuth])

backend/app/crud/crud_casbin.py

@@ -1,10 +1,11 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
-from sqlalchemy import Select, select, and_
+from sqlalchemy import Select, select, and_, delete, or_
+from sqlalchemy.ext.asyncio import AsyncSession
 
 from backend.app.crud.base import CRUDBase
 from backend.app.models import CasbinRule
-from backend.app.schemas.casbin_rule import CreatePolicy, UpdatePolicy
+from backend.app.schemas.casbin_rule import CreatePolicy, UpdatePolicy, DeleteAllPolicies, DeleteAllUserRoles
 
 
 class CRUDCasbin(CRUDBase[CasbinRule, CreatePolicy, UpdatePolicy]):
@@ -19,5 +20,17 @@ async def get_all_policy(self, ptype: str, sub: str) -> Select:
             se = se.where(and_(*where_list))
         return se
 
+    async def delete_policies_by_sub(self, db: AsyncSession, sub: DeleteAllPolicies) -> int:
+        where_list = []
+        if sub.uuid:
+            where_list.append(self.model.v0 == sub.uuid)
+        where_list.append(self.model.v0 == sub.role)
+        result = await db.execute(delete(self.model).where(or_(*where_list)))
+        return result.rowcount
+
+    async def delete_groups_by_uuid(self, db: AsyncSession, sub: DeleteAllUserRoles) -> int:
+        result = await db.execute(delete(self.model).where(self.model.v0 == sub.uuid))
+        return result.rowcount
+
 
 CasbinDao: CRUDCasbin = CRUDCasbin(CasbinRule)

backend/app/schemas/casbin_rule.py

@@ -26,6 +26,11 @@ class DeletePolicy(CreatePolicy):
     pass
 
 
+class DeleteAllPolicies(SchemaBase):
+    uuid: str | None = None
+    role: str
+
+
 class CreateUserRole(SchemaBase):
     uuid: str = Field(..., description='用户 uuid')
     role: str = Field(..., description='角色')
@@ -35,6 +40,10 @@ class DeleteUserRole(CreateUserRole):
     pass
 
 
+class DeleteAllUserRoles(SchemaBase):
+    uuid: str
+
+
 class GetAllPolicy(SchemaBase):
     id: int
     ptype: str = Field(..., description='规则类型, p 或 g')

backend/app/services/casbin_service.py

@@ -5,19 +5,27 @@
 from backend.app.common.rbac import RBAC
 from backend.app.common.exception import errors
 from backend.app.crud.crud_casbin import CasbinDao
-from backend.app.schemas.casbin_rule import CreatePolicy, UpdatePolicy, DeletePolicy, CreateUserRole, DeleteUserRole
+from backend.app.database.db_mysql import async_db_session
+from backend.app.schemas.casbin_rule import (
+    CreatePolicy,
+    UpdatePolicy,
+    DeletePolicy,
+    CreateUserRole,
+    DeleteUserRole,
+    DeleteAllPolicies,
+    DeleteAllUserRoles,
+)
 
 
 class CasbinService:
-
     @staticmethod
     async def get_casbin_list(*, ptype: str, sub: str) -> Select:
         return await CasbinDao.get_all_policy(ptype, sub)
 
     @staticmethod
     async def get_policy_list():
         enforcer = await RBAC.enforcer()
-        data = enforcer.get_policy()
+        data = await enforcer.get_policy()
         return data
 
     @staticmethod
@@ -28,24 +36,54 @@ async def create_policy(*, p: CreatePolicy):
             raise errors.ForbiddenError(msg='权限已存在')
         return data
 
+    @staticmethod
+    async def create_policies(*, ps: list[CreatePolicy]):
+        enforcer = await RBAC.enforcer()
+        data = await enforcer.add_policies([list(p.dict().values()) for p in ps])
+        if not data:
+            raise errors.ForbiddenError(msg='权限已存在')
+        return data
+
     @staticmethod
     async def update_policy(*, old: UpdatePolicy, new: UpdatePolicy):
         enforcer = await RBAC.enforcer()
-        _p = await enforcer.has_named_policy('p', old.sub, old.path, old.method)
+        _p = await enforcer.has_policy(old.sub, old.path, old.method)
         if not _p:
             raise errors.NotFoundError(msg='权限不存在')
         data = await enforcer.update_policy([old.sub, old.path, old.method], [new.sub, new.path, new.method])
         return data
 
+    @staticmethod
+    async def update_policies(*, old: list[UpdatePolicy], new: list[UpdatePolicy]):
+        enforcer = await RBAC.enforcer()
+        data = await enforcer.update_policies(
+            [list(o.dict().values()) for o in old], [list(n.dict().values()) for n in new]
+        )
+        return data
+
     @staticmethod
     async def delete_policy(*, p: DeletePolicy):
         enforcer = await RBAC.enforcer()
-        _p = await enforcer.has_named_policy('p', p.sub, p.path, p.method)
+        _p = await enforcer.has_policy(p.sub, p.path, p.method)
         if not _p:
             raise errors.NotFoundError(msg='权限不存在')
         data = await enforcer.remove_policy(p.sub, p.path, p.method)
         return data
 
+    @staticmethod
+    async def delete_policies(*, ps: list[DeletePolicy]):
+        enforcer = await RBAC.enforcer()
+        data = await enforcer.remove_policies([list(p.dict().values()) for p in ps])
+        if not data:
+            raise errors.NotFoundError(msg='权限不存在')
+        return data
+
+    @staticmethod
+    async def delete_all_policies(*, sub: DeleteAllPolicies) -> int:
+        async with async_db_session.begin() as db:
+            count = await CasbinDao.delete_policies_by_sub(db, sub)
+        return count
+
     @staticmethod
     async def get_group_list():
         enforcer = await RBAC.enforcer()
@@ -60,11 +98,33 @@ async def create_group(*, g: CreateUserRole):
             raise errors.ForbiddenError(msg='权限已存在')
         return data
 
+    @staticmethod
+    async def create_groups(*, gs: list[CreateUserRole]):
+        enforcer = await RBAC.enforcer()
+        data = await enforcer.add_grouping_policies([list(g.dict().values()) for g in gs])
+        if not data:
+            raise errors.ForbiddenError(msg='权限已存在')
+        return data
+
     @staticmethod
     async def delete_group(*, g: DeleteUserRole):
         enforcer = await RBAC.enforcer()
-        _g = await enforcer.has_named_grouping_policy('g', g.uuid, g.role)
+        _g = await enforcer.has_grouping_policy(g.uuid, g.role)
         if not _g:
             raise errors.NotFoundError(msg='权限不存在')
         data = await enforcer.remove_grouping_policy(g.uuid, g.role)
         return data
+
+    @staticmethod
+    async def delete_groups(*, gs: list[DeleteUserRole]):
+        enforcer = await RBAC.enforcer()
+        data = await enforcer.remove_grouping_policies([list(g.dict().values()) for g in gs])
+        if not data:
+            raise errors.NotFoundError(msg='权限不存在')
+        return data
+
+    @staticmethod
+    async def delete_all_groups(*, uuid: DeleteAllUserRoles) -> int:
+        async with async_db_session.begin() as db:
+            count = await CasbinDao.delete_groups_by_uuid(db, uuid)
+        return count

backend/app/utils/serializers.py

@@ -21,6 +21,8 @@ def select_to_dict(row: R) -> dict:
     for column in row.__table__.columns.keys():
         val = getattr(row, column)
         if isinstance(val, Decimal):
+            if val % 1 == 0:
+                val = int(val)
             val = float(val)
         obj_dict[column] = val
     return obj_dict