Add data permission condition for filter data (#648)

Author: wu-clan

backend/app/admin/model/role.py

@@ -4,9 +4,9 @@
 
 from typing import TYPE_CHECKING
 
-from sqlalchemy import String
+from sqlalchemy import Boolean, String
 from sqlalchemy.dialects.mysql import LONGTEXT
-from sqlalchemy.dialects.postgresql import TEXT
+from sqlalchemy.dialects.postgresql import INTEGER, TEXT
 from sqlalchemy.orm import Mapped, mapped_column, relationship
 
 from backend.app.admin.model.m2m import sys_role_data_scope, sys_role_menu, sys_user_role
@@ -24,6 +24,9 @@ class Role(Base):
     id: Mapped[id_key] = mapped_column(init=False)
     name: Mapped[str] = mapped_column(String(20), unique=True, comment='角色名称')
     status: Mapped[int] = mapped_column(default=1, comment='角色状态（0停用 1正常）')
+    is_filter_scopes: Mapped[bool] = mapped_column(
+        Boolean().with_variant(INTEGER, 'postgresql'), default=False, comment='过滤数据权限(0否 1是)'
+    )
     remark: Mapped[str | None] = mapped_column(
         LONGTEXT().with_variant(TEXT, 'postgresql'), default=None, comment='备注'
     )

backend/app/admin/schema/role.py

@@ -15,6 +15,7 @@ class RoleSchemaBase(SchemaBase):
 
     name: str = Field(description='角色名称')
     status: StatusType = Field(StatusType.enable, description='状态')
+    is_filter_scopes: bool = Field(False, description='过滤数据权限')
     remark: str | None = Field(None, description='备注')
 
 

backend/common/security/permission.py

@@ -56,6 +56,11 @@ async def filter_data_permission(db: AsyncSession, request: Request) -> ColumnEl
     :param request: FastAPI 请求对象
     :return:
     """
+    # 是否过滤数据权限
+    for role in request.user.roles:
+        if role.is_filter_scopes:
+            return or_(1 == 1)
+
     # 获取数据范围
     unique_data_scopes = {}
     for role in request.user.roles: