Optimize data permission logic and usage (#947)

* Optimize data permission rules and usage

* Update get data permission models

* Update date permission filter

* Optimize the target model logic

* Upgrade dependencies to use latest features

* Remove model warnings

* Fix the latest feature issues

* Fix the sqlalchemy Table class import

* Fix the sqlalchemy Table class compatibility

Author: wu-clan

backend/__init__.py

@@ -1 +1,17 @@
+import sqlalchemy as sa
+
+from backend.utils.import_parse import get_all_models
+
+# import all models for auto create db tables
+for cls in get_all_models():
+    if isinstance(cls, sa.Table):
+        table_name = cls.name
+        if table_name not in globals():
+            globals()[table_name] = cls
+    else:
+        class_name = cls.__name__
+        if class_name not in globals():
+            globals()[class_name] = cls
+
+
 __version__ = '1.11.2'

backend/alembic/env.py

@@ -8,17 +8,9 @@
 from sqlalchemy.engine import Connection
 from sqlalchemy.ext.asyncio import async_engine_from_config
 
-from backend.app import get_app_models
 from backend.common.model import MappedBase
 from backend.core import path_conf
 from backend.database.db import SQLALCHEMY_DATABASE_URL
-from backend.plugin.tools import get_plugin_models
-
-# import models
-for cls in get_app_models() + get_plugin_models():
-    class_name = cls.__name__
-    if class_name not in globals():
-        globals()[class_name] = cls
 
 if not os.path.exists(path_conf.ALEMBIC_VERSION_DIR):
     os.makedirs(path_conf.ALEMBIC_VERSION_DIR)

backend/app/__init__.py

@@ -1,28 +0,0 @@
-import os.path
-
-from backend.core.path_conf import BASE_PATH
-from backend.utils.import_parse import get_model_objects
-
-
-def get_app_models() -> list[type]:
-    """获取 app 所有模型类"""
-    app_path = BASE_PATH / 'app'
-    list_dirs = os.listdir(app_path)
-
-    apps = [d for d in list_dirs if os.path.isdir(os.path.join(app_path, d)) and d != '__pycache__']
-
-    objs = []
-    for app in apps:
-        module_path = f'backend.app.{app}.model'
-        obj = get_model_objects(module_path)
-        if obj:
-            objs.extend(obj)
-
-    return objs
-
-
-# import all app models for auto create db tables
-for cls in get_app_models():
-    class_name = cls.__name__
-    if class_name not in globals():
-        globals()[class_name] = cls

backend/app/admin/api/v1/sys/dept.py

@@ -1,12 +1,14 @@
 from typing import Annotated
 
-from fastapi import APIRouter, Depends, Path, Query, Request
+from fastapi import APIRouter, Depends, Path, Query
+from sqlalchemy import ColumnElement
 
+from backend.app.admin.model import Dept
 from backend.app.admin.schema.dept import CreateDeptParam, GetDeptDetail, GetDeptTree, UpdateDeptParam
 from backend.app.admin.service.dept_service import dept_service
 from backend.common.response.response_schema import ResponseModel, ResponseSchemaModel, response_base
 from backend.common.security.jwt import DependsJwtAuth
-from backend.common.security.permission import RequestPermission
+from backend.common.security.permission import DataPermissionFilter, RequestPermission
 from backend.common.security.rbac import DependsRBAC
 from backend.database.db import CurrentSession, CurrentSessionTransaction
 
@@ -24,14 +26,14 @@ async def get_dept(
 @router.get('', summary='获取部门树', dependencies=[DependsJwtAuth])
 async def get_dept_tree(
     db: CurrentSession,
-    request: Request,
+    data_filter: Annotated[ColumnElement[bool], Depends(DataPermissionFilter(Dept))],
     name: Annotated[str | None, Query(description='部门名称')] = None,
     leader: Annotated[str | None, Query(description='部门负责人')] = None,
     phone: Annotated[str | None, Query(description='联系电话')] = None,
     status: Annotated[int | None, Query(description='状态')] = None,
 ) -> ResponseSchemaModel[list[GetDeptTree]]:
     dept = await dept_service.get_tree(
-        db=db, request_user=request.user, name=name, leader=leader, phone=phone, status=status
+        db=db, data_filter=data_filter, name=name, leader=leader, phone=phone, status=status
     )
     return response_base.success(data=dept)
 

backend/app/admin/crud/crud_dept.py

@@ -1,13 +1,12 @@
 from collections.abc import Sequence
 from typing import Any
 
+from sqlalchemy import ColumnElement
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy_crud_plus import CRUDPlus, JoinConfig
 
 from backend.app.admin.model import Dept, User
 from backend.app.admin.schema.dept import CreateDeptParam, UpdateDeptParam
-from backend.app.admin.schema.user import GetUserInfoWithRelationDetail
-from backend.common.security.permission import filter_data_permission
 from backend.utils.serializers import select_join_serialize
 
 
@@ -37,7 +36,7 @@ async def get_by_name(self, db: AsyncSession, name: str) -> Dept | None:
     async def get_all(
         self,
         db: AsyncSession,
-        request_user: GetUserInfoWithRelationDetail,
+        data_filter: ColumnElement[bool],
         name: str | None,
         leader: str | None,
         phone: str | None,
@@ -47,7 +46,7 @@ async def get_all(
         获取所有部门
 
         :param db: 数据库会话
-        :param request_user: 请求用户
+        :param data_filter: 请求用户
         :param name: 部门名称
         :param leader: 负责人
         :param phone: 联系电话
@@ -65,7 +64,6 @@ async def get_all(
         if status is not None:
             filters['status'] = status
 
-        data_filter = filter_data_permission(request_user)
         return await self.select_models_order(db, 'sort', 'desc', data_filter, **filters)
 
     async def create(self, db: AsyncSession, obj: CreateDeptParam) -> None:

backend/app/admin/schema/data_rule.py

@@ -45,4 +45,4 @@ class GetDataRuleColumnDetail(SchemaBase):
     """数据规则可用模型字段详情"""
 
     key: str = Field(description='字段名')
-    comment: str = Field(description='字段评论')
+    comment: str | None = Field(description='字段评论')

backend/app/admin/service/data_rule_service.py

@@ -1,6 +1,7 @@
 from collections.abc import Sequence
 from typing import Any
 
+from sqlalchemy import Table
 from sqlalchemy.ext.asyncio import AsyncSession
 
 from backend.app.admin.crud.crud_data_rule import data_rule_dao
@@ -14,8 +15,8 @@
 from backend.app.admin.utils.cache import user_cache_manager
 from backend.common.exception import errors
 from backend.common.pagination import paging_data
+from backend.common.security.permission import get_data_permission_models
 from backend.core.conf import settings
-from backend.utils.import_parse import dynamic_import_data_model
 
 
 class DataRuleService:
@@ -39,7 +40,8 @@ async def get(*, db: AsyncSession, pk: int) -> DataRule:
     @staticmethod
     async def get_models() -> list[str]:
         """获取所有数据规则可用模型"""
-        return list(settings.DATA_PERMISSION_MODELS.keys())
+        model_exclude = ['DataScope', 'DataRule', 'sys_role_data_scope', 'sys_data_scope_rule']
+        return [m for m in list(get_data_permission_models().keys()) if m not in model_exclude]
 
     @staticmethod
     async def get_columns(model: str) -> list[GetDataRuleColumnDetail]:
@@ -49,13 +51,15 @@ async def get_columns(model: str) -> list[GetDataRuleColumnDetail]:
         :param model: 模型名称
         :return:
         """
-        if model not in settings.DATA_PERMISSION_MODELS:
+        available_models = get_data_permission_models()
+        if model not in available_models:
             raise errors.NotFoundError(msg='数据规则可用模型不存在')
-        model_ins = dynamic_import_data_model(settings.DATA_PERMISSION_MODELS[model])
+        model_ins = available_models[model]
 
+        table = model_ins if isinstance(model_ins, Table) else model_ins.__table__
         model_columns = [
             GetDataRuleColumnDetail(key=column.key, comment=column.comment)
-            for column in model_ins.__table__.columns
+            for column in table.columns
             if column.key not in settings.DATA_PERMISSION_COLUMN_EXCLUDE
         ]
         return model_columns

backend/app/admin/service/dept_service.py

@@ -1,11 +1,11 @@
 from typing import Any
 
+from sqlalchemy import ColumnElement
 from sqlalchemy.ext.asyncio import AsyncSession
 
 from backend.app.admin.crud.crud_dept import dept_dao
 from backend.app.admin.model import Dept
 from backend.app.admin.schema.dept import CreateDeptParam, UpdateDeptParam
-from backend.app.admin.schema.user import GetUserInfoWithRelationDetail
 from backend.common.exception import errors
 from backend.core.conf import settings
 from backend.database.redis import redis_client
@@ -34,7 +34,7 @@ async def get(*, db: AsyncSession, pk: int) -> Dept:
     async def get_tree(
         *,
         db: AsyncSession,
-        request_user: GetUserInfoWithRelationDetail,
+        data_filter: ColumnElement[bool],
         name: str | None,
         leader: str | None,
         phone: str | None,
@@ -44,15 +44,14 @@ async def get_tree(
         获取部门树形结构
 
         :param db: 数据库会话
-        :param request_user: 请求用户
+        :param data_filter: 请求用户
         :param name: 部门名称
         :param leader: 部门负责人
         :param phone: 联系电话
         :param status: 状态
         :return:
         """
-
-        dept_select = await dept_dao.get_all(db, request_user, name, leader, phone, status)
+        dept_select = await dept_dao.get_all(db, data_filter, name, leader, phone, status)
         tree_data = get_tree_data(dept_select)
         return tree_data