refactor: rebuild backend around role-site authorization model

2026-04-02 23:58:13 +08:00
parent 0bc667847d
commit 2f92b94f59
43 changed files with 1593 additions and 2257 deletions
--- a/app/api/internal_catalog.py
+++ b/app/api/internal_catalog.py
@@ -3,14 +3,15 @@ from sqlalchemy.orm import Session

 from app.db.session import get_db
 from app.repositories.companies_repo import CompaniesRepository
-from app.repositories.modules_repo import ModulesRepository
+from app.repositories.roles_repo import RolesRepository
 from app.repositories.sites_repo import SitesRepository
 from app.repositories.systems_repo import SystemsRepository
 from app.repositories.users_repo import UsersRepository
 from app.schemas.internal import (
    InternalCompanyListResponse,
    InternalMemberListResponse,
-    InternalModuleListResponse,
+    InternalRoleItem,
+    InternalRoleListResponse,
    InternalSiteListResponse,
    InternalSystemListResponse,
 )
@@ -27,24 +28,13 @@ def internal_list_systems(
 ) -> InternalSystemListResponse:
    repo = SystemsRepository(db)
    items, total = repo.list(limit=limit, offset=offset)
-    return {"items": [{"id": i.id, "system_key": i.system_key, "name": i.name, "status": i.status} for i in items], "total": total, "limit": limit, "offset": offset}
-
-
-@router.get("/modules", response_model=InternalModuleListResponse)
-def internal_list_modules(
-    db: Session = Depends(get_db),
-    limit: int = Query(default=500, ge=1, le=2000),
-    offset: int = Query(default=0, ge=0),
-) -> InternalModuleListResponse:
-    modules_repo = ModulesRepository(db)
-    items, total = modules_repo.list(limit=limit, offset=offset)
    return {
        "items": [
            {
                "id": i.id,
-                "module_key": i.module_key,
                "system_key": i.system_key,
                "name": i.name,
+                "idp_client_id": i.idp_client_id,
                "status": i.status,
            }
            for i in items
@@ -55,6 +45,43 @@ def internal_list_modules(
    }


+@router.get("/roles", response_model=InternalRoleListResponse)
+def internal_list_roles(
+    db: Session = Depends(get_db),
+    system_key: str | None = Query(default=None),
+    limit: int = Query(default=500, ge=1, le=2000),
+    offset: int = Query(default=0, ge=0),
+) -> InternalRoleListResponse:
+    systems_repo = SystemsRepository(db)
+    roles_repo = RolesRepository(db)
+
+    system_id = None
+    systems, _ = systems_repo.list(limit=5000, offset=0)
+    system_map = {s.id: s for s in systems}
+    if system_key:
+        system = systems_repo.get_by_key(system_key)
+        if not system:
+            return InternalRoleListResponse(items=[], total=0, limit=limit, offset=offset)
+        system_id = system.id
+
+    items, total = roles_repo.list(system_id=system_id, limit=limit, offset=offset)
+    rows = [
+        InternalRoleItem(
+            id=i.id,
+            role_key=i.role_key,
+            system_key=system_map[i.system_id].system_key,
+            system_name=system_map[i.system_id].name,
+            name=i.name,
+            idp_role_name=i.idp_role_name,
+            description=i.description,
+            status=i.status,
+        )
+        for i in items
+        if i.system_id in system_map
+    ]
+    return InternalRoleListResponse(items=rows, total=total, limit=limit, offset=offset)
+
+
@router.get("/companies", response_model=InternalCompanyListResponse)
 def internal_list_companies(
    db: Session = Depends(get_db),
@@ -64,7 +91,21 @@ def internal_list_companies(
 ) -> InternalCompanyListResponse:
    repo = CompaniesRepository(db)
    items, total = repo.list(keyword=keyword, limit=limit, offset=offset)
-    return {"items": [{"id": i.id, "company_key": i.company_key, "name": i.name, "status": i.status} for i in items], "total": total, "limit": limit, "offset": offset}
+    return {
+        "items": [
+            {
+                "id": i.id,
+                "company_key": i.company_key,
+                "display_name": i.display_name,
+                "legal_name": i.legal_name,
+                "status": i.status,
+            }
+            for i in items
+        ],
+        "total": total,
+        "limit": limit,
+        "offset": offset,
+    }


@router.get("/sites", response_model=InternalSiteListResponse)
@@ -81,10 +122,27 @@ def internal_list_sites(
        company = companies_repo.get_by_key(company_key)
        if company:
            company_id = company.id
-    companies, _ = companies_repo.list(limit=2000, offset=0)
-    mapping = {c.id: c.company_key for c in companies}
+    companies, _ = companies_repo.list(limit=5000, offset=0)
+    mapping = {c.id: c for c in companies}
    items, total = sites_repo.list(company_id=company_id, limit=limit, offset=offset)
-    return {"items": [{"id": i.id, "site_key": i.site_key, "company_key": mapping.get(i.company_id), "name": i.name, "status": i.status} for i in items], "total": total, "limit": limit, "offset": offset}
+    return {
+        "items": [
+            {
+                "id": i.id,
+                "site_key": i.site_key,
+                "company_key": mapping[i.company_id].company_key,
+                "company_display_name": mapping[i.company_id].display_name,
+                "display_name": i.display_name,
+                "domain": i.domain,
+                "status": i.status,
+            }
+            for i in items
+            if i.company_id in mapping
+        ],
+        "total": total,
+        "limit": limit,
+        "offset": offset,
+    }


@router.get("/members", response_model=InternalMemberListResponse)
@@ -105,6 +163,7 @@ def internal_list_members(
                "email": i.email,
                "display_name": i.display_name,
                "is_active": i.is_active,
+                "status": i.status,
            }
            for i in items
        ],