refactor: rebuild backend around role-site authorization model

2026-04-02 23:58:13 +08:00
parent 0bc667847d
commit 2f92b94f59
43 changed files with 1593 additions and 2257 deletions
--- a/app/services/permission_service.py
+++ b/app/services/permission_service.py
@@ -1,13 +1,33 @@
-from app.schemas.permissions import PermissionItem, PermissionSnapshotResponse
+from app.schemas.permissions import RoleSnapshotItem, RoleSnapshotResponse


 class PermissionService:
    @staticmethod
-    def build_snapshot(user_sub: str, permissions: list[tuple[str, str, str | None, str, str]]) -> PermissionSnapshotResponse:
-        return PermissionSnapshotResponse(
+    def build_role_snapshot(user_sub: str, rows: list[tuple[str, str, str, str, str, str, str, str, str]]) -> RoleSnapshotResponse:
+        return RoleSnapshotResponse(
            user_sub=user_sub,
-            permissions=[
-                PermissionItem(scope_type=s_type, scope_id=s_id, system=system, module=module, action=action)
-                for s_type, s_id, system, module, action in permissions
+            roles=[
+                RoleSnapshotItem(
+                    site_key=site_key,
+                    site_display_name=site_display_name,
+                    company_key=company_key,
+                    company_display_name=company_display_name,
+                    system_key=system_key,
+                    system_name=system_name,
+                    role_key=role_key,
+                    role_name=role_name,
+                    idp_role_name=idp_role_name,
+                )
+                for (
+                    site_key,
+                    site_display_name,
+                    company_key,
+                    company_display_name,
+                    system_key,
+                    system_name,
+                    role_key,
+                    role_name,
+                    idp_role_name,
+                ) in rows
            ],
        )