member/member-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(role): add role_code across schema and APIs

Browse Source
This commit is contained in:
Chris
2026-04-03 15:49:22 +08:00
parent 94cec746cb
commit 405000ded5
15 changed files with 91 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app/api/admin_catalog.py
View File

@@ -71,6 +71,13 @@ def _generate_unique_key(prefix: str, exists_check) -> str:
raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail=f"failed_generate_{prefix.lower()}_key")
def _resolve_role_code(value: str | None, fallback_name: str) -> str:
candidate = (value or "").strip()
if candidate:
return candidate
return fallback_name.strip()
def _company_item(company) -> CompanyItem:
return CompanyItem(
id=company.id,
@@ -451,6 +458,7 @@ def list_roles(
RoleItem(
id=row.id,
role_key=row.role_key,
role_code=row.role_code,
system_key=system_map[row.system_id].system_key,
system_name=system_map[row.system_id].name,
name=row.name,
@@ -481,9 +489,11 @@ def create_role(payload: RoleCreateRequest, db: Session = Depends(get_db)) -> Ro
)
role_key = _generate_unique_key("RL", lambda key: roles_repo.get_by_key(key) is not None)
role_code = _resolve_role_code(payload.role_code, payload.name)
try:
row = roles_repo.create(
role_key=role_key,
role_code=role_code,
system_id=system.id,
name=payload.name,
description=payload.description,
@@ -496,6 +506,7 @@ def create_role(payload: RoleCreateRequest, db: Session = Depends(get_db)) -> Ro
return RoleItem(
id=row.id,
role_key=row.role_key,
role_code=row.role_code,
system_key=system.system_key,
system_name=system.name,
name=row.name,
@@ -527,6 +538,7 @@ def update_role(role_key: str, payload: RoleUpdateRequest, db: Session = Depends
system_id = system.id
target_system = system
next_provider_role_name = payload.name if payload.name is not None else role.name
next_role_code = _resolve_role_code(payload.role_code, next_provider_role_name)
next_description = payload.description if payload.description is not None else role.description
if target_system.id != old_system.id:
@@ -551,6 +563,7 @@ def update_role(role_key: str, payload: RoleUpdateRequest, db: Session = Depends
role = roles_repo.update(
role,
system_id=system_id,
role_code=next_role_code,
name=payload.name,
description=payload.description,
status=payload.status,
@@ -566,6 +579,7 @@ def update_role(role_key: str, payload: RoleUpdateRequest, db: Session = Depends
return RoleItem(
id=role.id,
role_key=role.role_key,
role_code=role.role_code,
system_key=system.system_key,
system_name=system.name,
name=role.name,
@@ -610,6 +624,7 @@ def list_system_roles(system_key: str, db: Session = Depends(get_db)) -> SystemR
RoleItem(
id=row.id,
role_key=row.role_key,
role_code=row.role_code,
system_key=system.system_key,
system_name=system.name,
name=row.name,
@@ -637,6 +652,7 @@ def list_site_roles(site_key: str, db: Session = Depends(get_db)) -> SiteRolesRe
SiteRoleItem(
id=site_role.id,
role_key=role.role_key,
role_code=role.role_code,
role_name=role.name,
system_key=system.system_key,
system_name=system.name,
@@ -972,6 +988,7 @@ def list_member_effective_roles(user_sub: str, db: Session = Depends(get_db)) ->
system_key=system.system_key,
system_name=system.name,
role_key=role.role_key,
role_code=role.role_code,
role_name=role.name,
)
for site, company, role, system in rows

5
app/api/internal.py
View File

@@ -41,7 +41,7 @@ def upsert_user_by_sub(
)
def _build_user_role_rows(db: Session, user_sub: str) -> list[tuple[str, str, str, str, str, str, str, str]]:
def _build_user_role_rows(db: Session, user_sub: str) -> list[tuple[str, str, str, str, str, str, str, str, str]]:
users_repo = UsersRepository(db)
user_sites_repo = UserSitesRepository(db)
@@ -59,6 +59,7 @@ def _build_user_role_rows(db: Session, user_sub: str) -> list[tuple[str, str, st
system.system_key,
system.name,
role.role_key,
role.role_code,
role.name,
)
for site, company, role, system in rows
@@ -84,6 +85,7 @@ def get_user_roles(user_sub: str, db: Session = Depends(get_db)) -> InternalUser
system_key=system_key,
system_name=system_name,
role_key=role_key,
role_code=role_code,
role_name=role_name,
)
for (
@@ -94,6 +96,7 @@ def get_user_roles(user_sub: str, db: Session = Depends(get_db)) -> InternalUser
system_key,
system_name,
role_key,
role_code,
role_name,
) in rows
],

1
app/api/internal_catalog.py
View File

@@ -68,6 +68,7 @@ def internal_list_roles(
InternalRoleItem(
id=i.id,
role_key=i.role_key,
role_code=i.role_code,
system_key=system_map[i.system_id].system_key,
system_name=system_map[i.system_id].name,
name=i.name,

1
app/api/me.py
View File

@@ -77,6 +77,7 @@ def get_my_permission_snapshot(
system.system_key,
system.name,
role.role_key,
role.role_code,
role.name,
)
for site, company, role, system in rows

6
app/models/role.py
View File

@@ -10,10 +10,14 @@ from app.db.base import Base
class Role(Base):
__tablename__ = "roles"
__table_args__ = (UniqueConstraint("system_id", "name", name="uq_roles_system_name"),)
__table_args__ = (
UniqueConstraint("system_id", "name", name="uq_roles_system_name"),
UniqueConstraint("system_id", "role_code", name="uq_roles_system_role_code"),
)
id: Mapped[str] = mapped_column(UUID(as_uuid=False), primary_key=True, default=lambda: str(uuid4()))
role_key: Mapped[str] = mapped_column(String(128), unique=True, nullable=False, index=True)
role_code: Mapped[str] = mapped_column(String(255), nullable=False, index=True)
system_id: Mapped[str] = mapped_column(UUID(as_uuid=False), ForeignKey("systems.id", ondelete="CASCADE"), nullable=False)
name: Mapped[str] = mapped_column(String(255), nullable=False)
description: Mapped[str | None] = mapped_column(String(1024))

6
app/repositories/roles_repo.py
View File

@@ -29,6 +29,7 @@ class RolesRepository:
pattern = f"%{keyword}%"
cond = or_(
Role.role_key.ilike(pattern),
Role.role_code.ilike(pattern),
Role.name.ilike(pattern),
Role.description.ilike(pattern),
)
@@ -48,6 +49,7 @@ class RolesRepository:
self,
*,
role_key: str,
role_code: str,
system_id: str,
name: str,
description: str | None,
@@ -55,6 +57,7 @@ class RolesRepository:
) -> Role:
item = Role(
role_key=role_key,
role_code=role_code,
system_id=system_id,
name=name,
description=description,
@@ -70,12 +73,15 @@ class RolesRepository:
item: Role,
*,
system_id: str | None = None,
role_code: str | None = None,
name: str | None = None,
description: str | None = None,
status: str | None = None,
) -> Role:
if system_id is not None:
item.system_id = system_id
if role_code is not None:
item.role_code = role_code
if name is not None:
item.name = name
if description is not None:

5
app/schemas/catalog.py
View File

@@ -74,6 +74,7 @@ class SystemItem(BaseModel):
class RoleCreateRequest(BaseModel):
system_key: str
role_code: str | None = None
name: str
description: str | None = None
status: str = "active"
@@ -81,6 +82,7 @@ class RoleCreateRequest(BaseModel):
class RoleUpdateRequest(BaseModel):
system_key: str | None = None
role_code: str | None = None
name: str | None = None
description: str | None = None
status: str | None = None
@@ -89,6 +91,7 @@ class RoleUpdateRequest(BaseModel):
class RoleItem(BaseModel):
id: str
role_key: str
role_code: str
system_key: str
system_name: str
name: str
@@ -138,6 +141,7 @@ class SiteRoleAssignRequest(BaseModel):
class SiteRoleItem(BaseModel):
id: str
role_key: str
role_code: str
role_name: str
system_key: str
system_name: str
@@ -163,6 +167,7 @@ class UserEffectiveRoleItem(BaseModel):
system_key: str
system_name: str
role_key: str
role_code: str
role_name: str

2
app/schemas/internal.py
View File

@@ -18,6 +18,7 @@ class InternalSystemListResponse(BaseModel):
class InternalRoleItem(BaseModel):
id: str
role_key: str
role_code: str
system_key: str
system_name: str
name: str
@@ -99,6 +100,7 @@ class InternalUserRoleItem(BaseModel):
system_key: str
system_name: str
role_key: str
role_code: str
role_name: str

1
app/schemas/permissions.py
View File

@@ -9,6 +9,7 @@ class RoleSnapshotItem(BaseModel):
system_key: str
system_name: str
role_key: str
role_code: str
role_name: str

4
app/services/idp_catalog_sync.py
View File

@@ -250,6 +250,7 @@ def sync_from_provider(db: Session, *, force: bool = False) -> dict[str, int]:
role_key = _generate_unique_key("RL", lambda key: roles_repo.get_by_key(key) is not None)
roles_repo.create(
role_key=role_key,
role_code=role_name,
system_id=system.id,
name=role_name,
description=role_desc,
@@ -259,6 +260,7 @@ def sync_from_provider(db: Session, *, force: bool = False) -> dict[str, int]:
else:
roles_repo.update(
role,
role_code=role.role_code or role_name,
name=role_name,
description=role_desc,
status=role_status,
@@ -373,6 +375,7 @@ def sync_systems_from_provider(db: Session, *, force: bool = False) -> dict[str,
role_key = _generate_unique_key("RL", lambda key: roles_repo.get_by_key(key) is not None)
roles_repo.create(
role_key=role_key,
role_code=role_name,
system_id=system.id,
name=role_name,
description=role_desc,
@@ -382,6 +385,7 @@ def sync_systems_from_provider(db: Session, *, force: bool = False) -> dict[str,
else:
roles_repo.update(
role,
role_code=role.role_code or role_name,
name=role_name,
description=role_desc,
status=role_status,

4
app/services/permission_service.py
View File

@@ -3,7 +3,7 @@ from app.schemas.permissions import RoleSnapshotItem, RoleSnapshotResponse
class PermissionService:
@staticmethod
def build_role_snapshot(user_sub: str, rows: list[tuple[str, str, str, str, str, str, str, str]]) -> RoleSnapshotResponse:
def build_role_snapshot(user_sub: str, rows: list[tuple[str, str, str, str, str, str, str, str, str]]) -> RoleSnapshotResponse:
return RoleSnapshotResponse(
user_sub=user_sub,
roles=[
@@ -15,6 +15,7 @@ class PermissionService:
system_key=system_key,
system_name=system_name,
role_key=role_key,
role_code=role_code,
role_name=role_name,
)
for (
@@ -25,6 +26,7 @@ class PermissionService:
system_key,
system_name,
role_key,
role_code,
role_name,
) in rows
],