fix: finalize unified schema and correct permission snapshot mapping

2026-03-30 02:22:27 +08:00
parent 4ea80fa748
commit 5cc322f783
3 changed files with 43 additions and 30 deletions
--- a/app/repositories/permissions_repo.py
+++ b/app/repositories/permissions_repo.py
@@ -1,4 +1,4 @@
-from sqlalchemy import and_, delete, or_, select
+from sqlalchemy import and_, delete, literal, or_, select
 from sqlalchemy.orm import Session

 from app.models.company import Company
@@ -16,6 +16,7 @@ class PermissionsRepository:
    def list_by_user(self, user_id: str, authentik_sub: str) -> list[tuple[str, str, str | None, str, str]]:
        direct_stmt = (
            select(
+                literal("direct"),
                UserScopePermission.scope_type,
                Company.company_key,
                Site.site_key,
@@ -30,6 +31,7 @@ class PermissionsRepository:
        )
        group_stmt = (
            select(
+                literal("group"),
                PermissionGroupPermission.scope_type,
                PermissionGroupPermission.scope_id,
                PermissionGroupPermission.system,
@@ -44,10 +46,11 @@ class PermissionsRepository:
        result: list[tuple[str, str, str | None, str, str]] = []
        dedup = set()
        for row in rows:
-            if len(row) == 5:
-                scope_type, scope_id, system_key, module_key, action = row
+            source = row[0]
+            if source == "group":
+                _, scope_type, scope_id, system_key, module_key, action = row
            else:
-                scope_type, company_key, site_key, module_key, action = row
+                _, scope_type, company_key, site_key, module_key, action = row
                scope_id = company_key if scope_type == "company" else site_key
                system_key = module_key.split(".", 1)[0] if isinstance(module_key, str) and "." in module_key else None
            key = (scope_type, scope_id or "", system_key, module_key, action)