feat(admin): implement group-centric relations and system/module/company linkage views

2026-03-30 19:38:49 +08:00
parent 35ffff1d19
commit 61cab48fca
5 changed files with 378 additions and 16 deletions
--- a/app/repositories/permissions_repo.py
+++ b/app/repositories/permissions_repo.py
@@ -29,6 +29,8 @@ class PermissionsRepository:
            .join(Company, Company.id == UserScopePermission.company_id, isouter=True)
            .join(Site, Site.id == UserScopePermission.site_id, isouter=True)
            .where(UserScopePermission.user_id == user_id)
+            .where(UserScopePermission.action.in_(["view", "edit"]))
+            .where(UserScopePermission.scope_type == "site")
        )
        group_stmt = (
            select(
@@ -42,6 +44,8 @@ class PermissionsRepository:
            .select_from(PermissionGroupPermission)
            .join(PermissionGroupMember, PermissionGroupMember.group_id == PermissionGroupPermission.group_id)
            .where(PermissionGroupMember.authentik_sub == authentik_sub)
+            .where(PermissionGroupPermission.action.in_(["view", "edit"]))
+            .where(PermissionGroupPermission.scope_type == "site")
        )
        rows = self.db.execute(direct_stmt).all() + self.db.execute(group_stmt).all()
        result: list[tuple[str, str, str | None, str, str]] = []
@@ -50,6 +54,10 @@ class PermissionsRepository:
            source = row[0]
            if source == "group":
                _, scope_type, scope_id, system_key, module_key, action = row
+                if module_key == "__system__":
+                    module_key = f"{system_key}.__system__"
+                elif module_key and "." not in module_key:
+                    module_key = f"{system_key}.{module_key}"
            else:
                _, scope_type, company_key, site_key, module_key, action = row
                scope_id = company_key if scope_type == "company" else site_key
@@ -147,6 +155,8 @@ class PermissionsRepository:
            .join(Module, Module.id == UserScopePermission.module_id)
            .join(Company, Company.id == UserScopePermission.company_id, isouter=True)
            .join(Site, Site.id == UserScopePermission.site_id, isouter=True)
+            .where(UserScopePermission.action.in_(["view", "edit"]))
+            .where(UserScopePermission.scope_type == "site")
        )
        count_stmt = (
            select(func.count())
@@ -155,9 +165,11 @@ class PermissionsRepository:
            .join(Module, Module.id == UserScopePermission.module_id)
            .join(Company, Company.id == UserScopePermission.company_id, isouter=True)
            .join(Site, Site.id == UserScopePermission.site_id, isouter=True)
+            .where(UserScopePermission.action.in_(["view", "edit"]))
+            .where(UserScopePermission.scope_type == "site")
        )

-        if scope_type in {"company", "site"}:
+        if scope_type == "site":
            stmt = stmt.where(UserScopePermission.scope_type == scope_type)
            count_stmt = count_stmt.where(UserScopePermission.scope_type == scope_type)