refactor: rebuild backend around role-site authorization model

2026-04-02 23:58:13 +08:00
parent e2dd3ce106
commit 1e1d913103
46 changed files with 1645 additions and 2289 deletions
--- a/backend/app/repositories/roles_repo.py
+++ b/backend/app/repositories/roles_repo.py
@@ -0,0 +1,97 @@
+from sqlalchemy import func, or_, select
+from sqlalchemy.orm import Session
+
+from app.models.role import Role
+
+
+class RolesRepository:
+    def __init__(self, db: Session) -> None:
+        self.db = db
+
+    def get_by_key(self, role_key: str) -> Role | None:
+        return self.db.scalar(select(Role).where(Role.role_key == role_key))
+
+    def get_by_id(self, role_id: str) -> Role | None:
+        return self.db.scalar(select(Role).where(Role.id == role_id))
+
+    def list(
+        self,
+        *,
+        keyword: str | None = None,
+        system_id: str | None = None,
+        status: str | None = None,
+        limit: int = 100,
+        offset: int = 0,
+    ) -> tuple[list[Role], int]:
+        stmt = select(Role)
+        count_stmt = select(func.count()).select_from(Role)
+        if keyword:
+            pattern = f"%{keyword}%"
+            cond = or_(
+                Role.role_key.ilike(pattern),
+                Role.name.ilike(pattern),
+                Role.idp_role_name.ilike(pattern),
+                Role.description.ilike(pattern),
+            )
+            stmt = stmt.where(cond)
+            count_stmt = count_stmt.where(cond)
+        if system_id:
+            stmt = stmt.where(Role.system_id == system_id)
+            count_stmt = count_stmt.where(Role.system_id == system_id)
+        if status:
+            stmt = stmt.where(Role.status == status)
+            count_stmt = count_stmt.where(Role.status == status)
+
+        stmt = stmt.order_by(Role.created_at.desc()).limit(limit).offset(offset)
+        return list(self.db.scalars(stmt).all()), int(self.db.scalar(count_stmt) or 0)
+
+    def create(
+        self,
+        *,
+        role_key: str,
+        system_id: str,
+        name: str,
+        description: str | None,
+        idp_role_name: str,
+        status: str = "active",
+    ) -> Role:
+        item = Role(
+            role_key=role_key,
+            system_id=system_id,
+            name=name,
+            description=description,
+            idp_role_name=idp_role_name,
+            status=status,
+        )
+        self.db.add(item)
+        self.db.commit()
+        self.db.refresh(item)
+        return item
+
+    def update(
+        self,
+        item: Role,
+        *,
+        system_id: str | None = None,
+        name: str | None = None,
+        description: str | None = None,
+        idp_role_name: str | None = None,
+        status: str | None = None,
+    ) -> Role:
+        if system_id is not None:
+            item.system_id = system_id
+        if name is not None:
+            item.name = name
+        if description is not None:
+            item.description = description
+        if idp_role_name is not None:
+            item.idp_role_name = idp_role_name
+        if status is not None:
+            item.status = status
+        self.db.commit()
+        self.db.refresh(item)
+        return item
+
+    def delete(self, item: Role) -> None:
+        self.db.delete(item)
+        self.db.commit()