项目管理权限验证完成，添加了登录的普通用户可以查看所属项目的项目信息

2024-11-20 21:02:44 +08:00 · 2024-11-20 21:02:44 +08:00 · ee96d2b22e
commit ee96d2b22e
parent e86d299dc1
1 changed files with 32 additions and 5 deletions
--- a/api/manage_project.py
+++ b/api/manage_project.py
@ -22,10 +22,29 @@ TenantRole = 1

 # 列举所有项目
@router.get("/api/s1/project")
-async def get_project(response: Response, session: SessionDep):
-    projects = session.query(Project).filter().all()
+async def get_project(response: Response, session: SessionDep, current_user: User = Depends(get_current_user)):
+    # 只有角色为 0、1、2 或 3 的用户才可以访问
+    if current_user.role == 0:
+        # 角色为0，显示所有项目
+        projects = session.query(Project).all()
+    elif current_user.role == 1:
+        # 角色为1，显示tenant_id匹配的项目（即属于当前租户的项目）
+        projects = session.query(Project).filter(Project.owner_id == current_user.tenant_id).all()
+    elif current_user.role in [2, 3]:
+        # 角色为2或3，显示与当前用户相关联的项目
+        projects = (
+            session.query(Project)
+            .join(ProjectUserLink)
+            .filter(ProjectUserLink.user_id == current_user.id)
+            .all()
+        )
+    else:
+        raise HTTPException(status_code=403, detail="You do not have permission to view projects.")
+
    if not projects:
-        raise HTTPException(status_code=404, detail="Project not found")
+        raise HTTPException(status_code=404, detail="Project not found or you have no projects.")
+
+    # 返回项目的基本信息
    return {
        "projects": [
            {
@ -40,7 +59,11 @@ async def get_project(response: Response, session: SessionDep):

 #新增与修改项目
@router.post("/api/s1/project")
-async def create_project(data: dict, session: SessionDep):
+async def create_project(data: dict, session: SessionDep, current_user: User = Depends(get_current_user)):
+
+    if current_user.role != 1:
+        raise HTTPException(status_code=403, detail="Only Tenant admin users can add or update projects.")
+
    project_id = data.get("project_id")
    name = data["name"]
    requirement = data["requirement"]
@ -133,7 +156,11 @@ async def create_project(data: dict, session: SessionDep):

 #删除项目
@router.delete("/api/s1/project")
-async def delete_project(data: dict, session: SessionDep):
+async def delete_project(data: dict, session: SessionDep,current_user: User = Depends(get_current_user)):
+
+    if current_user.role != 1:
+        raise HTTPException(status_code=403, detail="Only Tenant admin users can delete projects.")
+
    project_name = data.get("name")

    # 权限检查：只有管理员才可以删除项目