finai/backend/app/services/user_service.py

98 lines
3.2 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

from datetime import datetime
from sqlalchemy import select
from sqlalchemy.orm import Session
from app.models import Permission, Role, User
DEFAULT_ROLES = {
"employee": "普通员工",
"admin": "业务管理员",
"system_admin": "系统管理员",
}
# 页面级权限code -> (显示名, 模块)
DEFAULT_PAGE_PERMISSIONS: dict[str, tuple[str, str]] = {
"page.chat": ("智能问答", "page"),
"page.documents": ("知识文档", "page"),
"page.audit": ("问答审计", "page"),
"page.analytics": ("数据分析", "page"),
"page.settings": ("系统设置", "page"),
}
# 角色 -> 页面权限 code 列表
DEFAULT_ROLE_PAGE_PERMISSIONS: dict[str, list[str]] = {
"employee": ["page.chat"],
"admin": ["page.chat", "page.documents", "page.audit", "page.analytics"],
"system_admin": list(DEFAULT_PAGE_PERMISSIONS.keys()),
}
def _ensure_page_permissions(db: Session) -> dict[str, Permission]:
existing = {p.code: p for p in db.scalars(select(Permission)).all()}
for code, (name, module) in DEFAULT_PAGE_PERMISSIONS.items():
if code not in existing:
p = Permission(code=code, name=name, module=module)
db.add(p)
existing[code] = p
db.flush()
return existing
def ensure_roles(db: Session) -> None:
perms = _ensure_page_permissions(db)
existing_roles = {role.code: role for role in db.scalars(select(Role)).all()}
for code, name in DEFAULT_ROLES.items():
role = existing_roles.get(code)
if role is None:
role = Role(code=code, name=name)
db.add(role)
existing_roles[code] = role
db.flush()
# 只补齐默认页面权限,不覆盖管理员后续在后台自定义的权限
for code, page_codes in DEFAULT_ROLE_PAGE_PERMISSIONS.items():
role = existing_roles.get(code)
if role is None:
continue
current = {p.code for p in role.permissions}
for page_code in page_codes:
if page_code not in current and page_code in perms:
role.permissions.append(perms[page_code])
db.flush()
def ensure_default_admin(db: Session) -> User:
ensure_roles(db)
user = db.scalar(select(User).where(User.phone == "13800000000"))
if user:
return user
role = db.scalar(select(Role).where(Role.code == "system_admin"))
user = User(phone="13800000000", name="系统管理员", department="财务部", is_superuser=True)
if role:
user.roles.append(role)
db.add(user)
db.flush()
return user
def get_or_create_login_user(db: Session, phone: str) -> User:
ensure_roles(db)
user = db.scalar(select(User).where(User.phone == phone))
if user:
user.last_login_at = datetime.utcnow()
return user
role = db.scalar(select(Role).where(Role.code == "employee"))
user = User(phone=phone, name=f"用户{phone[-4:]}", status="active", last_login_at=datetime.utcnow())
if role:
user.roles.append(role)
db.add(user)
db.flush()
return user
def apply_roles(db: Session, user: User, role_codes: list[str]) -> None:
ensure_roles(db)
roles = db.scalars(select(Role).where(Role.code.in_(role_codes))).all() if role_codes else []
user.roles = list(roles)