更新 APP/authorization.py

2024-10-14 15:38:41 +08:00 · 2024-10-14 15:38:41 +08:00 · e97b456c4d
commit e97b456c4d
parent 342a6c4f99
1 changed files with 148 additions and 95 deletions
--- a/APP/authorization.py
+++ b/APP/authorization.py
@ -1,16 +1,33 @@
 from functools import wraps
 from flask import jsonify, request, current_app
 from flask_jwt_extended import get_jwt_identity, verify_jwt_in_request
-from app.models import User, Permission
+from app.models import User, Permission, Department, Role
 from .extensions import db

+def department_and_role_required(department_name, role_names):
+    def decorator(f):
+        @wraps(f)
+        def decorated_function(*args, **kwargs):
+            verify_jwt_in_request()
+            current_user_id = get_jwt_identity()
+            user = User.query.get(current_user_id)
+            if not user:
+                return jsonify({"message": "User not found"}), 404
+            
+            if user.primary_department and user.primary_department.name == department_name:
+                user_roles = [role.name for role in user.roles]
+                if any(role in user_roles for role in role_names):
+                    return f(*args, **kwargs)
+            return jsonify({"message": "Permission denied"}), 403
+        return decorated_function
+    return decorator
+
 class Authorization:
    @staticmethod
    def check_permission(required_permission):
        def decorator(f):
            @wraps(f)
            def decorated_function(*args, **kwargs):
-                from .models import User  # 在函数内部导入以避免循环导入
                current_user_id = get_jwt_identity()
                user = User.query.get(current_user_id)
                if not user:
@ -75,6 +92,42 @@ class Authorization:
            return decorated_function
        return decorator

+    @staticmethod
+    def department_required(department_name):
+        def decorator(f):
+            @wraps(f)
+            def decorated_function(*args, **kwargs):
+                verify_jwt_in_request()
+                current_user_id = get_jwt_identity()
+                user = User.query.get(current_user_id)
+                if not user:
+                    return jsonify({"message": "User not found"}), 404
+                
+                if user.primary_department and user.primary_department.name == department_name:
+                    return f(*args, **kwargs)
+                return jsonify({"message": "Permission denied"}), 403
+            return decorated_function
+        return decorator
+
+    @staticmethod
+    def role_required(role_names):
+        def decorator(f):
+            @wraps(f)
+            def decorated_function(*args, **kwargs):
+                verify_jwt_in_request()
+                current_user_id = get_jwt_identity()
+                user = User.query.get(current_user_id)
+                if not user:
+                    return jsonify({"message": "User not found"}), 404
+                
+                user_roles = [role.name for role in user.roles]
+                if any(role in user_roles for role in role_names):
+                    return f(*args, **kwargs)
+                return jsonify({"message": "Permission denied"}), 403
+            return decorated_function
+        return decorator
+
+
 def init_permissions():
    from .models import Permission  # 在函数内部导入以避免循环导入
    # 这个函数可以在应用启动时调用，用于初始化或更新权限