from fastapi import APIRouter, Depends from app.core.auth import get_current_admin_user, get_current_user from app.core.response import create_api_response from app.core.database import get_db_connection from app.models.models import MenuInfo, MenuListResponse, RolePermissionInfo, UpdateRolePermissionsRequest, RoleInfo from typing import List router = APIRouter() # ========== 菜单权限管理接口 ========== @router.get("/admin/menus") async def get_all_menus(current_user=Depends(get_current_admin_user)): """ 获取所有菜单列表 只有管理员才能访问 """ try: with get_db_connection() as connection: cursor = connection.cursor(dictionary=True) query = """ SELECT menu_id, menu_code, menu_name, menu_icon, menu_url, menu_type, parent_id, sort_order, is_active, description, created_at, updated_at FROM menus ORDER BY sort_order ASC, menu_id ASC """ cursor.execute(query) menus = cursor.fetchall() menu_list = [MenuInfo(**menu) for menu in menus] return create_api_response( code="200", message="获取菜单列表成功", data=MenuListResponse(menus=menu_list, total=len(menu_list)) ) except Exception as e: return create_api_response(code="500", message=f"获取菜单列表失败: {str(e)}") @router.get("/admin/roles") async def get_all_roles(current_user=Depends(get_current_admin_user)): """ 获取所有角色列表及其权限统计 只有管理员才能访问 """ try: with get_db_connection() as connection: cursor = connection.cursor(dictionary=True) # 查询所有角色及其权限数量 query = """ SELECT r.role_id, r.role_name, r.created_at, COUNT(rmp.menu_id) as menu_count FROM roles r LEFT JOIN role_menu_permissions rmp ON r.role_id = rmp.role_id GROUP BY r.role_id ORDER BY r.role_id ASC """ cursor.execute(query) roles = cursor.fetchall() return create_api_response( code="200", message="获取角色列表成功", data={"roles": roles, "total": len(roles)} ) except Exception as e: return create_api_response(code="500", message=f"获取角色列表失败: {str(e)}") @router.get("/admin/roles/{role_id}/permissions") async def get_role_permissions(role_id: int, current_user=Depends(get_current_admin_user)): """ 获取指定角色的菜单权限 只有管理员才能访问 """ try: with get_db_connection() as connection: cursor = connection.cursor(dictionary=True) # 检查角色是否存在 cursor.execute("SELECT role_id, role_name FROM roles WHERE role_id = %s", (role_id,)) role = cursor.fetchone() if not role: return create_api_response(code="404", message="角色不存在") # 查询该角色的所有菜单权限 query = """ SELECT menu_id FROM role_menu_permissions WHERE role_id = %s """ cursor.execute(query, (role_id,)) permissions = cursor.fetchall() menu_ids = [p['menu_id'] for p in permissions] return create_api_response( code="200", message="获取角色权限成功", data=RolePermissionInfo( role_id=role['role_id'], role_name=role['role_name'], menu_ids=menu_ids ) ) except Exception as e: return create_api_response(code="500", message=f"获取角色权限失败: {str(e)}") @router.put("/admin/roles/{role_id}/permissions") async def update_role_permissions( role_id: int, request: UpdateRolePermissionsRequest, current_user=Depends(get_current_admin_user) ): """ 更新指定角色的菜单权限 只有管理员才能访问 """ try: with get_db_connection() as connection: cursor = connection.cursor(dictionary=True) # 检查角色是否存在 cursor.execute("SELECT role_id FROM roles WHERE role_id = %s", (role_id,)) if not cursor.fetchone(): return create_api_response(code="404", message="角色不存在") # 验证所有menu_id是否有效 if request.menu_ids: format_strings = ','.join(['%s'] * len(request.menu_ids)) cursor.execute( f"SELECT COUNT(*) as count FROM menus WHERE menu_id IN ({format_strings})", tuple(request.menu_ids) ) valid_count = cursor.fetchone()['count'] if valid_count != len(request.menu_ids): return create_api_response(code="400", message="包含无效的菜单ID") # 删除该角色的所有现有权限 cursor.execute("DELETE FROM role_menu_permissions WHERE role_id = %s", (role_id,)) # 插入新的权限 if request.menu_ids: insert_values = [(role_id, menu_id) for menu_id in request.menu_ids] cursor.executemany( "INSERT INTO role_menu_permissions (role_id, menu_id) VALUES (%s, %s)", insert_values ) connection.commit() return create_api_response( code="200", message="更新角色权限成功", data={"role_id": role_id, "menu_count": len(request.menu_ids)} ) except Exception as e: return create_api_response(code="500", message=f"更新角色权限失败: {str(e)}") @router.get("/menus/user") async def get_user_menus(current_user=Depends(get_current_user)): """ 获取当前用户可访问的菜单列表(用于渲染下拉菜单) 所有登录用户都可以访问 """ try: with get_db_connection() as connection: cursor = connection.cursor(dictionary=True) # 根据用户的role_id查询可访问的菜单 query = """ SELECT DISTINCT m.menu_id, m.menu_code, m.menu_name, m.menu_icon, m.menu_url, m.menu_type, m.sort_order FROM menus m JOIN role_menu_permissions rmp ON m.menu_id = rmp.menu_id WHERE rmp.role_id = %s AND m.is_active = 1 ORDER BY m.sort_order ASC """ cursor.execute(query, (current_user['role_id'],)) menus = cursor.fetchall() return create_api_response( code="200", message="获取用户菜单成功", data={"menus": menus} ) except Exception as e: return create_api_response(code="500", message=f"获取用户菜单失败: {str(e)}")