2 years ago · 6012a77555
--- a/app/common/security/auth.py
+++ b/app/common/security/auth.py
@@ -28,7 +28,7 @@ async def verify_special(token: str = Depends(reuseable_oauth)) -> schemas.Token
 
				     token_data_str = decode_base64(token)
			
 
				     token_data_dict = json.loads(token_data_str)
			
 
				     token_data = schemas.TokenData(**token_data_dict)
			
 
				-    if not token_data.role_id in [1,3]:
			
 
				+    if not token_data.role_id in [1,2,3]:
			
 
				         raise Exception("暂无权限")
			
 
				     g.user_id = token_data.user_id
			
 
				     g.user_name = token_data.user_name
			
@@ -43,4 +43,15 @@ async def verify_users(token: str = Depends(reuseable_oauth)) -> schemas.TokenDa
 
				     g.user_id = token_data.user_id
			
 
				     g.user_name = token_data.user_name
			
 
				     g.project_id = token_data.project_id
			
 
				+    return token_data
			
 
				+
			
 
				+async def verify_project_admin(token: str = Depends(reuseable_oauth)) -> schemas.TokenData:
			
 
				+    token_data_str = decode_base64(token)
			
 
				+    token_data_dict = json.loads(token_data_str)
			
 
				+    token_data = schemas.TokenData(**token_data_dict)
			
 
				+    if not token_data.role_id in [1,2,4]:
			
 
				+        raise Exception("暂无权限")
			
 
				+    g.user_id = token_data.user_id
			
 
				+    g.user_name = token_data.user_name
			
 
				+    g.project_id = token_data.project_id
			
 
				     return token_data
			
--- a/app/routers/auth.py
+++ b/app/routers/auth.py
@@ -11,6 +11,7 @@ from utils.sx_web import web_try
 
				 from configs.settings import config
			
 
				 
			
 
				 super_admin_role = config.get('PERMISSIONS', 'super_admin_role')
			
 
				+project_admin_role = config.get('PERMISSIONS', 'project_admin_role')
			
 
				 special_project_id = config.get('PERMISSIONS', 'special_project_id')
			
 
				 
			
 
				 router = APIRouter(
			
@@ -25,8 +26,12 @@ def switch_project(switch: schemas.SwitchProject):
 
				     role_id = 0
			
 
				     if switch.project_id == special_project_id and super_admin_role in switch.role_ids:
			
 
				         role_id = 1
			
 
				+    elif switch.project_id == special_project_id and project_admin_role in switch.role_ids:
			
 
				+        role_id = 2
			
 
				     elif switch.project_id == special_project_id:
			
 
				         role_id = 3
			
 
				+    elif project_admin_role in switch.role_ids or super_admin_role in switch.role_ids:
			
 
				+        role_id = 4
			
 
				     else:
			
 
				         role_id = 5
			
 
				     token_data = {"user_id": switch.user_id,"user_name":switch.user_name,"project_id": switch.project_id, "role_id": role_id}
			
--- a/app/routers/programme.py
+++ b/app/routers/programme.py
@@ -1,6 +1,6 @@
 
				 from fastapi import APIRouter, Depends
			
 
				 from sqlalchemy.orm import Session
			
 
				-from app.common.security.auth import verify_users
			
 
				+from app.common.security.auth import verify_project_admin, verify_users
			
 
				 from utils.sx_time import sxtimeit
			
 
				 from utils.sx_web import web_try
			
 
				 import app.crud as crud
			
@@ -23,20 +23,20 @@ def create_programme(item: schemas.ProgrammeCreate, token_data: schemas.TokenDat
 
				 @router.put("/start_jupyter")
			
 
				 @web_try()
			
 
				 @sxtimeit
			
 
				-def start_jupyter(item: schemas.ProgrammeId, token_data: schemas.TokenData = Depends(verify_users), db: Session = Depends(get_db)):
			
 
				+def start_jupyter(item: schemas.ProgrammeId, token_data: schemas.TokenData = Depends(verify_project_admin), db: Session = Depends(get_db)):
			
 
				     return crud.start_jupyter(db, item)
			
 
				 
			
 
				 @router.put("/stop_jupyter")
			
 
				 @web_try()
			
 
				 @sxtimeit
			
 
				-def stop_jupyter(item: schemas.ProgrammeId, token_data: schemas.TokenData = Depends(verify_users), db: Session = Depends(get_db)):
			
 
				+def stop_jupyter(item: schemas.ProgrammeId, token_data: schemas.TokenData = Depends(verify_project_admin), db: Session = Depends(get_db)):
			
 
				     return crud.stop_jupyter(db, item)
			
 
				 
			
 
				 
			
 
				 @router.put("/update_password")
			
 
				 @web_try()
			
 
				 @sxtimeit
			
 
				-def update_jupyter_password(item: schemas.ProgrammeUpdate, token_data: schemas.TokenData = Depends(verify_users), db: Session = Depends(get_db)):
			
 
				+def update_jupyter_password(item: schemas.ProgrammeUpdate, token_data: schemas.TokenData = Depends(verify_project_admin), db: Session = Depends(get_db)):
			
 
				     return crud.update_jupyter_password(db, item)
			
 
				 
			
 
				 @router.get("")
			
--- a/txprod.ini
+++ b/txprod.ini
@@ -87,10 +87,18 @@ kerberos_config = {
 
				                     "kerberosPrincipal": "ylaiuser@EMR-56L6ZNTS"
			
 
				                   }
			
 
				 
			
 
				+
			
 
				 [HOST_ALIAS]
			
 
				 enable = false
			
 
				 host_alias = {}
			
 
				 
			
 
				+[PERMISSIONS]
			
 
				+; 超级管理员
			
 
				+super_admin_role = TENANT_ADMIN
			
 
				+; 项目管理员
			
 
				+project_admin_role = PROJECT_ADMIN
			
 
				+; 算法组项目id
			
 
				+special_project_id = sfz
			
 
				 
			
 
				 [PROGRAMME]
			
 
				 url = aihub-dag-helmbe:8080
			
--- a/txtest.ini
+++ b/txtest.ini
@@ -95,8 +95,10 @@ host_alias = {}
 
				 [PERMISSIONS]
			
 
				 ; 超级管理员
			
 
				 super_admin_role = TENANT_ADMIN
			
 
				+; 项目管理员
			
 
				+project_admin_role = PROJECT_ADMIN
			
 
				 ; 算法组项目id
			
 
				-special_project_id = bbcs0929
			
 
				+special_project_id = sfz
			
 
				 
			
 
				 [PROGRAMME]
			
 
				 url = aihub-dag-helmbe:8080