初步实现数据加密、权限管理、日志审计等功能

2026-02-02 10:09:28 +08:00
parent b6b37a453b
commit 807e634318
27 changed files with 3787 additions and 59 deletions
--- a/app/domain/models/role.py
+++ b/app/domain/models/role.py
@@ -0,0 +1,36 @@
+from enum import Enum
+
+class UserRole(str, Enum):
+    """用户角色枚举"""
+    ADMIN = "ADMIN"        # 管理员 - 完全权限
+    OPERATOR = "OPERATOR"  # 操作员 - 可修改数据
+    USER = "USER"          # 普通用户 - 读写权限
+    VIEWER = "VIEWER"      # 观察者 - 仅查询权限
+    
+    def __str__(self):
+        return self.value
+    
+    @classmethod
+    def get_hierarchy(cls) -> dict:
+        """
+        获取角色层级（数字越大权限越高）
+        """
+        return {
+            cls.VIEWER: 1,
+            cls.USER: 2,
+            cls.OPERATOR: 3,
+            cls.ADMIN: 4,
+        }
+    
+    def has_permission(self, required_role: 'UserRole') -> bool:
+        """
+        检查当前角色是否有足够权限
+        
+        Args:
+            required_role: 需要的最低角色
+            
+        Returns:
+            True if has permission
+        """
+        hierarchy = self.get_hierarchy()
+        return hierarchy[self] >= hierarchy[required_role]