Skip to content

S
smart-recruitment
Commit 21eca8c8 authored by 375242562@qq.com's avatar 375242562@qq.com
Browse files
Options

feat: 实现 RBAC 登录权限系统 

后端:
- 新增用户、科室、角色、权限数据模型(SQLAlchemy)
- 实现 JWT 认证(PBKDF2-SHA256 密码加密)
- 新增 auth/users/roles/permissions/departments REST API
- 用户-角色、角色-权限通过关联表直接操作(避免异步懒加载问题)
- 新增 init_auth_data 初始化脚本(默认科室/角色/权限/管理员)

前端:
- 新增登录页(LoginPage)与 AuthContext 认证上下文
- 新增 PrivateRoute 路由守卫、PermissionButton/PermissionGuard 权限组件
- Sidebar 根据用户菜单权限动态过滤,TopBar 展示用户信息与退出登录
- 新增系统管理页(用户管理、角色管理含权限树、科室管理)
- 所有业务页面的新增/编辑/删除按钮接入权限控制,无权限时自动隐藏
Co-Authored-By: default avatarClaude Sonnet 4.6 <noreply@anthropic.com>
parent 8897bbc8
Expand all Show whitespace changes
Inline Side-by-side
Showing with 4245 additions and 76 deletions
AUTH_SYSTEM_GUIDE.md 0 → 100644
View file @ 21eca8c8
# 权限系统使用指南
## 系统概述
智能患者招募系统现已集成完整的 RBAC(基于角色的访问控制)权限系统,支持:
- ✅ 用户登录认证(JWT Token)
- ✅ 科室管理
- ✅ 角色管理
- ✅ 权限管理(菜单权限 + 按钮权限)
- ✅ 用户-角色-权限三级关联
- ✅ 前端路由守卫和按钮权限控制
## 快速开始
### 1. 安装后端依赖
```bash
cd backend
uv pip install python-jose[cryptography] passlib[bcrypt] python-multipart
```
### 2. 初始化数据库和基础数据
```bash
# 运行初始化脚本创建默认数据
cd backend
python -m app.scripts.init_auth_data
```
这将创建:
- 4 个默认科室(肿瘤科、心血管科、内分泌科、神经内科)
- 默认菜单权限(患者管理、试验管理、诊断管理、匹配管理、医生工作站、系统管理)
- 默认按钮权限(添加、编辑、删除、查看等)
- 3 个默认角色(超级管理员、主任医师、住院医师)
- 1 个超级管理员账号
**默认超级管理员账号:**
- 用户名: `admin`
- 密码: `admin123`
- ⚠️ 生产环境请立即修改密码!
### 3. 启动后端服务
```bash
cd backend
uvicorn app.main:app --reload
```
后端 API 文档: http://localhost:8000/docs
### 4. 启动前端服务
```bash
cd frontend
npm run dev
```
前端地址: http://localhost:5173
## 系统功能
### 登录页面
- 地址: `/login`
- 输入用户名和密码登录
- 登录成功后自动跳转到首页
### 权限控制
#### 菜单权限
- 用户只能看到其角色拥有权限的菜单项
- 侧边栏会根据用户权限动态过滤
#### 按钮权限
使用 `PermissionButton` 组件:
```tsx
import { PermissionButton } from '@/components/auth/PermissionButton'
<PermissionButton
permissionCode="btn:patient:add"
variant="contained"
onClick={handleAdd}
>
添加患者
</PermissionButton>
```
#### 路由权限
`App.tsx` 中使用 `PrivateRoute` 组件:
```tsx
<Route
path="patients"
element={
<PrivateRoute requiredPermission="menu:patients">
<PatientsPage />
</PrivateRoute>
}
/>
```
#### 组件级权限控制
使用 `PermissionGuard` 组件:
```tsx
import { PermissionGuard } from '@/components/auth/PermissionGuard'
<PermissionGuard permissionCode="btn:patient:delete">
<Button color="error">删除</Button>
</PermissionGuard>
```
### 系统管理
超级管理员可以访问 `/system` 页面进行系统管理:
#### 用户管理
- 创建、编辑、删除用户
- 分配角色
- 重置密码
- 启用/禁用账号
#### 角色管理
- 创建、编辑、删除角色
- 为角色分配权限
- 启用/禁用角色
#### 科室管理
- 创建、编辑、删除科室
- 管理科室信息
## 默认角色权限说明
### 超级管理员 (SUPER_ADMIN)
- 拥有所有权限(代码层面无需分配具体权限)
- 可以访问系统管理页面
- 可以管理用户、角色、权限、科室
### 主任医师 (CHIEF_PHYSICIAN)
- 可访问:患者管理、试验管理、诊断管理、匹配管理、医生工作站
- 可操作:添加、编辑、删除患者/试验/诊断,执行匹配
### 住院医师 (RESIDENT_PHYSICIAN)
- 可访问:患者管理、试验管理、医生工作站
- 可操作:仅查看患者和试验信息(无编辑删除权限)
## 权限编码规范
### 菜单权限
格式: `menu:{模块名}`
示例:
- `menu:patients` - 患者管理菜单
- `menu:trials` - 试验管理菜单
- `menu:system` - 系统管理菜单
### 按钮权限
格式: `btn:{模块名}:{操作}`
示例:
- `btn:patient:add` - 添加患者
- `btn:patient:edit` - 编辑患者
- `btn:patient:delete` - 删除患者
- `btn:patient:view` - 查看患者详情
## API 接口
### 认证接口
#### 登录
```http
POST /api/v1/auth/login
Content-Type: application/json
{
"username": "admin",
"password": "admin123"
}
```
响应:
```json
{
"access_token": "eyJ...",
"token_type": "bearer",
"user": {
"id": "...",
"username": "admin",
"full_name": "系统管理员",
"permissions": [...],
"roles": [...]
}
}
```
#### 其他接口
所有其他接口需要在请求头中携带 token:
```http
Authorization: Bearer {access_token}
```
### 管理接口
- `GET /api/v1/users` - 获取用户列表
- `POST /api/v1/users` - 创建用户
- `PUT /api/v1/users/{id}` - 更新用户
- `DELETE /api/v1/users/{id}` - 删除用户
- `GET /api/v1/roles` - 获取角色列表
- `POST /api/v1/roles` - 创建角色
- `GET /api/v1/permissions` - 获取权限列表
- `GET /api/v1/departments` - 获取科室列表
## 前端核心文件
### 认证相关
- `src/contexts/AuthContext.tsx` - 认证上下文
- `src/services/authService.ts` - 认证服务
- `src/pages/LoginPage.tsx` - 登录页面
### 权限组件
- `src/components/auth/PrivateRoute.tsx` - 路由守卫
- `src/components/auth/PermissionButton.tsx` - 权限按钮
- `src/components/auth/PermissionGuard.tsx` - 权限守卫
### 系统管理
- `src/pages/SystemPage.tsx` - 系统管理主页面
- `src/components/system/UserManagement.tsx` - 用户管理
- `src/components/system/RoleManagement.tsx` - 角色管理
- `src/components/system/DepartmentManagement.tsx` - 科室管理
## 后端核心文件
### 数据模型
- `backend/app/models/user.py` - 用户模型
- `backend/app/models/department.py` - 科室模型
- `backend/app/models/role.py` - 角色模型
- `backend/app/models/permission.py` - 权限模型
- `backend/app/models/user_role.py` - 关联表
### 认证核心
- `backend/app/core/security.py` - JWT 和密码加密
- `backend/app/core/deps.py` - 认证依赖注入
### API 路由
- `backend/app/api/routes/auth.py` - 登录接口
- `backend/app/api/routes/users.py` - 用户管理
- `backend/app/api/routes/roles.py` - 角色管理
- `backend/app/api/routes/permissions.py` - 权限管理
- `backend/app/api/routes/departments.py` - 科室管理
## 数据库表结构
### users (用户表)
- id, username, password_hash, full_name
- email, phone, title, department_id
- is_active, is_superuser, last_login
### departments (科室表)
- id, name, code, description, is_active
### roles (角色表)
- id, name, code, description, is_active
### permissions (权限表)
- id, name, code, type (menu/button)
- path, icon, parent_id, menu_id
- sort_order, description, is_active
### user_roles (用户-角色关联表)
- user_id, role_id
### role_permissions (角色-权限关联表)
- role_id, permission_id
## 安全注意事项
1. **生产环境配置**
- 修改 `.env` 文件中的 `JWT_SECRET_KEY`
- 修改默认管理员密码
- 启用 HTTPS
2. **密码策略**
- 最小长度: 6 位(建议在生产环境提高到 8-12 位)
- 使用 bcrypt 加密存储
3. **Token 管理**
- Token 有效期: 24 小时(可在 `config.py` 中调整)
- Token 存储在 localStorage(前端)
- 401 错误自动跳转登录页
4. **权限验证**
- 前端验证(UX 优化)
- 后端验证(安全保障)
- 所有管理接口都需要超级管理员权限
## 常见问题
### Q: 如何添加新的权限?
A: 在系统管理 -> 权限管理中添加,或直接修改 `init_auth_data.py` 脚本重新初始化。
### Q: 如何为现有路由添加权限控制?
A: 使用 `PrivateRoute` 组件包裹路由,传入 `requiredPermission` 参数。
### Q: 忘记管理员密码怎么办?
A: 重新运行初始化脚本,或直接在数据库中更新密码哈希。
### Q: 如何实现更细粒度的权限控制?
A: 使用 `PermissionGuard` 组件包裹需要控制的 UI 元素,或在后端使用 `check_permission` 依赖。
## 下一步建议
1. ✅ 完善用户管理功能(批量导入、导出)
2. ✅ 添加操作日志记录
3. ✅ 实现权限缓存机制
4. ✅ 添加密码强度验证
5. ✅ 实现 2FA 双因素认证
6. ✅ 完善审计日志
---
**文档版本**: v1.0
**最后更新**: 2026-03-02
backend/app/api/routes/auth.py 0 → 100644
View file @ 21eca8c8
from fastapi import APIRouter, Depends, HTTPException, status
from sqlalchemy.ext.asyncio import AsyncSession
from sqlalchemy import select, update
from sqlalchemy.orm import selectinload
from datetime import datetime
from app.database import get_db
from app.core.security import verify_password, create_access_token
from app.models.user import User
from app.models.role import Role
from app.schemas.auth import LoginRequest, LoginResponse, UserInfo, RoleInfo, PermissionInfo, DepartmentInfo
router = APIRouter(prefix="/auth", tags=["认证"])
@router.post("/login", response_model=LoginResponse, summary="用户登录")
async def login(
login_data: LoginRequest,
db: AsyncSession = Depends(get_db)
):
"""
用户登录接口
- 验证用户名和密码
- 返回 JWT 令牌和用户信息(包含权限列表)
"""
# 查询用户并加载关联数据
result = await db.execute(
select(User)
.options(
selectinload(User.department),
selectinload(User.roles).selectinload(Role.permissions)
)
.where(User.username == login_data.username)
)
user = result.scalar_one_or_none()
# 验证用户存在性和密码
if not user or not verify_password(login_data.password, user.password_hash):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="用户名或密码错误",
)
# 检查用户是否被禁用
if not user.is_active:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="用户账号已被禁用",
)
# 更新最后登录时间
await db.execute(
update(User)
.where(User.id == user.id)
.values(last_login=datetime.utcnow())
)
await db.commit()
# 创建访问令牌
access_token = create_access_token(data={"sub": user.id})
# 收集用户的所有权限
all_permissions = {}
roles_info = []
for role in user.roles:
if role.is_active:
roles_info.append(RoleInfo(
id=role.id,
name=role.name,
code=role.code,
description=role.description
))
for permission in role.permissions:
if permission.is_active:
all_permissions[permission.id] = PermissionInfo(
id=permission.id,
code=permission.code,
name=permission.name,
type=permission.type.value,
path=permission.path,
icon=permission.icon,
parent_id=permission.parent_id,
menu_id=permission.menu_id
)
# 构建用户信息
user_info = UserInfo(
id=user.id,
username=user.username,
full_name=user.full_name,
email=user.email,
phone=user.phone,
title=user.title,
is_active=user.is_active,
is_superuser=user.is_superuser,
department=DepartmentInfo(
id=user.department.id,
name=user.department.name,
code=user.department.code
) if user.department else None,
roles=roles_info,
permissions=list(all_permissions.values()),
last_login=user.last_login,
created_at=user.created_at
)
return LoginResponse(
access_token=access_token,
token_type="bearer",
user=user_info
)
backend/app/api/routes/departments.py 0 → 100644
View file @ 21eca8c8
from fastapi import APIRouter, Depends, HTTPException
from sqlalchemy.ext.asyncio import AsyncSession
from sqlalchemy import select
from typing import List
import uuid
from app.database import get_db
from app.core.deps import get_current_superuser
from app.models.department import Department
from app.models.user import User
from app.schemas.department import DepartmentCreate, DepartmentUpdate, DepartmentResponse
router = APIRouter(prefix="/departments", tags=["科室管理"])
@router.get("", response_model=List[DepartmentResponse], summary="获取科室列表")
async def list_departments(
skip: int = 0,
limit: int = 100,
db: AsyncSession = Depends(get_db)
):
"""获取所有科室列表(不需要认证,供登录页面使用)"""
result = await db.execute(
select(Department)
.where(Department.is_active == True)
.offset(skip)
.limit(limit)
)
departments = result.scalars().all()
return departments
@router.post("", response_model=DepartmentResponse, summary="创建科室")
async def create_department(
department_in: DepartmentCreate,
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_superuser)
):
"""创建新科室(仅超级管理员)"""
# 检查名称是否已存在
result = await db.execute(
select(Department).where(Department.name == department_in.name)
)
if result.scalar_one_or_none():
raise HTTPException(status_code=400, detail="科室名称已存在")
# 检查编码是否已存在
if department_in.code:
result = await db.execute(
select(Department).where(Department.code == department_in.code)
)
if result.scalar_one_or_none():
raise HTTPException(status_code=400, detail="科室编码已存在")
department = Department(
id=str(uuid.uuid4()),
**department_in.model_dump()
)
db.add(department)
await db.commit()
await db.refresh(department)
return department
@router.get("/{department_id}", response_model=DepartmentResponse, summary="获取科室详情")
async def get_department(
department_id: str,
db: AsyncSession = Depends(get_db)
):
"""获取指定科室详情"""
result = await db.execute(
select(Department).where(Department.id == department_id)
)
department = result.scalar_one_or_none()
if not department:
raise HTTPException(status_code=404, detail="科室不存在")
return department
@router.put("/{department_id}", response_model=DepartmentResponse, summary="更新科室")
async def update_department(
department_id: str,
department_in: DepartmentUpdate,
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_superuser)
):
"""更新科室信息(仅超级管理员)"""
result = await db.execute(
select(Department).where(Department.id == department_id)
)
department = result.scalar_one_or_none()
if not department:
raise HTTPException(status_code=404, detail="科室不存在")
update_data = department_in.model_dump(exclude_unset=True)
# 检查名称重复
if "name" in update_data and update_data["name"] != department.name:
result = await db.execute(
select(Department).where(Department.name == update_data["name"])
)
if result.scalar_one_or_none():
raise HTTPException(status_code=400, detail="科室名称已存在")
# 检查编码重复
if "code" in update_data and update_data["code"] != department.code:
result = await db.execute(
select(Department).where(Department.code == update_data["code"])
)
if result.scalar_one_or_none():
raise HTTPException(status_code=400, detail="科室编码已存在")
for field, value in update_data.items():
setattr(department, field, value)
await db.commit()
await db.refresh(department)
return department
@router.delete("/{department_id}", summary="删除科室")
async def delete_department(
department_id: str,
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_superuser)
):
"""删除科室(仅超级管理员)"""
result = await db.execute(
select(Department).where(Department.id == department_id)
)
department = result.scalar_one_or_none()
if not department:
raise HTTPException(status_code=404, detail="科室不存在")
# 检查是否有用户关联
result = await db.execute(
select(User).where(User.department_id == department_id)
)
if result.scalar_one_or_none():
raise HTTPException(status_code=400, detail="该科室下还有用户,无法删除")
await db.delete(department)
await db.commit()
return {"message": "科室删除成功"}
backend/app/api/routes/permissions.py 0 → 100644
View file @ 21eca8c8
from fastapi import APIRouter, Depends, HTTPException
from sqlalchemy.ext.asyncio import AsyncSession
from sqlalchemy import select
from typing import List
import uuid
from app.database import get_db
from app.core.deps import get_current_superuser
from app.models.permission import Permission
from app.models.user import User
from app.schemas.permission import PermissionCreate, PermissionUpdate, PermissionResponse
router = APIRouter(prefix="/permissions", tags=["权限管理"])
@router.get("", response_model=List[PermissionResponse], summary="获取权限列表")
async def list_permissions(
skip: int = 0,
limit: int = 500,
type: str = None,
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_superuser)
):
"""获取所有权限列表(仅超级管理员)"""
query = select(Permission)
if type:
query = query.where(Permission.type == type)
query = query.offset(skip).limit(limit).order_by(Permission.sort_order)
result = await db.execute(query)
permissions = result.scalars().all()
return permissions
@router.post("", response_model=PermissionResponse, summary="创建权限")
async def create_permission(
permission_in: PermissionCreate,
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_superuser)
):
"""创建新权限(仅超级管理员)"""
# 检查权限编码是否已存在
result = await db.execute(
select(Permission).where(Permission.code == permission_in.code)
)
if result.scalar_one_or_none():
raise HTTPException(status_code=400, detail="权限编码已存在")
permission = Permission(
id=str(uuid.uuid4()),
**permission_in.model_dump()
)
db.add(permission)
await db.commit()
await db.refresh(permission)
return permission
@router.get("/{permission_id}", response_model=PermissionResponse, summary="获取权限详情")
async def get_permission(
permission_id: str,
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_superuser)
):
"""获取指定权限详情(仅超级管理员)"""
result = await db.execute(
select(Permission).where(Permission.id == permission_id)
)
permission = result.scalar_one_or_none()
if not permission:
raise HTTPException(status_code=404, detail="权限不存在")
return permission
@router.put("/{permission_id}", response_model=PermissionResponse, summary="更新权限")
async def update_permission(
permission_id: str,
permission_in: PermissionUpdate,
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_superuser)
):
"""更新权限信息(仅超级管理员)"""
result = await db.execute(
select(Permission).where(Permission.id == permission_id)
)
permission = result.scalar_one_or_none()
if not permission:
raise HTTPException(status_code=404, detail="权限不存在")
update_data = permission_in.model_dump(exclude_unset=True)
for field, value in update_data.items():
setattr(permission, field, value)
await db.commit()
await db.refresh(permission)
return permission
@router.delete("/{permission_id}", summary="删除权限")
async def delete_permission(
permission_id: str,
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_superuser)
):
"""删除权限(仅超级管理员)"""
result = await db.execute(
select(Permission).where(Permission.id == permission_id)
)
permission = result.scalar_one_or_none()
if not permission:
raise HTTPException(status_code=404, detail="权限不存在")
await db.delete(permission)
await db.commit()
return {"message": "权限删除成功"}
backend/app/api/routes/roles.py 0 → 100644
View file @ 21eca8c8
from fastapi import APIRouter, Depends, HTTPException
from sqlalchemy.ext.asyncio import AsyncSession
from sqlalchemy import select, insert, delete as sql_delete
from sqlalchemy.orm import selectinload
from typing import List
import uuid
from app.database import get_db
from app.core.deps import get_current_superuser
from app.models.role import Role
from app.models.permission import Permission
from app.models.user import User
from app.models.user_role import role_permissions
from app.schemas.role import RoleCreate, RoleUpdate, RoleResponse, RoleWithPermissions
router = APIRouter(prefix="/roles", tags=["角色管理"])
@router.get("", response_model=List[RoleResponse], summary="获取角色列表")
async def list_roles(
skip: int = 0,
limit: int = 100,
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_superuser)
):
"""获取所有角色列表(仅超级管理员)"""
result = await db.execute(
select(Role)
.offset(skip)
.limit(limit)
)
roles = result.scalars().all()
return roles
@router.post("", response_model=RoleResponse, summary="创建角色")
async def create_role(
role_in: RoleCreate,
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_superuser)
):
"""创建新角色(仅超级管理员)"""
# 检查角色名称是否已存在
result = await db.execute(
select(Role).where(Role.name == role_in.name)
)
if result.scalar_one_or_none():
raise HTTPException(status_code=400, detail="角色名称已存在")
# 检查角色编码是否已存在
result = await db.execute(
select(Role).where(Role.code == role_in.code)
)
if result.scalar_one_or_none():
raise HTTPException(status_code=400, detail="角色编码已存在")
# 创建角色
role_data = role_in.model_dump(exclude={"permission_ids"})
role = Role(
id=str(uuid.uuid4()),
**role_data
)
db.add(role)
await db.flush() # 确保 role.id 写入数据库
# 直接插入关联表,绕过 ORM 关系懒加载
if role_in.permission_ids:
await db.execute(
insert(role_permissions).values(
[{"role_id": role.id, "permission_id": pid} for pid in role_in.permission_ids]
)
)
await db.commit()
await db.refresh(role)
return role
@router.get("/{role_id}", response_model=RoleWithPermissions, summary="获取角色详情")
async def get_role(
role_id: str,
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_superuser)
):
"""获取指定角色详情(仅超级管理员)"""
result = await db.execute(
select(Role)
.options(selectinload(Role.permissions))
.where(Role.id == role_id)
)
role = result.scalar_one_or_none()
if not role:
raise HTTPException(status_code=404, detail="角色不存在")
return role
@router.put("/{role_id}", response_model=RoleResponse, summary="更新角色")
async def update_role(
role_id: str,
role_in: RoleUpdate,
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_superuser)
):
"""更新角色信息(仅超级管理员)"""
# 预加载 permissions 关系
result = await db.execute(
select(Role)
.options(selectinload(Role.permissions))
.where(Role.id == role_id)
)
role = result.scalar_one_or_none()
if not role:
raise HTTPException(status_code=404, detail="角色不存在")
update_data = role_in.model_dump(exclude_unset=True, exclude={"permission_ids"})
# 检查名称重复
if "name" in update_data and update_data["name"] != role.name:
result = await db.execute(
select(Role).where(Role.name == update_data["name"])
)
if result.scalar_one_or_none():
raise HTTPException(status_code=400, detail="角色名称已存在")
# 更新基本信息
for field, value in update_data.items():
setattr(role, field, value)
# 更新权限关联:先删除旧的,再插入新的
if role_in.permission_ids is not None:
await db.execute(
sql_delete(role_permissions).where(role_permissions.c.role_id == role_id)
)
if role_in.permission_ids:
await db.execute(
insert(role_permissions).values(
[{"role_id": role_id, "permission_id": pid} for pid in role_in.permission_ids]
)
)
await db.commit()
await db.refresh(role)
return role
@router.delete("/{role_id}", summary="删除角色")
async def delete_role(
role_id: str,
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_superuser)
):
"""删除角色(仅超级管理员)"""
result = await db.execute(
select(Role).where(Role.id == role_id)
)
role = result.scalar_one_or_none()
if not role:
raise HTTPException(status_code=404, detail="角色不存在")
await db.delete(role)
await db.commit()
return {"message": "角色删除成功"}
backend/app/api/routes/users.py 0 → 100644
View file @ 21eca8c8
from fastapi import APIRouter, Depends, HTTPException
from sqlalchemy.ext.asyncio import AsyncSession
from sqlalchemy import select, insert, delete as sql_delete
from sqlalchemy.orm import selectinload
from typing import List
import uuid
from app.database import get_db
from app.core.deps import get_current_user, get_current_superuser
from app.core.security import get_password_hash, verify_password
from app.models.user import User
from app.models.role import Role
from app.models.user_role import user_roles
from app.schemas.user import (
UserCreate,
UserUpdate,
UserResponse,
UserWithRoles,
UserChangePassword,
UserResetPassword
)
router = APIRouter(prefix="/users", tags=["用户管理"])
@router.get("/me", response_model=UserResponse, summary="获取当前用户信息")
async def get_current_user_info(
current_user: User = Depends(get_current_user)
):
"""获取当前登录用户的信息"""
return current_user
@router.get("", response_model=List[UserResponse], summary="获取用户列表")
async def list_users(
skip: int = 0,
limit: int = 100,
department_id: str = None,
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_superuser)
):
"""获取所有用户列表(仅超级管理员)"""
query = select(User)
if department_id:
query = query.where(User.department_id == department_id)
query = query.offset(skip).limit(limit)
result = await db.execute(query)
users = result.scalars().all()
return users
@router.post("", response_model=UserResponse, summary="创建用户")
async def create_user(
user_in: UserCreate,
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_superuser)
):
"""创建新用户(仅超级管理员)"""
# 检查用户名是否已存在
result = await db.execute(
select(User).where(User.username == user_in.username)
)
if result.scalar_one_or_none():
raise HTTPException(status_code=400, detail="用户名已存在")
# 检查邮箱是否已存在
if user_in.email:
result = await db.execute(
select(User).where(User.email == user_in.email)
)
if result.scalar_one_or_none():
raise HTTPException(status_code=400, detail="邮箱已被使用")
# 创建用户
user_data = user_in.model_dump(exclude={"password", "role_ids"})
user = User(
id=str(uuid.uuid4()),
password_hash=get_password_hash(user_in.password),
**user_data
)
db.add(user)
await db.flush() # 确保 user.id 写入数据库
# 直接插入关联表,绕过 ORM 关系懒加载
if user_in.role_ids:
await db.execute(
insert(user_roles).values(
[{"user_id": user.id, "role_id": rid} for rid in user_in.role_ids]
)
)
await db.commit()
await db.refresh(user)
return user
@router.get("/{user_id}", response_model=UserWithRoles, summary="获取用户详情")
async def get_user(
user_id: str,
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_superuser)
):
"""获取指定用户详情(仅超级管理员)"""
result = await db.execute(
select(User)
.options(selectinload(User.roles), selectinload(User.department))
.where(User.id == user_id)
)
user = result.scalar_one_or_none()
if not user:
raise HTTPException(status_code=404, detail="用户不存在")
return user
@router.put("/{user_id}", response_model=UserResponse, summary="更新用户")
async def update_user(
user_id: str,
user_in: UserUpdate,
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_superuser)
):
"""更新用户信息(仅超级管理员)"""
# 预加载 roles 关系
result = await db.execute(
select(User)
.options(selectinload(User.roles))
.where(User.id == user_id)
)
user = result.scalar_one_or_none()
if not user:
raise HTTPException(status_code=404, detail="用户不存在")
update_data = user_in.model_dump(exclude_unset=True, exclude={"role_ids"})
# 检查邮箱重复
if "email" in update_data and update_data["email"] != user.email:
result = await db.execute(
select(User).where(User.email == update_data["email"])
)
if result.scalar_one_or_none():
raise HTTPException(status_code=400, detail="邮箱已被使用")
# 更新基本信息
for field, value in update_data.items():
setattr(user, field, value)
# 更新角色关联:先删除旧的,再插入新的
if user_in.role_ids is not None:
await db.execute(
sql_delete(user_roles).where(user_roles.c.user_id == user_id)
)
if user_in.role_ids:
await db.execute(
insert(user_roles).values(
[{"user_id": user_id, "role_id": rid} for rid in user_in.role_ids]
)
)
await db.commit()
await db.refresh(user)
return user
@router.post("/change-password", summary="修改密码")
async def change_password(
password_data: UserChangePassword,
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_user)
):
"""当前用户修改自己的密码"""
# 验证旧密码
if not verify_password(password_data.old_password, current_user.password_hash):
raise HTTPException(status_code=400, detail="旧密码错误")
# 更新密码
current_user.password_hash = get_password_hash(password_data.new_password)
await db.commit()
return {"message": "密码修改成功"}
@router.post("/{user_id}/reset-password", summary="重置用户密码")
async def reset_password(
user_id: str,
password_data: UserResetPassword,
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_superuser)
):
"""管理员重置用户密码(仅超级管理员)"""
result = await db.execute(
select(User).where(User.id == user_id)
)
user = result.scalar_one_or_none()
if not user:
raise HTTPException(status_code=404, detail="用户不存在")
# 更新密码
user.password_hash = get_password_hash(password_data.new_password)
await db.commit()
return {"message": "密码重置成功"}
@router.delete("/{user_id}", summary="删除用户")
async def delete_user(
user_id: str,
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_superuser)
):
"""删除用户(仅超级管理员)"""
if user_id == current_user.id:
raise HTTPException(status_code=400, detail="不能删除自己")
result = await db.execute(
select(User).where(User.id == user_id)
)
user = result.scalar_one_or_none()
if not user:
raise HTTPException(status_code=404, detail="用户不存在")
await db.delete(user)
await db.commit()
return {"message": "用户删除成功"}
backend/app/core/config.py
View file @ 21eca8c8
......@@ -8,6 +8,11 @@ class Settings(BaseSettings):
secret_key: str = "dev-secret-key-change-in-production"
database_url: str = "sqlite+aiosqlite:///./smart_recruitment.db"
# JWT 配置
jwt_secret_key: str = "jwt-secret-key-change-in-production"
jwt_algorithm: str = "HS256"
jwt_access_token_expire_minutes: int = 60 * 24 # 24 小时
openai_api_key: str = ""
anthropic_api_key: str = ""
llm_provider: str = "openai"
......
backend/app/core/deps.py 0 → 100644
View file @ 21eca8c8
from typing import Optional
from fastapi import Depends, HTTPException, status
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from sqlalchemy.ext.asyncio import AsyncSession
from sqlalchemy import select
from app.database import get_db
from app.core.security import decode_access_token
from app.models.user import User
from app.models.role import Role
from app.models.permission import Permission
# HTTP Bearer 认证方案
security = HTTPBearer()
async def get_current_user(
credentials: HTTPAuthorizationCredentials = Depends(security),
db: AsyncSession = Depends(get_db)
) -> User:
"""获取当前登录用户"""
credentials_exception = HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="无法验证凭证",
headers={"WWW-Authenticate": "Bearer"},
)
token = credentials.credentials
payload = decode_access_token(token)
if payload is None:
raise credentials_exception
user_id: str = payload.get("sub")
if user_id is None:
raise credentials_exception
# 查询用户
result = await db.execute(select(User).where(User.id == user_id))
user = result.scalar_one_or_none()
if user is None:
raise credentials_exception
if not user.is_active:
raise HTTPException(status_code=400, detail="用户账号已被禁用")
return user
async def get_current_active_user(
current_user: User = Depends(get_current_user)
) -> User:
"""获取当前活跃用户"""
if not current_user.is_active:
raise HTTPException(status_code=400, detail="用户账号已被禁用")
return current_user
async def get_current_superuser(
current_user: User = Depends(get_current_user)
) -> User:
"""获取当前超级管理员用户"""
if not current_user.is_superuser:
raise HTTPException(status_code=403, detail="权限不足")
return current_user
async def check_permission(permission_code: str):
"""检查用户权限的依赖工厂"""
async def permission_checker(
current_user: User = Depends(get_current_user),
db: AsyncSession = Depends(get_db)
) -> User:
# 超级管理员拥有所有权限
if current_user.is_superuser:
return current_user
# 查询用户的所有权限
from sqlalchemy.orm import selectinload
result = await db.execute(
select(User)
.options(selectinload(User.roles).selectinload(Role.permissions))
.where(User.id == current_user.id)
)
user = result.scalar_one_or_none()
if user is None:
raise HTTPException(status_code=403, detail="用户不存在")
# 收集用户的所有权限编码
user_permissions = set()
for role in user.roles:
for permission in role.permissions:
if permission.is_active:
user_permissions.add(permission.code)
# 检查是否拥有所需权限
if permission_code not in user_permissions:
raise HTTPException(status_code=403, detail=f"缺少权限: {permission_code}")
return current_user
return permission_checker
backend/app/core/security.py 0 → 100644
View file @ 21eca8c8
from datetime import datetime, timedelta
from typing import Optional
from jose import JWTError, jwt
import hashlib
import secrets
from app.core.config import settings
def verify_password(plain_password: str, hashed_password: str) -> bool:
"""验证密码"""
# 分离盐和哈希值
try:
salt, stored_hash = hashed_password.split('$')
# 使用相同的盐计算哈希
password_hash = hashlib.pbkdf2_hmac(
'sha256',
plain_password.encode('utf-8'),
salt.encode('utf-8'),
100000
)
return secrets.compare_digest(password_hash.hex(), stored_hash)
except Exception:
return False
def get_password_hash(password: str) -> str:
"""生成密码哈希"""
# 生成随机盐
salt = secrets.token_hex(16)
# 使用 PBKDF2 生成哈希
password_hash = hashlib.pbkdf2_hmac(
'sha256',
password.encode('utf-8'),
salt.encode('utf-8'),
100000
)
# 返回格式: salt$hash
return f"{salt}${password_hash.hex()}"
def create_access_token(data: dict, expires_delta: Optional[timedelta] = None) -> str:
"""创建 JWT 访问令牌"""
to_encode = data.copy()
if expires_delta:
expire = datetime.utcnow() + expires_delta
else:
expire = datetime.utcnow() + timedelta(minutes=settings.jwt_access_token_expire_minutes)
to_encode.update({"exp": expire})
encoded_jwt = jwt.encode(to_encode, settings.jwt_secret_key, algorithm=settings.jwt_algorithm)
return encoded_jwt
def decode_access_token(token: str) -> Optional[dict]:
"""解码 JWT 令牌"""
try:
payload = jwt.decode(token, settings.jwt_secret_key, algorithms=[settings.jwt_algorithm])
return payload
except JWTError:
return None
backend/app/database.py
View file @ 21eca8c8
......@@ -16,6 +16,7 @@ async def get_db() -> AsyncSession:
async def init_db():
from app.models import patient, trial, matching, notification # noqa: F401
from app.models import patient, trial, matching, notification, diagnosis # noqa: F401
from app.models import user, department, role, permission, user_role # noqa: F401
async with engine.begin() as conn:
await conn.run_sync(Base.metadata.create_all)
backend/app/main.py
View file @ 21eca8c8
......@@ -3,6 +3,7 @@ from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware
from app.database import init_db
from app.api.routes import patients, trials, matching, notifications, diagnoses
from app.api.routes import auth, users, roles, permissions, departments
@asynccontextmanager
......@@ -25,6 +26,14 @@ app.add_middleware(
allow_headers=["*"],
)
# 认证和权限相关路由
app.include_router(auth.router, prefix="/api/v1")
app.include_router(users.router, prefix="/api/v1")
app.include_router(roles.router, prefix="/api/v1")
app.include_router(permissions.router, prefix="/api/v1")
app.include_router(departments.router, prefix="/api/v1")
# 业务功能路由
app.include_router(patients.router, prefix="/api/v1")
app.include_router(trials.router, prefix="/api/v1")
app.include_router(matching.router, prefix="/api/v1")
......
backend/app/models/__init__.py
View file @ 21eca8c8
......@@ -3,3 +3,10 @@ from app.models.trial import Trial, Criterion, TrialStatus, CriterionType # noq
from app.models.matching import MatchingResult, MatchStatus # noqa: F401
from app.models.notification import Notification # noqa: F401
from app.models.diagnosis import Diagnosis # noqa: F401
# 权限系统模型
from app.models.user import User # noqa: F401
from app.models.department import Department # noqa: F401
from app.models.role import Role # noqa: F401
from app.models.permission import Permission, PermissionType # noqa: F401
from app.models.user_role import user_roles, role_permissions # noqa: F401
backend/app/models/department.py 0 → 100644
View file @ 21eca8c8
from sqlalchemy import Column, String, Boolean, DateTime
from sqlalchemy.orm import relationship
from datetime import datetime
from app.database import Base
class Department(Base):
"""科室表"""
__tablename__ = "departments"
id = Column(String(36), primary_key=True)
name = Column(String(100), nullable=False, unique=True, comment="科室名称")
code = Column(String(50), unique=True, comment="科室编码")
description = Column(String(500), comment="科室描述")
is_active = Column(Boolean, default=True, comment="是否启用")
created_at = Column(DateTime, default=datetime.utcnow)
updated_at = Column(DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
# 关联关系
users = relationship("User", back_populates="department")
backend/app/models/permission.py 0 → 100644
View file @ 21eca8c8
from sqlalchemy import Column, String, Boolean, DateTime, Enum as SQLEnum
from sqlalchemy.orm import relationship
from datetime import datetime
import enum
from app.database import Base
class PermissionType(str, enum.Enum):
"""权限类型"""
MENU = "menu" # 菜单权限
BUTTON = "button" # 按钮权限
class Permission(Base):
"""权限表(菜单和按钮权限)"""
__tablename__ = "permissions"
id = Column(String(36), primary_key=True)
name = Column(String(100), nullable=False, comment="权限名称")
code = Column(String(100), nullable=False, unique=True, comment="权限编码")
type = Column(SQLEnum(PermissionType), nullable=False, comment="权限类型")
# 菜单权限字段
parent_id = Column(String(36), comment="父级菜单ID(用于树形结构)")
path = Column(String(200), comment="路由路径")
icon = Column(String(50), comment="菜单图标")
sort_order = Column(String(10), default="0", comment="排序")
# 按钮权限字段
menu_id = Column(String(36), comment="所属菜单ID(按钮权限用)")
description = Column(String(500), comment="权限描述")
is_active = Column(Boolean, default=True, comment="是否启用")
created_at = Column(DateTime, default=datetime.utcnow)
updated_at = Column(DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
# 关联关系
roles = relationship("Role", secondary="role_permissions", back_populates="permissions")
backend/app/models/role.py 0 → 100644
View file @ 21eca8c8
from sqlalchemy import Column, String, Boolean, DateTime
from sqlalchemy.orm import relationship
from datetime import datetime
from app.database import Base
class Role(Base):
"""角色表"""
__tablename__ = "roles"
id = Column(String(36), primary_key=True)
name = Column(String(50), nullable=False, unique=True, comment="角色名称")
code = Column(String(50), unique=True, comment="角色编码")
description = Column(String(500), comment="角色描述")
is_active = Column(Boolean, default=True, comment="是否启用")
created_at = Column(DateTime, default=datetime.utcnow)
updated_at = Column(DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
# 关联关系
users = relationship("User", secondary="user_roles", back_populates="roles")
permissions = relationship("Permission", secondary="role_permissions", back_populates="roles")
backend/app/models/user.py 0 → 100644
View file @ 21eca8c8
from sqlalchemy import Column, String, Boolean, DateTime, ForeignKey
from sqlalchemy.orm import relationship
from datetime import datetime
from app.database import Base
class User(Base):
"""用户表(医生账号)"""
__tablename__ = "users"
id = Column(String(36), primary_key=True)
username = Column(String(50), nullable=False, unique=True, comment="用户名")
password_hash = Column(String(255), nullable=False, comment="密码哈希")
full_name = Column(String(100), nullable=False, comment="姓名")
email = Column(String(100), unique=True, comment="邮箱")
phone = Column(String(20), comment="电话")
title = Column(String(50), comment="职称(主任医师、副主任医师等)")
department_id = Column(String(36), ForeignKey("departments.id"), comment="所属科室")
is_active = Column(Boolean, default=True, comment="账号是否启用")
is_superuser = Column(Boolean, default=False, comment="是否超级管理员")
last_login = Column(DateTime, comment="最后登录时间")
created_at = Column(DateTime, default=datetime.utcnow)
updated_at = Column(DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
# 关联关系
department = relationship("Department", back_populates="users")
roles = relationship("Role", secondary="user_roles", back_populates="users")
backend/app/models/user_role.py 0 → 100644
View file @ 21eca8c8
from sqlalchemy import Column, String, ForeignKey, DateTime, Table
from datetime import datetime
from app.database import Base
# 用户-角色关联表
user_roles = Table(
"user_roles",
Base.metadata,
Column("user_id", String(36), ForeignKey("users.id", ondelete="CASCADE"), primary_key=True),
Column("role_id", String(36), ForeignKey("roles.id", ondelete="CASCADE"), primary_key=True),
Column("created_at", DateTime, default=datetime.utcnow)
)
# 角色-权限关联表
role_permissions = Table(
"role_permissions",
Base.metadata,
Column("role_id", String(36), ForeignKey("roles.id", ondelete="CASCADE"), primary_key=True),
Column("permission_id", String(36), ForeignKey("permissions.id", ondelete="CASCADE"), primary_key=True),
Column("created_at", DateTime, default=datetime.utcnow)
)
backend/app/schemas/auth.py 0 → 100644
View file @ 21eca8c8
from pydantic import BaseModel, Field
from typing import List, Optional
from datetime import datetime
class LoginRequest(BaseModel):
"""登录请求"""
username: str = Field(..., description="用户名")
password: str = Field(..., description="密码")
class TokenResponse(BaseModel):
"""Token 响应"""
access_token: str = Field(..., description="访问令牌")
token_type: str = Field(default="bearer", description="令牌类型")
class PermissionInfo(BaseModel):
"""权限信息"""
id: str
code: str
name: str
type: str
path: Optional[str] = None
icon: Optional[str] = None
parent_id: Optional[str] = None
menu_id: Optional[str] = None
class RoleInfo(BaseModel):
"""角色信息"""
id: str
name: str
code: str
description: Optional[str] = None
class DepartmentInfo(BaseModel):
"""科室信息"""
id: str
name: str
code: Optional[str] = None
class UserInfo(BaseModel):
"""用户信息"""
id: str
username: str
full_name: str
email: Optional[str] = None
phone: Optional[str] = None
title: Optional[str] = None
is_active: bool
is_superuser: bool
department: Optional[DepartmentInfo] = None
roles: List[RoleInfo] = []
permissions: List[PermissionInfo] = []
last_login: Optional[datetime] = None
created_at: datetime
class LoginResponse(BaseModel):
"""登录响应"""
access_token: str = Field(..., description="访问令牌")
token_type: str = Field(default="bearer", description="令牌类型")
user: UserInfo = Field(..., description="用户信息")
backend/app/schemas/department.py 0 → 100644
View file @ 21eca8c8
from pydantic import BaseModel, Field
from typing import Optional
from datetime import datetime
class DepartmentBase(BaseModel):
"""科室基础模型"""
name: str = Field(..., min_length=2, max_length=100, description="科室名称")
code: Optional[str] = Field(None, max_length=50, description="科室编码")
description: Optional[str] = Field(None, max_length=500, description="科室描述")
is_active: bool = Field(True, description="是否启用")
class DepartmentCreate(DepartmentBase):
"""创建科室"""
pass
class DepartmentUpdate(BaseModel):
"""更新科室"""
name: Optional[str] = Field(None, min_length=2, max_length=100)
code: Optional[str] = Field(None, max_length=50)
description: Optional[str] = Field(None, max_length=500)
is_active: Optional[bool] = None
class DepartmentResponse(DepartmentBase):
"""科室响应"""
id: str
created_at: datetime
updated_at: datetime
class Config:
from_attributes = True
backend/app/schemas/permission.py 0 → 100644
View file @ 21eca8c8
from pydantic import BaseModel, Field
from typing import Optional
from datetime import datetime
from app.models.permission import PermissionType
class PermissionBase(BaseModel):
"""权限基础模型"""
name: str = Field(..., min_length=2, max_length=100, description="权限名称")
code: str = Field(..., min_length=2, max_length=100, description="权限编码")
type: PermissionType = Field(..., description="权限类型")
parent_id: Optional[str] = Field(None, description="父级菜单ID")
path: Optional[str] = Field(None, max_length=200, description="路由路径")
icon: Optional[str] = Field(None, max_length=50, description="菜单图标")
sort_order: str = Field("0", description="排序")
menu_id: Optional[str] = Field(None, description="所属菜单ID(按钮权限)")
description: Optional[str] = Field(None, max_length=500, description="权限描述")
is_active: bool = Field(True, description="是否启用")
class PermissionCreate(PermissionBase):
"""创建权限"""
pass
class PermissionUpdate(BaseModel):
"""更新权限"""
name: Optional[str] = Field(None, min_length=2, max_length=100)
path: Optional[str] = Field(None, max_length=200)
icon: Optional[str] = Field(None, max_length=50)
sort_order: Optional[str] = None
description: Optional[str] = Field(None, max_length=500)
is_active: Optional[bool] = None
class PermissionResponse(PermissionBase):
"""权限响应"""
id: str
created_at: datetime
updated_at: datetime
class Config:
from_attributes = True
backend/app/schemas/role.py 0 → 100644
View file @ 21eca8c8
from pydantic import BaseModel, Field
from typing import Optional, List
from datetime import datetime
class RoleBase(BaseModel):
"""角色基础模型"""
name: str = Field(..., min_length=2, max_length=50, description="角色名称")
code: str = Field(..., min_length=2, max_length=50, description="角色编码")
description: Optional[str] = Field(None, max_length=500, description="角色描述")
is_active: bool = Field(True, description="是否启用")
class RoleCreate(RoleBase):
"""创建角色"""
permission_ids: List[str] = Field(default_factory=list, description="权限ID列表")
class RoleUpdate(BaseModel):
"""更新角色"""
name: Optional[str] = Field(None, min_length=2, max_length=50)
description: Optional[str] = Field(None, max_length=500)
is_active: Optional[bool] = None
permission_ids: Optional[List[str]] = None
class RoleResponse(RoleBase):
"""角色响应"""
id: str
created_at: datetime
updated_at: datetime
class Config:
from_attributes = True
class RoleWithPermissions(RoleResponse):
"""带权限的角色响应"""
permissions: List["PermissionResponse"] = []
# 防止循环导入
from app.schemas.permission import PermissionResponse # noqa: E402
RoleWithPermissions.model_rebuild()
backend/app/schemas/user.py 0 → 100644
View file @ 21eca8c8
from pydantic import BaseModel, Field, EmailStr
from typing import Optional, List
from datetime import datetime
class UserBase(BaseModel):
"""用户基础模型"""
username: str = Field(..., min_length=3, max_length=50, description="用户名")
full_name: str = Field(..., min_length=2, max_length=100, description="姓名")
email: Optional[EmailStr] = Field(None, description="邮箱")
phone: Optional[str] = Field(None, max_length=20, description="电话")
title: Optional[str] = Field(None, max_length=50, description="职称")
department_id: Optional[str] = Field(None, description="科室ID")
is_active: bool = Field(True, description="是否启用")
class UserCreate(UserBase):
"""创建用户"""
password: str = Field(..., min_length=6, description="密码")
role_ids: List[str] = Field(default_factory=list, description="角色ID列表")
class UserUpdate(BaseModel):
"""更新用户"""
full_name: Optional[str] = Field(None, min_length=2, max_length=100)
email: Optional[EmailStr] = None
phone: Optional[str] = Field(None, max_length=20)
title: Optional[str] = Field(None, max_length=50)
department_id: Optional[str] = None
is_active: Optional[bool] = None
role_ids: Optional[List[str]] = None
class UserChangePassword(BaseModel):
"""修改密码"""
old_password: str = Field(..., description="旧密码")
new_password: str = Field(..., min_length=6, description="新密码")
class UserResetPassword(BaseModel):
"""重置密码(管理员)"""
new_password: str = Field(..., min_length=6, description="新密码")
class UserResponse(UserBase):
"""用户响应"""
id: str
is_superuser: bool
last_login: Optional[datetime]
created_at: datetime
updated_at: datetime
class Config:
from_attributes = True
class RoleSimple(BaseModel):
"""简化的角色信息"""
id: str
name: str
code: str
class Config:
from_attributes = True
class UserWithRoles(UserResponse):
"""包含角色的用户响应"""
roles: List[RoleSimple] = []
backend/app/scripts/init_auth_data.py 0 → 100644
View file @ 21eca8c8
"""
初始化权限系统的基础数据
包括:默认科室、默认角色、默认权限、超级管理员账号
"""
import asyncio
import uuid
from sqlalchemy.ext.asyncio import AsyncSession
from sqlalchemy import select
from app.database import AsyncSessionLocal
from app.models.user import User
from app.models.department import Department
from app.models.role import Role
from app.models.permission import Permission, PermissionType
from app.core.security import get_password_hash
# 默认科室数据
DEFAULT_DEPARTMENTS = [
{"name": "肿瘤科", "code": "ONCOLOGY", "description": "肿瘤诊疗科室"},
{"name": "心血管科", "code": "CARDIOLOGY", "description": "心血管疾病诊疗科室"},
{"name": "内分泌科", "code": "ENDOCRINOLOGY", "description": "内分泌疾病诊疗科室"},
{"name": "神经内科", "code": "NEUROLOGY", "description": "神经系统疾病诊疗科室"},
]
# 默认菜单权限
DEFAULT_MENU_PERMISSIONS = [
{
"name": "患者管理",
"code": "menu:patients",
"type": PermissionType.MENU,
"path": "/patients",
"icon": "PersonIcon",
"sort_order": "1",
},
{
"name": "试验管理",
"code": "menu:trials",
"type": PermissionType.MENU,
"path": "/trials",
"icon": "ScienceIcon",
"sort_order": "2",
},
{
"name": "诊断管理",
"code": "menu:diagnoses",
"type": PermissionType.MENU,
"path": "/diagnoses",
"icon": "MedicalServicesIcon",
"sort_order": "3",
},
{
"name": "匹配管理",
"code": "menu:matching",
"type": PermissionType.MENU,
"path": "/matching",
"icon": "MatchIcon",
"sort_order": "4",
},
{
"name": "医生工作站",
"code": "menu:workstation",
"type": PermissionType.MENU,
"path": "/workstation",
"icon": "WorkIcon",
"sort_order": "5",
},
{
"name": "系统管理",
"code": "menu:system",
"type": PermissionType.MENU,
"path": "/system",
"icon": "SettingsIcon",
"sort_order": "6",
},
]
# 默认按钮权限
DEFAULT_BUTTON_PERMISSIONS = [
# 患者管理按钮
{"name": "添加患者", "code": "btn:patient:add", "type": PermissionType.BUTTON, "menu_id": "menu:patients"},
{"name": "编辑患者", "code": "btn:patient:edit", "type": PermissionType.BUTTON, "menu_id": "menu:patients"},
{"name": "删除患者", "code": "btn:patient:delete", "type": PermissionType.BUTTON, "menu_id": "menu:patients"},
{"name": "查看患者详情", "code": "btn:patient:view", "type": PermissionType.BUTTON, "menu_id": "menu:patients"},
# 试验管理按钮
{"name": "添加试验", "code": "btn:trial:add", "type": PermissionType.BUTTON, "menu_id": "menu:trials"},
{"name": "编辑试验", "code": "btn:trial:edit", "type": PermissionType.BUTTON, "menu_id": "menu:trials"},
{"name": "删除试验", "code": "btn:trial:delete", "type": PermissionType.BUTTON, "menu_id": "menu:trials"},
{"name": "查看试验详情", "code": "btn:trial:view", "type": PermissionType.BUTTON, "menu_id": "menu:trials"},
# 诊断管理按钮
{"name": "添加诊断", "code": "btn:diagnosis:add", "type": PermissionType.BUTTON, "menu_id": "menu:diagnoses"},
{"name": "编辑诊断", "code": "btn:diagnosis:edit", "type": PermissionType.BUTTON, "menu_id": "menu:diagnoses"},
{"name": "删除诊断", "code": "btn:diagnosis:delete", "type": PermissionType.BUTTON, "menu_id": "menu:diagnoses"},
# 匹配管理按钮
{"name": "执行匹配", "code": "btn:matching:execute", "type": PermissionType.BUTTON, "menu_id": "menu:matching"},
{"name": "查看匹配详情", "code": "btn:matching:view", "type": PermissionType.BUTTON, "menu_id": "menu:matching"},
# 系统管理按钮
{"name": "添加用户", "code": "btn:user:add", "type": PermissionType.BUTTON, "menu_id": "menu:system"},
{"name": "编辑用户", "code": "btn:user:edit", "type": PermissionType.BUTTON, "menu_id": "menu:system"},
{"name": "删除用户", "code": "btn:user:delete", "type": PermissionType.BUTTON, "menu_id": "menu:system"},
{"name": "重置密码", "code": "btn:user:reset", "type": PermissionType.BUTTON, "menu_id": "menu:system"},
]
# 默认角色
DEFAULT_ROLES = [
{
"name": "超级管理员",
"code": "SUPER_ADMIN",
"description": "系统超级管理员,拥有所有权限",
"permission_codes": [], # 超级管理员不需要分配权限
},
{
"name": "主任医师",
"code": "CHIEF_PHYSICIAN",
"description": "主任医师,拥有所有临床功能权限",
"permission_codes": [
"menu:patients", "menu:trials", "menu:diagnoses", "menu:matching", "menu:workstation",
"btn:patient:add", "btn:patient:edit", "btn:patient:delete", "btn:patient:view",
"btn:trial:add", "btn:trial:edit", "btn:trial:delete", "btn:trial:view",
"btn:diagnosis:add", "btn:diagnosis:edit", "btn:diagnosis:delete",
"btn:matching:execute", "btn:matching:view",
],
},
{
"name": "住院医师",
"code": "RESIDENT_PHYSICIAN",
"description": "住院医师,拥有基本查看和操作权限",
"permission_codes": [
"menu:patients", "menu:trials", "menu:workstation",
"btn:patient:view", "btn:trial:view",
],
},
]
async def init_departments(db: AsyncSession):
"""初始化科室数据"""
print("正在初始化科室数据...")
for dept_data in DEFAULT_DEPARTMENTS:
result = await db.execute(
select(Department).where(Department.code == dept_data["code"])
)
existing = result.scalar_one_or_none()
if not existing:
dept = Department(
id=str(uuid.uuid4()),
**dept_data
)
db.add(dept)
print(f" + 创建科室: {dept_data['name']}")
else:
print(f" - 科室已存在: {dept_data['name']}")
await db.commit()
async def init_permissions(db: AsyncSession):
"""初始化权限数据"""
print("\n正在初始化权限数据...")
all_permissions = DEFAULT_MENU_PERMISSIONS + DEFAULT_BUTTON_PERMISSIONS
for perm_data in all_permissions:
result = await db.execute(
select(Permission).where(Permission.code == perm_data["code"])
)
existing = result.scalar_one_or_none()
if not existing:
perm = Permission(
id=str(uuid.uuid4()),
**perm_data
)
db.add(perm)
print(f" + 创建权限: {perm_data['name']} ({perm_data['code']})")
else:
print(f" - 权限已存在: {perm_data['name']}")
await db.commit()
async def init_roles(db: AsyncSession):
"""初始化角色数据"""
print("\n正在初始化角色数据...")
for role_data in DEFAULT_ROLES:
result = await db.execute(
select(Role).where(Role.code == role_data["code"])
)
existing = result.scalar_one_or_none()
if not existing:
# 查找权限
permissions = []
if role_data["permission_codes"]:
result = await db.execute(
select(Permission).where(Permission.code.in_(role_data["permission_codes"]))
)
permissions = result.scalars().all()
role = Role(
id=str(uuid.uuid4()),
name=role_data["name"],
code=role_data["code"],
description=role_data["description"],
)
role.permissions = permissions
db.add(role)
print(f" + 创建角色: {role_data['name']} (关联 {len(permissions)} 个权限)")
else:
print(f" - 角色已存在: {role_data['name']}")
await db.commit()
async def init_superuser(db: AsyncSession):
"""初始化超级管理员账号"""
print("\n正在初始化超级管理员账号...")
# 检查是否已存在
result = await db.execute(
select(User).where(User.username == "admin")
)
existing = result.scalar_one_or_none()
if existing:
print(" - 超级管理员账号已存在")
return
# 获取默认科室
result = await db.execute(
select(Department).where(Department.code == "ONCOLOGY")
)
dept = result.scalar_one_or_none()
# 创建超级管理员
admin = User(
id=str(uuid.uuid4()),
username="admin",
password_hash=get_password_hash("admin123"), # 默认密码
full_name="系统管理员",
email="admin@hospital.com",
title="管理员",
department_id=dept.id if dept else None,
is_active=True,
is_superuser=True,
)
db.add(admin)
await db.commit()
print(" + 创建超级管理员账号")
print(" 用户名: admin")
print(" 密码: admin123")
print(" ! 请在生产环境中立即修改默认密码!")
async def main():
"""主函数"""
print("=" * 60)
print("开始初始化权限系统基础数据")
print("=" * 60)
async with AsyncSessionLocal() as db:
await init_departments(db)
await init_permissions(db)
await init_roles(db)
await init_superuser(db)
print("\n" + "=" * 60)
print("权限系统基础数据初始化完成!")
print("=" * 60)
if __name__ == "__main__":
asyncio.run(main())
backend/pyproject.toml
View file @ 21eca8c8
......@@ -9,11 +9,16 @@ dependencies = [
"aiosqlite>=0.20.0",
"pydantic>=2.7.0",
"pydantic-settings>=2.2.0",
"pydantic[email]>=2.7.0",
"langchain>=0.2.0",
"langchain-openai>=0.1.0",
"langchain-anthropic>=0.1.0",
"python-dotenv>=1.0.0",
"httpx>=0.27.0",
"python-jose[cryptography]>=3.3.0",
"passlib>=1.7.4",
"bcrypt==4.1.3",
"python-multipart>=0.0.9",
]
[tool.uv]
......
backend/uv.lock
View file @ 21eca8c8
This diff is collapsed.
frontend/src/App.tsx
View file @ 21eca8c8
import { BrowserRouter, Routes, Route, Navigate } from 'react-router-dom'
import { ThemeProvider, CssBaseline } from '@mui/material'
import { medicalTheme } from './theme/medicalTheme'
import { AuthProvider } from './contexts/AuthContext'
import { PrivateRoute } from './components/auth/PrivateRoute'
import { AppShell } from './components/layout/AppShell'
import { LoginPage } from './pages/LoginPage'
import { PatientsPage } from './pages/PatientsPage'
import { TrialsPage } from './pages/TrialsPage'
import { MatchingPage } from './pages/MatchingPage'
import { WorkStationPage } from './pages/WorkStationPage'
import { DiagnosesPage } from './pages/DiagnosesPage'
import { SystemPage } from './pages/SystemPage'
export default function App() {
return (
<ThemeProvider theme={medicalTheme}>
<CssBaseline />
<AuthProvider>
<BrowserRouter>
<Routes>
<Route path="/" element={<AppShell />}>
{/* 登录页面 - 公开访问 */}
<Route path="/login" element={<LoginPage />} />
{/* 受保护的路由 - 需要登录 */}
<Route
path="/"
element={
<PrivateRoute>
<AppShell />
</PrivateRoute>
}
>
<Route index element={<Navigate to="/patients" replace />} />
<Route path="patients" element={<PatientsPage />} />
<Route path="trials" element={<TrialsPage />} />
<Route path="diagnoses" element={<DiagnosesPage />} />
<Route path="matching" element={<MatchingPage />} />
<Route path="workstation" element={<WorkStationPage />} />
{/* 患者管理 */}
<Route
path="patients"
element={
<PrivateRoute requiredPermission="menu:patients">
<PatientsPage />
</PrivateRoute>
}
/>
{/* 试验管理 */}
<Route
path="trials"
element={
<PrivateRoute requiredPermission="menu:trials">
<TrialsPage />
</PrivateRoute>
}
/>
{/* 诊断管理 */}
<Route
path="diagnoses"
element={
<PrivateRoute requiredPermission="menu:diagnoses">
<DiagnosesPage />
</PrivateRoute>
}
/>
{/* 匹配管理 */}
<Route
path="matching"
element={
<PrivateRoute requiredPermission="menu:matching">
<MatchingPage />
</PrivateRoute>
}
/>
{/* 医生工作站 */}
<Route
path="workstation"
element={
<PrivateRoute requiredPermission="menu:workstation">
<WorkStationPage />
</PrivateRoute>
}
/>
{/* 系统管理 */}
<Route
path="system"
element={
<PrivateRoute requiredPermission="menu:system">
<SystemPage />
</PrivateRoute>
}
/>
</Route>
</Routes>
</BrowserRouter>
</AuthProvider>
</ThemeProvider>
)
}
frontend/src/components/auth/PermissionButton.tsx 0 → 100644
View file @ 21eca8c8
import React from 'react'
import { Button, ButtonProps, Tooltip } from '@mui/material'
import { useAuth } from '../../contexts/AuthContext'
interface PermissionButtonProps extends ButtonProps {
permissionCode: string
showTooltip?: boolean
tooltipMessage?: string
}
/**
* 权限按钮组件 - 根据用户权限控制按钮的显示和禁用状态
* @param permissionCode - 所需权限编码
* @param showTooltip - 无权限时是否显示提示(默认 true)
* @param tooltipMessage - 提示消息(默认"权限不足")
* @param children - 按钮内容
* @param props - 其他 Button 属性
*/
export const PermissionButton: React.FC<PermissionButtonProps> = ({
permissionCode,
showTooltip = true,
tooltipMessage = '权限不足',
children,
...props
}) => {
const { hasPermission } = useAuth()
const allowed = hasPermission(permissionCode)
// 无权限时完全不显示按钮
if (!allowed && !showTooltip) {
return null
}
const button = (
<Button {...props} disabled={!allowed || props.disabled}>
{children}
</Button>
)
// 无权限时显示 tooltip
if (!allowed && showTooltip) {
return (
<Tooltip title={tooltipMessage} arrow>
<span>{button}</span>
</Tooltip>
)
}
return button
}
frontend/src/components/auth/PermissionGuard.tsx 0 → 100644
View file @ 21eca8c8
import React from 'react'
import { useAuth } from '../../contexts/AuthContext'
interface PermissionGuardProps {
children: React.ReactNode
permissionCode?: string
roleCode?: string
fallback?: React.ReactNode
}
/**
* 权限守卫组件 - 用于包裹需要权限控制的内容
* @param children - 有权限时显示的内容
* @param permissionCode - 所需权限编码
* @param roleCode - 所需角色编码
* @param fallback - 无权限时显示的内容(默认不显示)
*/
export const PermissionGuard: React.FC<PermissionGuardProps> = ({
children,
permissionCode,
roleCode,
fallback = null,
}) => {
const { hasPermission, hasRole } = useAuth()
// 检查权限
if (permissionCode && !hasPermission(permissionCode)) {
return <>{fallback}</>
}
// 检查角色
if (roleCode && !hasRole(roleCode)) {
return <>{fallback}</>
}
return <>{children}</>
}
frontend/src/components/auth/PrivateRoute.tsx 0 → 100644
View file @ 21eca8c8
import React from 'react'
import { Navigate } from 'react-router-dom'
import { useAuth } from '../../contexts/AuthContext'
import { Box, CircularProgress } from '@mui/material'
interface PrivateRouteProps {
children: React.ReactNode
requiredPermission?: string
requiredRole?: string
}
/**
* 私���路由组件 - 用于保护需要认证的路由
* @param children - 子组件
* @param requiredPermission - 所需权限编码(可选)
* @param requiredRole - 所需角色编码(可选)
*/
export const PrivateRoute: React.FC<PrivateRouteProps> = ({
children,
requiredPermission,
requiredRole,
}) => {
const { isAuthenticated, isLoading, hasPermission, hasRole, user } = useAuth()
// 加载中显示 loading
if (isLoading) {
return (
<Box
sx={{
display: 'flex',
justifyContent: 'center',
alignItems: 'center',
minHeight: '100vh',
}}
>
<CircularProgress />
</Box>
)
}
// 未登录,重定向到登录页
if (!isAuthenticated) {
return <Navigate to="/login" replace />
}
// 检查权限
if (requiredPermission && !hasPermission(requiredPermission)) {
return (
<Box sx={{ p: 3, textAlign: 'center' }}>
<h2>权限不足</h2>
<p>您没有访问此页面的权限</p>
</Box>
)
}
// 检查角色
if (requiredRole && !hasRole(requiredRole)) {
return (
<Box sx={{ p: 3, textAlign: 'center' }}>
<h2>权限不足</h2>
<p>您的角色无法访问此页面</p>
</Box>
)
}
return <>{children}</>
}
frontend/src/components/layout/Sidebar.tsx
View file @ 21eca8c8
......@@ -8,13 +8,16 @@ import ScienceIcon from '@mui/icons-material/Science'
import PsychologyIcon from '@mui/icons-material/Psychology'
import MonitorHeartIcon from '@mui/icons-material/MonitorHeart'
import LocalHospitalIcon from '@mui/icons-material/LocalHospital'
import SettingsIcon from '@mui/icons-material/Settings'
import { useAuth } from '../../contexts/AuthContext'
const NAV_ITEMS = [
{ label: '患者管理', path: '/patients', icon: <PeopleIcon /> },
{ label: '临床试验', path: '/trials', icon: <ScienceIcon /> },
{ label: '诊断管理', path: '/diagnoses', icon: <LocalHospitalIcon /> },
{ label: 'AI 智能匹配', path: '/matching', icon: <PsychologyIcon /> },
{ label: '医生工作站', path: '/workstation', icon: <MonitorHeartIcon /> },
{ label: '患者管理', path: '/patients', icon: <PeopleIcon />, permission: 'menu:patients' },
{ label: '临床试验', path: '/trials', icon: <ScienceIcon />, permission: 'menu:trials' },
{ label: '诊断管理', path: '/diagnoses', icon: <LocalHospitalIcon />, permission: 'menu:diagnoses' },
{ label: 'AI 智能匹配', path: '/matching', icon: <PsychologyIcon />, permission: 'menu:matching' },
{ label: '医生工作站', path: '/workstation', icon: <MonitorHeartIcon />, permission: 'menu:workstation' },
{ label: '系统管理', path: '/system', icon: <SettingsIcon />, permission: 'menu:system' },
]
interface SidebarProps {
......@@ -26,6 +29,10 @@ interface SidebarProps {
export function Sidebar({ drawerWidth, mobileOpen, onClose }: SidebarProps) {
const navigate = useNavigate()
const location = useLocation()
const { hasPermission } = useAuth()
// 根据权限过滤菜单项
const visibleItems = NAV_ITEMS.filter(item => hasPermission(item.permission))
const drawerContent = (
<Box>
......@@ -36,7 +43,7 @@ export function Sidebar({ drawerWidth, mobileOpen, onClose }: SidebarProps) {
</Toolbar>
<Divider />
<List>
{NAV_ITEMS.map(item => (
{visibleItems.map(item => (
<ListItem key={item.path} disablePadding>
<ListItemButton
selected={location.pathname.startsWith(item.path)}
......
frontend/src/components/layout/TopBar.tsx
View file @ 21eca8c8
import { useEffect, useState } from 'react'
import { AppBar, Toolbar, Typography, IconButton, Badge, Box } from '@mui/material'
import {
AppBar, Toolbar, Typography, IconButton, Badge, Box,
Menu, MenuItem, Avatar, Divider, ListItemIcon
} from '@mui/material'
import MenuIcon from '@mui/icons-material/Menu'
import NotificationsIcon from '@mui/icons-material/Notifications'
import AccountCircleIcon from '@mui/icons-material/AccountCircle'
import LogoutIcon from '@mui/icons-material/Logout'
import SettingsIcon from '@mui/icons-material/Settings'
import { useNavigate } from 'react-router-dom'
import { notificationService } from '../../services/notificationService'
import { useAuth } from '../../contexts/AuthContext'
interface TopBarProps {
drawerWidth: number
......@@ -12,7 +19,9 @@ interface TopBarProps {
export function TopBar({ drawerWidth, onMenuClick }: TopBarProps) {
const [unreadCount, setUnreadCount] = useState(0)
const [anchorEl, setAnchorEl] = useState<null | HTMLElement>(null)
const navigate = useNavigate()
const { user, logout } = useAuth()
useEffect(() => {
const fetchCount = () => {
......@@ -25,6 +34,20 @@ export function TopBar({ drawerWidth, onMenuClick }: TopBarProps) {
return () => clearInterval(interval)
}, [])
const handleUserMenuOpen = (event: React.MouseEvent<HTMLElement>) => {
setAnchorEl(event.currentTarget)
}
const handleUserMenuClose = () => {
setAnchorEl(null)
}
const handleLogout = () => {
logout()
navigate('/login')
handleUserMenuClose()
}
return (
<AppBar
position="fixed"
......@@ -42,12 +65,57 @@ export function TopBar({ drawerWidth, onMenuClick }: TopBarProps) {
智能患者招募系统
</Typography>
<Box sx={{ display: 'flex', alignItems: 'center', gap: 1 }}>
<Typography variant="caption" sx={{ opacity: 0.8 }}>医疗蓝 v0.1</Typography>
<IconButton color="inherit" onClick={() => navigate('/workstation')}>
<Badge badgeContent={unreadCount} color="error">
<NotificationsIcon />
</Badge>
</IconButton>
{/* 用户信息 */}
<Box sx={{ display: 'flex', alignItems: 'center', gap: 1, ml: 2 }}>
<Box sx={{ display: { xs: 'none', md: 'block' }, textAlign: 'right' }}>
<Typography variant="body2" fontWeight={600}>
{user?.full_name}
</Typography>
<Typography variant="caption" sx={{ opacity: 0.8 }}>
{user?.department?.name} · {user?.title || '医生'}
</Typography>
</Box>
<IconButton color="inherit" onClick={handleUserMenuOpen}>
<Avatar sx={{ width: 32, height: 32, bgcolor: 'secondary.main' }}>
{user?.full_name?.charAt(0)}
</Avatar>
</IconButton>
</Box>
{/* 用户菜单 */}
<Menu
anchorEl={anchorEl}
open={Boolean(anchorEl)}
onClose={handleUserMenuClose}
transformOrigin={{ horizontal: 'right', vertical: 'top' }}
anchorOrigin={{ horizontal: 'right', vertical: 'bottom' }}
>
<MenuItem disabled>
<ListItemIcon>
<AccountCircleIcon fontSize="small" />
</ListItemIcon>
{user?.username}
</MenuItem>
<Divider />
<MenuItem onClick={() => { navigate('/system'); handleUserMenuClose() }}>
<ListItemIcon>
<SettingsIcon fontSize="small" />
</ListItemIcon>
系统设置
</MenuItem>
<MenuItem onClick={handleLogout}>
<ListItemIcon>
<LogoutIcon fontSize="small" />
</ListItemIcon>
退出登录
</MenuItem>
</Menu>
</Box>
</Toolbar>
</AppBar>
......
frontend/src/components/patients/PatientDataGrid.tsx
View file @ 21eca8c8
......@@ -5,6 +5,7 @@ import EditIcon from '@mui/icons-material/Edit'
import DeleteIcon from '@mui/icons-material/Delete'
import type { PatientResponse, FHIRCondition } from '../../types/fhir'
import { StatusChip } from '../shared/StatusChip'
import { useAuth } from '../../contexts/AuthContext'
const genderMap: Record<string, string> = { male: '', female: '', other: '其他', unknown: '未知' }
......@@ -17,7 +18,11 @@ interface PatientDataGridProps {
}
export function PatientDataGrid({ rows, loading, onRowClick, onEdit, onDelete }: PatientDataGridProps) {
const columns: GridColDef[] = [
const { hasPermission } = useAuth()
const canEdit = hasPermission('btn:patient:edit')
const canDelete = hasPermission('btn:patient:delete')
const baseColumns: GridColDef[] = [
{ field: 'mrn', headerName: '病历号', width: 140 },
{ field: 'display_name', headerName: '患者标识', width: 150 },
{ field: 'age', headerName: '年龄', width: 70, type: 'number' },
......@@ -35,29 +40,36 @@ export function PatientDataGrid({ rows, loading, onRowClick, onEdit, onDelete }:
</Box>
),
},
{
]
const actionsColumn: GridColDef = {
field: 'actions',
headerName: '操作',
width: 100,
sortable: false,
renderCell: (params) => (
<Stack direction="row" spacing={1} sx={{ height: '100%', alignItems: 'center' }}>
{canEdit && (
<IconButton size="small" color="primary" onClick={(e) => {
e.stopPropagation();
onEdit(params.row as PatientResponse);
e.stopPropagation()
onEdit(params.row as PatientResponse)
}}>
<EditIcon fontSize="small" />
</IconButton>
)}
{canDelete && (
<IconButton size="small" color="error" onClick={(e) => {
e.stopPropagation();
onDelete(params.row.id);
e.stopPropagation()
onDelete(params.row.id)
}}>
<DeleteIcon fontSize="small" />
</IconButton>
)}
</Stack>
),
}
]
const columns = (canEdit || canDelete) ? [...baseColumns, actionsColumn] : baseColumns
const gridRows = useMemo(() => rows.map(r => ({ ...r, id: r.id })), [rows])
......
frontend/src/components/system/DepartmentManagement.tsx 0 → 100644
View file @ 21eca8c8
import React, { useEffect, useState } from 'react'
import {
Box,
Button,
Dialog,
DialogTitle,
DialogContent,
DialogActions,
TextField,
FormControlLabel,
Switch,
Alert,
Chip,
} from '@mui/material'
import { DataGrid, GridColDef } from '@mui/x-data-grid'
import AddIcon from '@mui/icons-material/Add'
import EditIcon from '@mui/icons-material/Edit'
import DeleteIcon from '@mui/icons-material/Delete'
import { systemService, Department } from '../../services/systemService'
export const DepartmentManagement: React.FC = () => {
const [departments, setDepartments] = useState<Department[]>([])
const [loading, setLoading] = useState(false)
const [dialogOpen, setDialogOpen] = useState(false)
const [editingDept, setEditingDept] = useState<Department | null>(null)
const [error, setError] = useState('')
const [formData, setFormData] = useState({
name: '',
code: '',
description: '',
is_active: true,
})
useEffect(() => {
loadData()
}, [])
const loadData = async () => {
setLoading(true)
try {
const data = await systemService.getDepartments()
setDepartments(data)
} catch (err: any) {
setError(err.response?.data?.detail || '加载数据失败')
} finally {
setLoading(false)
}
}
const handleAdd = () => {
setEditingDept(null)
setFormData({
name: '',
code: '',
description: '',
is_active: true,
})
setDialogOpen(true)
}
const handleEdit = (dept: Department) => {
setEditingDept(dept)
setFormData({
name: dept.name,
code: dept.code || '',
description: dept.description || '',
is_active: dept.is_active,
})
setDialogOpen(true)
}
const handleSave = async () => {
try {
if (editingDept) {
await systemService.updateDepartment(editingDept.id, formData)
} else {
await systemService.createDepartment(formData)
}
setDialogOpen(false)
loadData()
} catch (err: any) {
setError(err.response?.data?.detail || '保存失败')
}
}
const handleDelete = async (id: string) => {
if (!window.confirm('确定要删除该科室吗?')) return
try {
await systemService.deleteDepartment(id)
loadData()
} catch (err: any) {
setError(err.response?.data?.detail || '删除失败')
}
}
const columns: GridColDef[] = [
{ field: 'name', headerName: '科室名称', width: 200 },
{ field: 'code', headerName: '科室编码', width: 150 },
{ field: 'description', headerName: '描述', width: 300 },
{
field: 'is_active',
headerName: '状态',
width: 100,
renderCell: (params) => (
<Chip
label={params.value ? '启用' : '禁用'}
color={params.value ? 'success' : 'default'}
size="small"
/>
),
},
{
field: 'actions',
headerName: '操作',
width: 200,
renderCell: (params) => (
<Box sx={{ display: 'flex', gap: 1 }}>
<Button
size="small"
startIcon={<EditIcon />}
onClick={() => handleEdit(params.row)}
>
编辑
</Button>
<Button
size="small"
color="error"
startIcon={<DeleteIcon />}
onClick={() => handleDelete(params.row.id)}
>
删除
</Button>
</Box>
),
},
]
return (
<Box>
{error && <Alert severity="error" sx={{ mb: 2 }}>{error}</Alert>}
<Box sx={{ mb: 2 }}>
<Button
variant="contained"
startIcon={<AddIcon />}
onClick={handleAdd}
>
添加科室
</Button>
</Box>
<DataGrid
rows={departments}
columns={columns}
loading={loading}
autoHeight
pageSizeOptions={[10, 25, 50]}
initialState={{
pagination: { paginationModel: { pageSize: 10 } },
}}
/>
{/* 添加/编辑对话框 */}
<Dialog open={dialogOpen} onClose={() => setDialogOpen(false)} maxWidth="sm" fullWidth>
<DialogTitle>{editingDept ? '编辑科室' : '添加科室'}</DialogTitle>
<DialogContent>
<Box sx={{ display: 'flex', flexDirection: 'column', gap: 2, mt: 2 }}>
<TextField
label="科室名称"
value={formData.name}
onChange={(e) => setFormData({ ...formData, name: e.target.value })}
required
/>
<TextField
label="科室编码"
value={formData.code}
onChange={(e) => setFormData({ ...formData, code: e.target.value })}
/>
<TextField
label="描述"
value={formData.description}
onChange={(e) => setFormData({ ...formData, description: e.target.value })}
multiline
rows={3}
/>
<FormControlLabel
control={
<Switch
checked={formData.is_active}
onChange={(e) => setFormData({ ...formData, is_active: e.target.checked })}
/>
}
label="启用科室"
/>
</Box>
</DialogContent>
<DialogActions>
<Button onClick={() => setDialogOpen(false)}>取消</Button>
<Button onClick={handleSave} variant="contained">
保存
</Button>
</DialogActions>
</Dialog>
</Box>
)
}
frontend/src/components/system/PermissionTree.tsx 0 → 100644
View file @ 21eca8c8
import React from 'react'
import {
Box,
Checkbox,
FormControlLabel,
Typography,
Collapse,
IconButton,
} from '@mui/material'
import ExpandMoreIcon from '@mui/icons-material/ExpandMore'
import ChevronRightIcon from '@mui/icons-material/ChevronRight'
import { Permission } from '../../services/systemService'
interface TreeNode {
permission: Permission
children: TreeNode[]
}
interface PermissionTreeProps {
permissions: Permission[]
selectedIds: string[]
onChange: (selectedIds: string[]) => void
}
export const PermissionTree: React.FC<PermissionTreeProps> = ({
permissions,
selectedIds,
onChange,
}) => {
const [expanded, setExpanded] = React.useState<Set<string>>(new Set())
// 构建树形结构
const buildTree = (): TreeNode[] => {
// 菜单权限作为根节点
const menuPermissions = permissions.filter(p => p.type === 'menu' && !p.parent_id)
const buildNode = (perm: Permission): TreeNode => {
// 查找子菜单
const childMenus = permissions.filter(p => p.type === 'menu' && p.parent_id === perm.id)
// 查找按钮权限
const buttons = permissions.filter(p => p.type === 'button' && p.menu_id === perm.code)
const children = [
...childMenus.map(buildNode),
...buttons.map(b => ({ permission: b, children: [] }))
]
return { permission: perm, children }
}
return menuPermissions.map(buildNode)
}
const tree = buildTree()
const handleToggle = (permId: string) => {
const newExpanded = new Set(expanded)
if (newExpanded.has(permId)) {
newExpanded.delete(permId)
} else {
newExpanded.add(permId)
}
setExpanded(newExpanded)
}
const handleCheck = (permId: string, node: TreeNode) => {
const newSelected = new Set(selectedIds)
if (newSelected.has(permId)) {
// 取消选中:移除当前节点及所有子节点
newSelected.delete(permId)
const removeChildren = (n: TreeNode) => {
newSelected.delete(n.permission.id)
n.children.forEach(removeChildren)
}
node.children.forEach(removeChildren)
} else {
// 选中:添加当前节点及所有子节点
newSelected.add(permId)
const addChildren = (n: TreeNode) => {
newSelected.add(n.permission.id)
n.children.forEach(addChildren)
}
node.children.forEach(addChildren)
}
onChange(Array.from(newSelected))
}
const isIndeterminate = (node: TreeNode): boolean => {
if (node.children.length === 0) return false
const childIds = new Set<string>()
const collectIds = (n: TreeNode) => {
childIds.add(n.permission.id)
n.children.forEach(collectIds)
}
node.children.forEach(collectIds)
const selectedChildCount = Array.from(childIds).filter(id => selectedIds.includes(id)).length
return selectedChildCount > 0 && selectedChildCount < childIds.size
}
const renderNode = (node: TreeNode, level: number = 0) => {
const { permission, children } = node
const hasChildren = children.length > 0
const isExpanded = expanded.has(permission.id)
const isChecked = selectedIds.includes(permission.id)
const indeterminate = isIndeterminate(node)
return (
<Box key={permission.id}>
<Box
sx={{
display: 'flex',
alignItems: 'center',
pl: level * 3,
py: 0.5,
'&:hover': { bgcolor: 'action.hover' },
}}
>
{hasChildren ? (
<IconButton
size="small"
onClick={() => handleToggle(permission.id)}
sx={{ mr: 0.5 }}
>
{isExpanded ? <ExpandMoreIcon /> : <ChevronRightIcon />}
</IconButton>
) : (
<Box sx={{ width: 32, mr: 0.5 }} />
)}
<FormControlLabel
control={
<Checkbox
checked={isChecked}
indeterminate={indeterminate}
onChange={() => handleCheck(permission.id, node)}
/>
}
label={
<Box sx={{ display: 'flex', alignItems: 'center', gap: 1 }}>
<Typography variant="body2" fontWeight={permission.type === 'menu' ? 600 : 400}>
{permission.name}
</Typography>
<Typography variant="caption" color="text.secondary">
({permission.code})
</Typography>
</Box>
}
sx={{ flex: 1, m: 0 }}
/>
</Box>
{hasChildren && (
<Collapse in={isExpanded} timeout="auto" unmountOnExit>
<Box>
{children.map(child => renderNode(child, level + 1))}
</Box>
</Collapse>
)}
</Box>
)
}
return (
<Box
sx={{
border: 1,
borderColor: 'divider',
borderRadius: 1,
maxHeight: 400,
overflow: 'auto',
p: 1,
}}
>
{tree.length === 0 ? (
<Typography variant="body2" color="text.secondary" sx={{ p: 2, textAlign: 'center' }}>
暂无权限数据
</Typography>
) : (
tree.map(node => renderNode(node))
)}
</Box>
)
}
frontend/src/components/system/RoleManagement.tsx 0 → 100644
View file @ 21eca8c8
import React, { useEffect, useState } from 'react'
import {
Box,
Button,
Dialog,
DialogTitle,
DialogContent,
DialogActions,
TextField,
FormControlLabel,
Switch,
Alert,
Chip,
Typography,
} from '@mui/material'
import { DataGrid, GridColDef } from '@mui/x-data-grid'
import AddIcon from '@mui/icons-material/Add'
import EditIcon from '@mui/icons-material/Edit'
import DeleteIcon from '@mui/icons-material/Delete'
import { systemService, Role, RoleCreate, Permission } from '../../services/systemService'
import { PermissionTree } from './PermissionTree'
export const RoleManagement: React.FC = () => {
const [roles, setRoles] = useState<Role[]>([])
const [permissions, setPermissions] = useState<Permission[]>([])
const [loading, setLoading] = useState(false)
const [dialogOpen, setDialogOpen] = useState(false)
const [editingRole, setEditingRole] = useState<Role | null>(null)
const [error, setError] = useState('')
const [formData, setFormData] = useState<RoleCreate>({
name: '',
code: '',
description: '',
is_active: true,
permission_ids: [],
})
useEffect(() => {
loadData()
}, [])
const loadData = async () => {
setLoading(true)
try {
const [rolesData, permsData] = await Promise.all([
systemService.getRoles(),
systemService.getPermissions(),
])
setRoles(rolesData)
setPermissions(permsData)
} catch (err: any) {
setError(err.response?.data?.detail || '加载数据失败')
} finally {
setLoading(false)
}
}
const handleAdd = () => {
setEditingRole(null)
setFormData({
name: '',
code: '',
description: '',
is_active: true,
permission_ids: [],
})
setDialogOpen(true)
}
const handleEdit = async (role: Role) => {
try {
const roleWithPerms = await systemService.getRoleWithPermissions(role.id)
setEditingRole(role)
setFormData({
name: role.name,
code: role.code,
description: role.description || '',
is_active: role.is_active,
permission_ids: roleWithPerms.permissions.map((p: Permission) => p.id),
})
setDialogOpen(true)
} catch (err: any) {
setError(err.response?.data?.detail || '加载角色详情失败')
}
}
const handleSave = async () => {
try {
if (editingRole) {
await systemService.updateRole(editingRole.id, formData)
} else {
await systemService.createRole(formData)
}
setDialogOpen(false)
loadData()
} catch (err: any) {
setError(err.response?.data?.detail || '保存失败')
}
}
const handleDelete = async (id: string) => {
if (!window.confirm('确定要删除该角色吗?')) return
try {
await systemService.deleteRole(id)
loadData()
} catch (err: any) {
setError(err.response?.data?.detail || '删除失败')
}
}
const columns: GridColDef[] = [
{ field: 'name', headerName: '角色名称', width: 150 },
{ field: 'code', headerName: '角色编码', width: 150 },
{ field: 'description', headerName: '描述', width: 300 },
{
field: 'is_active',
headerName: '状态',
width: 100,
renderCell: (params) => (
<Chip
label={params.value ? '启用' : '禁用'}
color={params.value ? 'success' : 'default'}
size="small"
/>
),
},
{
field: 'actions',
headerName: '操作',
width: 200,
renderCell: (params) => (
<Box sx={{ display: 'flex', gap: 1 }}>
<Button
size="small"
startIcon={<EditIcon />}
onClick={() => handleEdit(params.row)}
>
编辑
</Button>
<Button
size="small"
color="error"
startIcon={<DeleteIcon />}
onClick={() => handleDelete(params.row.id)}
>
删除
</Button>
</Box>
),
},
]
return (
<Box>
{error && <Alert severity="error" sx={{ mb: 2 }}>{error}</Alert>}
<Box sx={{ mb: 2 }}>
<Button
variant="contained"
startIcon={<AddIcon />}
onClick={handleAdd}
>
添加角色
</Button>
</Box>
<DataGrid
rows={roles}
columns={columns}
loading={loading}
autoHeight
pageSizeOptions={[10, 25, 50]}
initialState={{
pagination: { paginationModel: { pageSize: 10 } },
}}
/>
{/* 添加/编辑对话框 */}
<Dialog open={dialogOpen} onClose={() => setDialogOpen(false)} maxWidth="sm" fullWidth>
<DialogTitle>{editingRole ? '编辑角色' : '添加角色'}</DialogTitle>
<DialogContent>
<Box sx={{ display: 'flex', flexDirection: 'column', gap: 2, mt: 2 }}>
<TextField
label="角色名称"
value={formData.name}
onChange={(e) => setFormData({ ...formData, name: e.target.value })}
required
/>
<TextField
label="角色编码"
value={formData.code}
onChange={(e) => setFormData({ ...formData, code: e.target.value })}
disabled={!!editingRole}
required
/>
<TextField
label="描述"
value={formData.description}
onChange={(e) => setFormData({ ...formData, description: e.target.value })}
multiline
rows={3}
/>
<Box>
<Typography variant="subtitle2" gutterBottom>
权限配置
</Typography>
<PermissionTree
permissions={permissions}
selectedIds={formData.permission_ids || []}
onChange={(ids) => setFormData({ ...formData, permission_ids: ids })}
/>
</Box>
<FormControlLabel
control={
<Switch
checked={formData.is_active}
onChange={(e) => setFormData({ ...formData, is_active: e.target.checked })}
/>
}
label="启用角色"
/>
</Box>
</DialogContent>
<DialogActions>
<Button onClick={() => setDialogOpen(false)}>取消</Button>
<Button onClick={handleSave} variant="contained">
保存
</Button>
</DialogActions>
</Dialog>
</Box>
)
}
frontend/src/components/system/UserManagement.tsx 0 → 100644
View file @ 21eca8c8
import React, { useEffect, useState } from 'react'
import {
Box,
Button,
Dialog,
DialogTitle,
DialogContent,
DialogActions,
TextField,
FormControlLabel,
Switch,
Alert,
Select,
MenuItem,
FormControl,
InputLabel,
Chip,
} from '@mui/material'
import { DataGrid, GridColDef } from '@mui/x-data-grid'
import AddIcon from '@mui/icons-material/Add'
import EditIcon from '@mui/icons-material/Edit'
import DeleteIcon from '@mui/icons-material/Delete'
import LockResetIcon from '@mui/icons-material/LockReset'
import { systemService, User, UserCreate, Department, Role } from '../../services/systemService'
import { PermissionButton } from '../auth/PermissionButton'
export const UserManagement: React.FC = () => {
const [users, setUsers] = useState<User[]>([])
const [departments, setDepartments] = useState<Department[]>([])
const [roles, setRoles] = useState<Role[]>([])
const [loading, setLoading] = useState(false)
const [dialogOpen, setDialogOpen] = useState(false)
const [editingUser, setEditingUser] = useState<User | null>(null)
const [error, setError] = useState('')
const [formData, setFormData] = useState<UserCreate>({
username: '',
password: '',
full_name: '',
email: '',
phone: '',
title: '',
department_id: '',
is_active: true,
role_ids: [],
})
useEffect(() => {
loadData()
}, [])
const loadData = async () => {
setLoading(true)
try {
const [usersData, deptsData, rolesData] = await Promise.all([
systemService.getUsers(),
systemService.getDepartments(),
systemService.getRoles(),
])
setUsers(usersData)
setDepartments(deptsData)
setRoles(rolesData)
} catch (err: any) {
setError(err.response?.data?.detail || '加载数据失败')
} finally {
setLoading(false)
}
}
const handleAdd = () => {
setEditingUser(null)
setFormData({
username: '',
password: '',
full_name: '',
email: '',
phone: '',
title: '',
department_id: '',
is_active: true,
role_ids: [],
})
setDialogOpen(true)
}
const handleEdit = async (user: User) => {
try {
// 获取用户详情(包含角色)
const userDetail = await systemService.getUser(user.id)
setEditingUser(user)
setFormData({
username: user.username,
password: '', // 编辑时不填密码
full_name: user.full_name,
email: user.email || '',
phone: user.phone || '',
title: user.title || '',
department_id: user.department_id || '',
is_active: user.is_active,
role_ids: userDetail.roles?.map((r: any) => r.id) || [],
})
setDialogOpen(true)
} catch (err: any) {
setError(err.response?.data?.detail || '加载用户详情失败')
}
}
const handleSave = async () => {
try {
if (editingUser) {
const updateData = { ...formData }
delete (updateData as any).password // 编辑时不更新密码
delete (updateData as any).username
await systemService.updateUser(editingUser.id, updateData)
} else {
await systemService.createUser(formData)
}
setDialogOpen(false)
loadData()
} catch (err: any) {
setError(err.response?.data?.detail || '保存失败')
}
}
const handleDelete = async (id: string) => {
if (!window.confirm('确定要删除该用户吗?')) return
try {
await systemService.deleteUser(id)
loadData()
} catch (err: any) {
setError(err.response?.data?.detail || '删除失败')
}
}
const columns: GridColDef[] = [
{ field: 'username', headerName: '用户名', width: 120 },
{ field: 'full_name', headerName: '姓名', width: 120 },
{ field: 'email', headerName: '邮箱', width: 180 },
{ field: 'phone', headerName: '电话', width: 130 },
{ field: 'title', headerName: '职称', width: 120 },
{
field: 'is_active',
headerName: '状态',
width: 100,
renderCell: (params) => (
<Chip
label={params.value ? '启用' : '禁用'}
color={params.value ? 'success' : 'default'}
size="small"
/>
),
},
{
field: 'actions',
headerName: '操作',
width: 200,
renderCell: (params) => (
<Box sx={{ display: 'flex', gap: 1 }}>
<PermissionButton
permissionCode="btn:user:edit"
size="small"
startIcon={<EditIcon />}
onClick={() => handleEdit(params.row)}
>
编辑
</PermissionButton>
<PermissionButton
permissionCode="btn:user:delete"
size="small"
color="error"
startIcon={<DeleteIcon />}
onClick={() => handleDelete(params.row.id)}
>
删除
</PermissionButton>
</Box>
),
},
]
return (
<Box>
{error && <Alert severity="error" sx={{ mb: 2 }}>{error}</Alert>}
<Box sx={{ mb: 2 }}>
<PermissionButton
permissionCode="btn:user:add"
variant="contained"
startIcon={<AddIcon />}
onClick={handleAdd}
>
添加用户
</PermissionButton>
</Box>
<DataGrid
rows={users}
columns={columns}
loading={loading}
autoHeight
pageSizeOptions={[10, 25, 50]}
initialState={{
pagination: { paginationModel: { pageSize: 10 } },
}}
/>
{/* 添加/编辑对话框 */}
<Dialog open={dialogOpen} onClose={() => setDialogOpen(false)} maxWidth="sm" fullWidth>
<DialogTitle>{editingUser ? '编辑用户' : '添加用户'}</DialogTitle>
<DialogContent>
<Box sx={{ display: 'flex', flexDirection: 'column', gap: 2, mt: 2 }}>
<TextField
label="用户名"
value={formData.username}
onChange={(e) => setFormData({ ...formData, username: e.target.value })}
disabled={!!editingUser}
required
/>
{!editingUser && (
<TextField
label="密码"
type="password"
value={formData.password}
onChange={(e) => setFormData({ ...formData, password: e.target.value })}
required
/>
)}
<TextField
label="姓名"
value={formData.full_name}
onChange={(e) => setFormData({ ...formData, full_name: e.target.value })}
required
/>
<TextField
label="邮箱"
type="email"
value={formData.email}
onChange={(e) => setFormData({ ...formData, email: e.target.value })}
/>
<TextField
label="电话"
value={formData.phone}
onChange={(e) => setFormData({ ...formData, phone: e.target.value })}
/>
<TextField
label="职称"
value={formData.title}
onChange={(e) => setFormData({ ...formData, title: e.target.value })}
/>
<FormControl>
<InputLabel>科室</InputLabel>
<Select
value={formData.department_id}
onChange={(e) => setFormData({ ...formData, department_id: e.target.value })}
>
{departments.map((dept) => (
<MenuItem key={dept.id} value={dept.id}>
{dept.name}
</MenuItem>
))}
</Select>
</FormControl>
<FormControl>
<InputLabel>角色</InputLabel>
<Select
multiple
value={formData.role_ids || []}
onChange={(e) => setFormData({ ...formData, role_ids: e.target.value as string[] })}
renderValue={(selected) => (
<Box sx={{ display: 'flex', flexWrap: 'wrap', gap: 0.5 }}>
{selected.map((value) => {
const role = roles.find(r => r.id === value)
return <Chip key={value} label={role?.name} size="small" />
})}
</Box>
)}
>
{roles.map((role) => (
<MenuItem key={role.id} value={role.id}>
{role.name}
</MenuItem>
))}
</Select>
</FormControl>
<FormControlLabel
control={
<Switch
checked={formData.is_active}
onChange={(e) => setFormData({ ...formData, is_active: e.target.checked })}
/>
}
label="启用账号"
/>
</Box>
</DialogContent>
<DialogActions>
<Button onClick={() => setDialogOpen(false)}>取消</Button>
<Button onClick={handleSave} variant="contained">
保存
</Button>
</DialogActions>
</Dialog>
</Box>
)
}
frontend/src/components/trials/TrialDataGrid.tsx
View file @ 21eca8c8
......@@ -4,6 +4,7 @@ import EditIcon from '@mui/icons-material/Edit'
import DeleteIcon from '@mui/icons-material/Delete'
import type { TrialResponse } from '../../types/trial'
import { StatusChip } from '../shared/StatusChip'
import { useAuth } from '../../contexts/AuthContext'
const phaseColor: Record<string, 'default' | 'primary' | 'secondary' | 'warning'> = {
I: 'default', II: 'primary', III: 'secondary', IV: 'warning',
......@@ -18,7 +19,11 @@ interface TrialDataGridProps {
}
export function TrialDataGrid({ rows, loading, onRowClick, onEdit, onDelete }: TrialDataGridProps) {
const columns: GridColDef[] = [
const { hasPermission } = useAuth()
const canEdit = hasPermission('btn:trial:edit')
const canDelete = hasPermission('btn:trial:delete')
const baseColumns: GridColDef[] = [
{ field: 'nct_number', headerName: 'NCT编号', width: 130 },
{ field: 'title', headerName: '试验名称', flex: 1, minWidth: 200 },
{ field: 'sponsor', headerName: '申办方', width: 140 },
......@@ -34,29 +39,36 @@ export function TrialDataGrid({ rows, loading, onRowClick, onEdit, onDelete }: T
field: 'criteria', headerName: '标准数', width: 90, type: 'number',
valueGetter: (v: unknown[]) => v?.length ?? 0,
},
{
]
const actionsColumn: GridColDef = {
field: 'actions',
headerName: '操作',
width: 100,
sortable: false,
renderCell: (params) => (
<Stack direction="row" spacing={1} sx={{ height: '100%', alignItems: 'center' }}>
{canEdit && (
<IconButton size="small" color="primary" onClick={(e) => {
e.stopPropagation();
onEdit(params.row as TrialResponse);
e.stopPropagation()
onEdit(params.row as TrialResponse)
}}>
<EditIcon fontSize="small" />
</IconButton>
)}
{canDelete && (
<IconButton size="small" color="error" onClick={(e) => {
e.stopPropagation();
onDelete(params.row.id);
e.stopPropagation()
onDelete(params.row.id)
}}>
<DeleteIcon fontSize="small" />
</IconButton>
)}
</Stack>
),
}
]
const columns = (canEdit || canDelete) ? [...baseColumns, actionsColumn] : baseColumns
return (
<DataGrid
......
frontend/src/contexts/AuthContext.tsx 0 → 100644
View file @ 21eca8c8
import React, { createContext, useContext, useState, useEffect } from 'react'
import { authService, UserInfo, LoginRequest } from '../services/authService'
interface AuthContextType {
user: UserInfo | null
isAuthenticated: boolean
isLoading: boolean
login: (credentials: LoginRequest) => Promise<void>
logout: () => void
hasPermission: (permissionCode: string) => boolean
hasRole: (roleCode: string) => boolean
}
const AuthContext = createContext<AuthContextType | undefined>(undefined)
export const AuthProvider: React.FC<{ children: React.ReactNode }> = ({ children }) => {
const [user, setUser] = useState<UserInfo | null>(null)
const [isLoading, setIsLoading] = useState(true)
// 初始化时从 localStorage 加载用户信息
useEffect(() => {
const currentUser = authService.getCurrentUser()
setUser(currentUser)
setIsLoading(false)
}, [])
const login = async (credentials: LoginRequest) => {
const response = await authService.login(credentials)
setUser(response.user)
}
const logout = () => {
authService.logout()
setUser(null)
}
const hasPermission = (permissionCode: string): boolean => {
if (!user) return false
if (user.is_superuser) return true
return user.permissions.some(p => p.code === permissionCode)
}
const hasRole = (roleCode: string): boolean => {
if (!user) return false
return user.roles.some(r => r.code === roleCode)
}
return (
<AuthContext.Provider
value={{
user,
isAuthenticated: !!user,
isLoading,
login,
logout,
hasPermission,
hasRole,
}}
>
{children}
</AuthContext.Provider>
)
}
export const useAuth = () => {
const context = useContext(AuthContext)
if (!context) {
throw new Error('useAuth 必须在 AuthProvider 内部使用')
}
return context
}
frontend/src/pages/DiagnosesPage.tsx
View file @ 21eca8c8
import { useState, useEffect } from 'react'
import {
Box, Typography, Button, Card, CardContent, Stack, TextField,
IconButton, Dialog, DialogTitle, DialogContent, DialogActions
Box, Typography, Card, CardContent, Stack, TextField,
IconButton, Dialog, DialogTitle, DialogContent, DialogActions, Button
} from '@mui/material'
import AddIcon from '@mui/icons-material/Add'
import EditIcon from '@mui/icons-material/Edit'
import DeleteIcon from '@mui/icons-material/Delete'
import { DataGrid, GridColDef } from '@mui/x-data-grid'
import { diagnosisService, Diagnosis } from '../services/diagnosisService'
import { useAuth } from '../contexts/AuthContext'
import { PermissionButton } from '../components/auth/PermissionButton'
export function DiagnosesPage() {
const { hasPermission } = useAuth()
const canAdd = hasPermission('btn:diagnosis:add')
const canEdit = hasPermission('btn:diagnosis:edit')
const canDelete = hasPermission('btn:diagnosis:delete')
const [items, setItems] = useState<Diagnosis[]>([])
const [loading, setLoading] = useState(true)
const [open, setOpen] = useState(false)
......@@ -59,19 +66,23 @@ export function DiagnosesPage() {
const columns: GridColDef[] = [
{ field: 'description', headerName: '诊断描述', flex: 1 },
{ field: 'icd10_code', headerName: 'ICD-10 编码', width: 200 },
{
...(canEdit || canDelete ? [{
field: 'actions', headerName: '操作', width: 120, sortable: false,
renderCell: (params) => (
renderCell: (params: any) => (
<Stack direction="row" spacing={1}>
{canEdit && (
<IconButton size="small" color="primary" onClick={() => handleOpen(params.row as Diagnosis)}>
<EditIcon fontSize="small" />
</IconButton>
)}
{canDelete && (
<IconButton size="small" color="error" onClick={() => handleDelete(params.row.id)}>
<DeleteIcon fontSize="small" />
</IconButton>
)}
</Stack>
)
}
}] : []),
]
return (
......@@ -81,9 +92,15 @@ export function DiagnosesPage() {
<Typography variant="h5">诊断管理</Typography>
<Typography variant="subtitle2">维护系统标准诊断库 (ICD-10)</Typography>
</Box>
<Button variant="contained" startIcon={<AddIcon />} onClick={() => handleOpen()}>
<PermissionButton
permissionCode="btn:diagnosis:add"
variant="contained"
startIcon={<AddIcon />}
onClick={() => handleOpen()}
showTooltip={false}
>
新增标准诊断
</Button>
</PermissionButton>
</Stack>
<Card>
......
frontend/src/pages/LoginPage.tsx 0 → 100644
View file @ 21eca8c8
import React, { useState } from 'react'
import { useNavigate } from 'react-router-dom'
import {
Box,
Card,
CardContent,
TextField,
Button,
Typography,
Alert,
CircularProgress,
InputAdornment,
IconButton,
} from '@mui/material'
import { Visibility, VisibilityOff, LocalHospital } from '@mui/icons-material'
import { useAuth } from '../contexts/AuthContext'
export const LoginPage: React.FC = () => {
const navigate = useNavigate()
const { login } = useAuth()
const [username, setUsername] = useState('')
const [password, setPassword] = useState('')
const [showPassword, setShowPassword] = useState(false)
const [loading, setLoading] = useState(false)
const [error, setError] = useState('')
const handleSubmit = async (e: React.FormEvent) => {
e.preventDefault()
setError('')
if (!username || !password) {
setError('请输入用户名和密码')
return
}
setLoading(true)
try {
await login({ username, password })
navigate('/patients')
} catch (err: any) {
setError(err.response?.data?.detail || '登录失败,请检查用户名和密码')
} finally {
setLoading(false)
}
}
return (
<Box
sx={{
minHeight: '100vh',
display: 'flex',
alignItems: 'center',
justifyContent: 'center',
background: 'linear-gradient(135deg, #1976d2 0%, #2196f3 100%)',
padding: 2,
}}
>
<Card
sx={{
maxWidth: 450,
width: '100%',
boxShadow: '0 8px 32px rgba(0,0,0,0.1)',
}}
>
<CardContent sx={{ p: 4 }}>
{/* 标题区域 */}
<Box sx={{ textAlign: 'center', mb: 4 }}>
<LocalHospital
sx={{
fontSize: 60,
color: 'primary.main',
mb: 2,
}}
/>
<Typography variant="h4" fontWeight="bold" color="primary.main" gutterBottom>
智能患者招募系统
</Typography>
<Typography variant="body2" color="text.secondary">
Smart Recruitment System
</Typography>
</Box>
{/* 错误提示 */}
{error && (
<Alert severity="error" sx={{ mb: 3 }}>
{error}
</Alert>
)}
{/* 登录表单 */}
<form onSubmit={handleSubmit}>
<TextField
fullWidth
label="用户名"
variant="outlined"
value={username}
onChange={(e) => setUsername(e.target.value)}
disabled={loading}
autoComplete="username"
sx={{ mb: 2 }}
/>
<TextField
fullWidth
label="密码"
type={showPassword ? 'text' : 'password'}
variant="outlined"
value={password}
onChange={(e) => setPassword(e.target.value)}
disabled={loading}
autoComplete="current-password"
InputProps={{
endAdornment: (
<InputAdornment position="end">
<IconButton
onClick={() => setShowPassword(!showPassword)}
edge="end"
>
{showPassword ? <VisibilityOff /> : <Visibility />}
</IconButton>
</InputAdornment>
),
}}
sx={{ mb: 3 }}
/>
<Button
fullWidth
type="submit"
variant="contained"
size="large"
disabled={loading}
sx={{
py: 1.5,
fontSize: '1rem',
fontWeight: 'bold',
}}
>
{loading ? (
<>
<CircularProgress size={20} sx={{ mr: 1 }} color="inherit" />
登录中...
</>
) : (
'登录'
)}
</Button>
</form>
{/* 底部提示 */}
<Box sx={{ mt: 3, textAlign: 'center' }}>
<Typography variant="caption" color="text.secondary">
默认账号: admin / admin123
</Typography>
</Box>
</CardContent>
</Card>
</Box>
)
}
frontend/src/pages/MatchingPage.tsx
View file @ 21eca8c8
import { useState, useEffect } from 'react'
import {
Box, Typography, Card, CardContent, CardHeader, Grid,
FormControl, InputLabel, Select, MenuItem, Button, Stack,
FormControl, InputLabel, Select, MenuItem, Stack,
Tabs, Tab, Alert, Divider,
} from '@mui/material'
import { PermissionButton } from '../components/auth/PermissionButton'
import PsychologyIcon from '@mui/icons-material/Psychology'
import { MatchingStepper } from '../components/matching/MatchingStepper'
import { MatchingResultCard } from '../components/matching/MatchingResultCard'
......@@ -110,14 +111,16 @@ export function MatchingPage() {
</FormControl>
</Grid>
<Grid item xs={12} sm={3}>
<Button
<PermissionButton
permissionCode="btn:matching:execute"
fullWidth variant="contained" size="medium"
startIcon={<PsychologyIcon />}
onClick={handleRun}
disabled={!selectedPatient || !selectedTrial || running}
showTooltip={false}
>
{running ? 'AI 分析中...' : '开始匹配'}
</Button>
</PermissionButton>
</Grid>
</Grid>
{error && <Alert severity="error" sx={{ mt: 2 }}>{error}</Alert>}
......
frontend/src/pages/PatientsPage.tsx
View file @ 21eca8c8
import { useState, useEffect } from 'react'
import { Box, Typography, Button, Card, CardContent, Stack, TextField, InputAdornment } from '@mui/material'
import { Box, Typography, Card, CardContent, Stack, TextField, InputAdornment } from '@mui/material'
import AddIcon from '@mui/icons-material/Add'
import SearchIcon from '@mui/icons-material/Search'
import { PermissionButton } from '../components/auth/PermissionButton'
import { PatientDataGrid } from '../components/patients/PatientDataGrid'
import { PatientDetailDrawer } from '../components/patients/PatientDetailDrawer'
import { AddPatientDialog } from '../components/patients/AddPatientDialog'
......@@ -80,9 +81,15 @@ export function PatientsPage() {
<Typography variant="h5">患者管理</Typography>
<Typography variant="subtitle2">{patients.length} 名患者</Typography>
</Box>
<Button variant="contained" startIcon={<AddIcon />} onClick={handleAddNew}>
<PermissionButton
permissionCode="btn:patient:add"
variant="contained"
startIcon={<AddIcon />}
onClick={handleAddNew}
showTooltip={false}
>
新增患者登记
</Button>
</PermissionButton>
</Stack>
<Card>
......
frontend/src/pages/SystemPage.tsx 0 → 100644
View file @ 21eca8c8
import React, { useState } from 'react'
import {
Box,
Paper,
Tabs,
Tab,
Typography,
} from '@mui/material'
import { UserManagement } from '../components/system/UserManagement'
import { RoleManagement } from '../components/system/RoleManagement'
import { DepartmentManagement } from '../components/system/DepartmentManagement'
interface TabPanelProps {
children?: React.ReactNode
index: number
value: number
}
function TabPanel(props: TabPanelProps) {
const { children, value, index, ...other } = props
return (
<div
role="tabpanel"
hidden={value !== index}
id={`system-tabpanel-${index}`}
aria-labelledby={`system-tab-${index}`}
{...other}
>
{value === index && <Box sx={{ p: 3 }}>{children}</Box>}
</div>
)
}
export const SystemPage: React.FC = () => {
const [tabValue, setTabValue] = useState(0)
const handleTabChange = (event: React.SyntheticEvent, newValue: number) => {
setTabValue(newValue)
}
return (
<Box sx={{ p: 3 }}>
<Typography variant="h4" fontWeight="bold" color="primary.main" gutterBottom>
系统管理
</Typography>
<Paper sx={{ mt: 3 }}>
<Tabs
value={tabValue}
onChange={handleTabChange}
sx={{
borderBottom: 1,
borderColor: 'divider',
'& .MuiTab-root': { fontWeight: 600 },
}}
>
<Tab label="用户管理" />
<Tab label="角色管理" />
<Tab label="科室管理" />
</Tabs>
<TabPanel value={tabValue} index={0}>
<UserManagement />
</TabPanel>
<TabPanel value={tabValue} index={1}>
<RoleManagement />
</TabPanel>
<TabPanel value={tabValue} index={2}>
<DepartmentManagement />
</TabPanel>
</Paper>
</Box>
)
}
frontend/src/pages/TrialsPage.tsx
View file @ 21eca8c8
import { useState, useEffect } from 'react'
import {
Box, Typography, Button, Card, CardContent, CardHeader,
Box, Typography, Card, CardContent, CardHeader,
Stack, Chip, Collapse, IconButton, Divider, TextField, InputAdornment,
} from '@mui/material'
import { PermissionButton } from '../components/auth/PermissionButton'
import AddIcon from '@mui/icons-material/Add'
import SearchIcon from '@mui/icons-material/Search'
import ExpandMoreIcon from '@mui/icons-material/ExpandMore'
......@@ -96,9 +97,15 @@ export function TrialsPage() {
<Typography variant="h5">临床试验管理</Typography>
<Typography variant="subtitle2">{trials.length} 个试验项目</Typography>
</Box>
<Button variant="contained" startIcon={<AddIcon />} onClick={handleAddNew}>
<PermissionButton
permissionCode="btn:trial:add"
variant="contained"
startIcon={<AddIcon />}
onClick={handleAddNew}
showTooltip={false}
>
发布新试验项目
</Button>
</PermissionButton>
</Stack>
<Card sx={{ mb: 2 }}>
......
frontend/src/services/api.ts
View file @ 21eca8c8
......@@ -5,4 +5,32 @@ const api = axios.create({
headers: { 'Content-Type': 'application/json' },
})
// 请求拦截器:自动添加 token
api.interceptors.request.use(
(config) => {
const token = localStorage.getItem('access_token')
if (token) {
config.headers.Authorization = `Bearer ${token}`
}
return config
},
(error) => {
return Promise.reject(error)
}
)
// 响应拦截器:处理 401 错误
api.interceptors.response.use(
(response) => response,
(error) => {
if (error.response?.status === 401) {
// 清除 token 并跳转到登录页
localStorage.removeItem('access_token')
localStorage.removeItem('user_info')
window.location.href = '/login'
}
return Promise.reject(error)
}
)
export default api
frontend/src/services/authService.ts 0 → 100644
View file @ 21eca8c8
import api from './api'
export interface LoginRequest {
username: string
password: string
}
export interface PermissionInfo {
id: string
code: string
name: string
type: string
path?: string
icon?: string
parent_id?: string
menu_id?: string
}
export interface RoleInfo {
id: string
name: string
code: string
description?: string
}
export interface DepartmentInfo {
id: string
name: string
code?: string
}
export interface UserInfo {
id: string
username: string
full_name: string
email?: string
phone?: string
title?: string
is_active: boolean
is_superuser: boolean
department?: DepartmentInfo
roles: RoleInfo[]
permissions: PermissionInfo[]
last_login?: string
created_at: string
}
export interface LoginResponse {
access_token: string
token_type: string
user: UserInfo
}
class AuthService {
/**
* 登录
*/
async login(credentials: LoginRequest): Promise<LoginResponse> {
const response = await api.post<LoginResponse>('/auth/login', credentials)
const { access_token, user } = response.data
// 保存 token 和用户信息到 localStorage
localStorage.setItem('access_token', access_token)
localStorage.setItem('user_info', JSON.stringify(user))
return response.data
}
/**
* 登出
*/
logout() {
localStorage.removeItem('access_token')
localStorage.removeItem('user_info')
}
/**
* 获取当前用户信息
*/
getCurrentUser(): UserInfo | null {
const userStr = localStorage.getItem('user_info')
if (!userStr) return null
try {
return JSON.parse(userStr)
} catch {
return null
}
}
/**
* 检查是否已登录
*/
isAuthenticated(): boolean {
return !!localStorage.getItem('access_token')
}
/**
* 检查用户是否拥有某个权限
*/
hasPermission(permissionCode: string): boolean {
const user = this.getCurrentUser()
if (!user) return false
// 超级管理员拥有所有权限
if (user.is_superuser) return true
// 检查权限列表
return user.permissions.some(p => p.code === permissionCode)
}
/**
* 检查用户是否拥有某个角色
*/
hasRole(roleCode: string): boolean {
const user = this.getCurrentUser()
if (!user) return false
return user.roles.some(r => r.code === roleCode)
}
/**
* 获取用户的菜单权限
*/
getMenuPermissions(): PermissionInfo[] {
const user = this.getCurrentUser()
if (!user) return []
return user.permissions.filter(p => p.type === 'menu')
}
}
export const authService = new AuthService()
frontend/src/services/systemService.ts 0 → 100644
View file @ 21eca8c8
import api from './api'
// 用户管理
export interface User {
id: string
username: string
full_name: string
email?: string
phone?: string
title?: string
department_id?: string
is_active: boolean
is_superuser: boolean
created_at: string
updated_at: string
}
export interface UserCreate {
username: string
password: string
full_name: string
email?: string
phone?: string
title?: string
department_id?: string
is_active?: boolean
role_ids?: string[]
}
// 角色管理
export interface Role {
id: string
name: string
code: string
description?: string
is_active: boolean
created_at: string
updated_at: string
}
export interface RoleCreate {
name: string
code: string
description?: string
is_active?: boolean
permission_ids?: string[]
}
// 权限管理
export interface Permission {
id: string
name: string
code: string
type: 'menu' | 'button'
path?: string
icon?: string
parent_id?: string
menu_id?: string
sort_order: string
description?: string
is_active: boolean
created_at: string
updated_at: string
}
// 科室管理
export interface Department {
id: string
name: string
code?: string
description?: string
is_active: boolean
created_at: string
updated_at: string
}
class SystemService {
// 用户管理
async getUsers() {
const response = await api.get<User[]>('/users')
return response.data
}
async getUser(id: string) {
const response = await api.get(`/users/${id}`)
return response.data
}
async createUser(data: UserCreate) {
const response = await api.post<User>('/users', data)
return response.data
}
async updateUser(id: string, data: Partial<UserCreate>) {
const response = await api.put<User>(`/users/${id}`, data)
return response.data
}
async deleteUser(id: string) {
await api.delete(`/users/${id}`)
}
async resetPassword(id: string, newPassword: string) {
await api.post(`/users/${id}/reset-password`, { new_password: newPassword })
}
// 角色管理
async getRoles() {
const response = await api.get<Role[]>('/roles')
return response.data
}
async createRole(data: RoleCreate) {
const response = await api.post<Role>('/roles', data)
return response.data
}
async updateRole(id: string, data: Partial<RoleCreate>) {
const response = await api.put<Role>(`/roles/${id}`, data)
return response.data
}
async deleteRole(id: string) {
await api.delete(`/roles/${id}`)
}
async getRoleWithPermissions(id: string) {
const response = await api.get(`/roles/${id}`)
return response.data
}
// 权限管理
async getPermissions() {
const response = await api.get<Permission[]>('/permissions')
return response.data
}
async createPermission(data: Partial<Permission>) {
const response = await api.post<Permission>('/permissions', data)
return response.data
}
async updatePermission(id: string, data: Partial<Permission>) {
const response = await api.put<Permission>(`/permissions/${id}`, data)
return response.data
}
async deletePermission(id: string) {
await api.delete(`/permissions/${id}`)
}
// 科室管理
async getDepartments() {
const response = await api.get<Department[]>('/departments')
return response.data
}
async createDepartment(data: Partial<Department>) {
const response = await api.post<Department>('/departments', data)
return response.data
}
async updateDepartment(id: string, data: Partial<Department>) {
const response = await api.put<Department>(`/departments/${id}`, data)
return response.data
}
async deleteDepartment(id: string) {
await api.delete(`/departments/${id}`)
}
}
export const systemService = new SystemService()
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment