feat: implement CLI of role-based access control system (#10650)

### What problem does this PR solve? - Add comprehensive RBAC support with role and permission management - Implement CREATE/ALTER/DROP ROLE commands for role lifecycle management - Add GRANT/REVOKE commands for fine-grained permission control - Support user role assignment via ALTER USER SET ROLE command - Add SHOW ROLE and SHOW USER PERMISSION for permission inspection - Implement corresponding RESTful API endpoints for role management - Integrate role commands into existing command execution framework ### Type of change - [x] New Feature (non-breaking change which adds functionality) --------- Signed-off-by: Jin Hai <haijin.chn@gmail.com>
2025-12-08 20:42:30 +08:00 · 2025-10-18 17:53:34 +08:00
parent c9b18cbe18
commit cf09c2260a
4 changed files with 507 additions and 46 deletions
--- a/admin/server/auth.py
+++ b/admin/server/auth.py
@ -38,8 +38,8 @@ from api.utils.api_utils import (
    construct_response,
 )

-def setup_auth(login_manager):

+def setup_auth(login_manager):
    @login_manager.request_loader
    def load_user(web_request):
        jwt = Serializer(secret_key=settings.SECRET_KEY)
@ -172,11 +172,18 @@ def login_verify(f):

        username = auth.parameters['username']
        password = auth.parameters['password']
-        if check_admin(username, password) is False:
+        try:
+            if check_admin(username, password) is False:
+                return jsonify({
+                    "code": 500,
+                    "message": "Access denied",
+                    "data": None
+                }), 200
+        except Exception as e:
+            error_msg = str(e)
            return jsonify({
-                "code": 403,
-                "message": "Access denied",
-                "data": None
+                "code": 500,
+                "message": error_msg
            }), 200

        return f(*args, **kwargs)