fastapi-practices · wu-clan · Mar 8, 2026 · Mar 8, 2026 · Mar 8, 2026 · Mar 8, 2026
diff --git a/backend/app/admin/crud/crud_role.py b/backend/app/admin/crud/crud_role.py
@@ -14,8 +14,19 @@
     UpdateRoleParam,
     UpdateRoleScopeParam,
 )
+from backend.core.conf import settings
 from backend.utils.serializers import select_join_serialize
 
+if settings.TENANT_ENABLED:
+    try:
+        from backend.plugin.tenant.utils import get_tenant_dict as inject_tenant_dict
+    except ImportError:
+        raise ImportError('租户插件方法导入失败，请联系系统管理员')
+else:
+
+    def inject_tenant_dict(obj: dict[str, Any]) -> dict[str, Any]:
+        return obj
+
 
 class CRUDRole(CRUDPlus[Role]):
     """角色数据库操作类"""
@@ -136,9 +147,11 @@ async def update_menus(db: AsyncSession, role_id: int, menu_ids: UpdateRoleMenuP
         await db.execute(role_menu_stmt)
 
         if menu_ids.menus:
-            role_menu_data = [
-                CreateRoleMenuParam(role_id=role_id, menu_id=menu_id).model_dump() for menu_id in menu_ids.menus
-            ]
+            role_menu_data = []
+            for menu_id in menu_ids.menus:
+                menu_dict = CreateRoleMenuParam(role_id=role_id, menu_id=menu_id).model_dump()
+                role_menu_data.append(inject_tenant_dict(menu_dict))
+
             role_menu_stmt = insert(role_menu)
             await db.execute(role_menu_stmt, role_menu_data)
 
@@ -158,10 +171,11 @@ async def update_scopes(db: AsyncSession, role_id: int, scope_ids: UpdateRoleSco
         await db.execute(role_scope_stmt)
 
         if scope_ids.scopes:
-            role_scope_data = [
-                CreateRoleScopeParam(role_id=role_id, data_scope_id=scope_id).model_dump()
-                for scope_id in scope_ids.scopes
-            ]
+            role_scope_data = []
+            for scope_id in scope_ids.scopes:
+                scope_dict = CreateRoleScopeParam(role_id=role_id, data_scope_id=scope_id).model_dump()
+                role_scope_data.append(inject_tenant_dict(scope_dict))
+
             role_scope_stmt = insert(role_data_scope)
             await db.execute(role_scope_stmt, role_scope_data)
 

diff --git a/backend/app/admin/crud/crud_user.py b/backend/app/admin/crud/crud_user.py
@@ -27,10 +27,21 @@
 from backend.app.admin.utils.password_security import get_hash_password
 from backend.common.enums import StatusType
 from backend.common.exception import errors
+from backend.core.conf import settings
 from backend.plugin.core import check_plugin_installed
 from backend.utils.serializers import select_join_serialize
 from backend.utils.timezone import timezone
 
+if settings.TENANT_ENABLED:
+    try:
+        from backend.plugin.tenant.utils import get_tenant_dict as inject_tenant_dict
+    except ImportError:
+        raise ImportError('租户插件方法导入失败，请联系系统管理员')
+else:
+
+    def inject_tenant_dict(obj: dict[str, Any]) -> dict[str, Any]:
+        return obj
+
 
 class CRUDUser(CRUDPlus[User]):
     """用户数据库操作类"""
@@ -120,6 +131,8 @@ async def add(self, db: AsyncSession, obj: AddUserParam) -> None:
 
         dict_obj = obj.model_dump(exclude={'roles'})
         dict_obj.update({'salt': salt})
+        dict_obj = inject_tenant_dict(dict_obj)
+
         new_user = self.model(**dict_obj)
         db.add(new_user)
         await db.flush()
@@ -129,7 +142,11 @@ async def add(self, db: AsyncSession, obj: AddUserParam) -> None:
             result = await db.execute(role_stmt)
             roles = result.scalars().all()
 
-            user_role_data = [AddUserRoleParam(user_id=new_user.id, role_id=role.id).model_dump() for role in roles]
+            user_role_data = []
+            for role in roles:
+                role_dict = AddUserRoleParam(user_id=new_user.id, role_id=role.id).model_dump()
+                user_role_data.append(inject_tenant_dict(role_dict))
+
             user_role_stmt = insert(user_role)
             await db.execute(user_role_stmt, user_role_data)
 
@@ -143,6 +160,8 @@ async def add_by_oauth2(self, db: AsyncSession, obj: AddOAuth2UserParam) -> None
         """
         dict_obj = obj.model_dump()
         dict_obj.update({'is_staff': True, 'salt': None})
+        dict_obj = inject_tenant_dict(dict_obj)
+
         new_user = self.model(**dict_obj)
         db.add(new_user)
         await db.flush()
@@ -153,7 +172,8 @@ async def add_by_oauth2(self, db: AsyncSession, obj: AddOAuth2UserParam) -> None
         if role is None:
             raise errors.NotFoundError(msg='未找到可用角色，请联系系统管理员')
 
-        user_role_stmt = insert(user_role).values(AddUserRoleParam(user_id=new_user.id, role_id=role.id).model_dump())
+        user_role_data = inject_tenant_dict(AddUserRoleParam(user_id=new_user.id, role_id=role.id).model_dump())
+        user_role_stmt = insert(user_role).values(user_role_data)
         await db.execute(user_role_stmt)
 
     async def update(self, db: AsyncSession, user_id: int, obj: UpdateUserParam) -> int:
@@ -178,7 +198,11 @@ async def update(self, db: AsyncSession, user_id: int, obj: UpdateUserParam) ->
             result = await db.execute(role_stmt)
             roles = result.scalars().all()
 
-            user_role_data = [AddUserRoleParam(user_id=user_id, role_id=role.id).model_dump() for role in roles]
+            user_role_data = []
+            for role in roles:
+                role_dict = AddUserRoleParam(user_id=user_id, role_id=role.id).model_dump()
+                user_role_data.append(inject_tenant_dict(role_dict))
+
             user_role_stmt = insert(user_role)
             await db.execute(user_role_stmt, user_role_data)
 

diff --git a/backend/app/admin/model/dept.py b/backend/app/admin/model/dept.py
@@ -2,10 +2,10 @@
 
 from sqlalchemy.orm import Mapped, mapped_column
 
-from backend.common.model import Base, id_key
+from backend.common.model import Base, TenantMixin, id_key
 
 
-class Dept(Base):
+class Dept(Base, TenantMixin):
     """部门表"""
 
     __tablename__ = 'sys_dept'

diff --git a/backend/app/admin/model/login_log.py b/backend/app/admin/model/login_log.py
@@ -4,11 +4,11 @@
 
 from sqlalchemy.orm import Mapped, mapped_column
 
-from backend.common.model import DataClassBase, TimeZone, UniversalText, id_key
+from backend.common.model import DataClassBase, TenantMixin, TimeZone, UniversalText, id_key
 from backend.utils.timezone import timezone
 
 
-class LoginLog(DataClassBase):
+class LoginLog(DataClassBase, TenantMixin):
     """登录日志表"""
 
     __tablename__ = 'sys_login_log'

diff --git a/backend/app/admin/model/m2m.py b/backend/app/admin/model/m2m.py
@@ -1,6 +1,14 @@
 import sqlalchemy as sa
 
 from backend.common.model import MappedBase
+from backend.core.conf import settings
+
+# 租户列定义（根据配置决定是否添加）
+_tenant_columns = (
+    (lambda: [sa.Column('tenant_id', sa.BigInteger, nullable=False, index=True, comment='租户ID')])
+    if settings.TENANT_ENABLED
+    else list
+)
 
 # 用户角色表
 user_role = sa.Table(
@@ -9,6 +17,7 @@
     sa.Column('id', sa.BigInteger, primary_key=True, unique=True, index=True, autoincrement=True, comment='主键ID'),
     sa.Column('user_id', sa.BigInteger, primary_key=True, comment='用户ID'),
     sa.Column('role_id', sa.BigInteger, primary_key=True, comment='角色ID'),
+    *_tenant_columns(),
 )
 
 # 角色菜单表
@@ -18,6 +27,7 @@
     sa.Column('id', sa.BigInteger, primary_key=True, unique=True, index=True, autoincrement=True, comment='主键ID'),
     sa.Column('role_id', sa.BigInteger, primary_key=True, comment='角色ID'),
     sa.Column('menu_id', sa.BigInteger, primary_key=True, comment='菜单ID'),
+    *_tenant_columns(),
 )
 
 # 角色数据范围表
@@ -27,6 +37,7 @@
     sa.Column('id', sa.BigInteger, primary_key=True, unique=True, index=True, autoincrement=True, comment='主键 ID'),
     sa.Column('role_id', sa.BigInteger, primary_key=True, comment='角色 ID'),
     sa.Column('data_scope_id', sa.BigInteger, primary_key=True, comment='数据范围 ID'),
+    *_tenant_columns(),
 )
 
 # 数据范围规则表

diff --git a/backend/app/admin/model/opera_log.py b/backend/app/admin/model/opera_log.py
@@ -4,11 +4,11 @@
 
 from sqlalchemy.orm import Mapped, mapped_column
 
-from backend.common.model import DataClassBase, TimeZone, UniversalText, id_key
+from backend.common.model import DataClassBase, TenantMixin, TimeZone, UniversalText, id_key
 from backend.utils.timezone import timezone
 
 
-class OperaLog(DataClassBase):
+class OperaLog(DataClassBase, TenantMixin):
     """操作日志表"""
 
     __tablename__ = 'sys_opera_log'

diff --git a/backend/app/admin/model/role.py b/backend/app/admin/model/role.py
@@ -2,16 +2,22 @@
 
 from sqlalchemy.orm import Mapped, mapped_column
 
-from backend.common.model import Base, UniversalText, id_key
+from backend.common.model import Base, TenantMixin, UniversalText, id_key
+from backend.core.conf import settings
 
 
-class Role(Base):
+class Role(Base, TenantMixin):
     """角色表"""
 
     __tablename__ = 'sys_role'
 
+    if settings.TENANT_ENABLED:
+        __table_args__ = (sa.UniqueConstraint('name', 'tenant_id'),)
+    else:
+        __table_args__ = (sa.UniqueConstraint('name'),)
+
     id: Mapped[id_key] = mapped_column(init=False)
-    name: Mapped[str] = mapped_column(sa.String(32), unique=True, comment='角色名称')
+    name: Mapped[str] = mapped_column(sa.String(32), comment='角色名称')
     status: Mapped[int] = mapped_column(default=1, comment='角色状态（0停用 1正常）')
     is_filter_scopes: Mapped[bool] = mapped_column(default=True, comment='过滤数据权限(0否 1是)')
     remark: Mapped[str | None] = mapped_column(UniversalText, default=None, comment='备注')
diff --git a/backend/app/admin/model/user.py b/backend/app/admin/model/user.py
@@ -4,23 +4,35 @@
 
 from sqlalchemy.orm import Mapped, mapped_column
 
-from backend.common.model import Base, TimeZone, id_key
+from backend.common.model import Base, TenantMixin, TimeZone, id_key
+from backend.core.conf import settings
 from backend.database.db import uuid4_str
 from backend.utils.timezone import timezone
 
 
-class User(Base):
+class User(Base, TenantMixin):
     """用户表"""
 
     __tablename__ = 'sys_user'
 
+    if settings.TENANT_ENABLED:
+        __table_args__ = (
+            sa.UniqueConstraint('username', 'tenant_id'),
+            sa.UniqueConstraint('email', 'tenant_id'),
+        )
+    else:
+        __table_args__ = (
+            sa.UniqueConstraint('username'),
+            sa.UniqueConstraint('email'),
+        )
+
     id: Mapped[id_key] = mapped_column(init=False)
     uuid: Mapped[str] = mapped_column(sa.String(64), init=False, default_factory=uuid4_str, unique=True)
-    username: Mapped[str] = mapped_column(sa.String(64), unique=True, index=True, comment='用户名')
+    username: Mapped[str] = mapped_column(sa.String(64), index=True, comment='用户名')
     nickname: Mapped[str] = mapped_column(sa.String(64), comment='昵称')
     password: Mapped[str | None] = mapped_column(sa.String(256), comment='密码')
     salt: Mapped[bytes | None] = mapped_column(sa.LargeBinary(255), comment='加密盐')
-    email: Mapped[str | None] = mapped_column(sa.String(256), default=None, unique=True, index=True, comment='邮箱')
+    email: Mapped[str | None] = mapped_column(sa.String(256), default=None, index=True, comment='邮箱')
     phone: Mapped[str | None] = mapped_column(sa.String(11), default=None, comment='手机号')
     avatar: Mapped[str | None] = mapped_column(sa.String(256), default=None, comment='头像')
     status: Mapped[int] = mapped_column(default=1, index=True, comment='用户账号状态(0停用 1正常)')

diff --git a/backend/app/admin/model/user_password_history.py b/backend/app/admin/model/user_password_history.py
@@ -4,11 +4,11 @@
 
 from sqlalchemy.orm import Mapped, mapped_column
 
-from backend.common.model import DataClassBase, TimeZone, id_key
+from backend.common.model import DataClassBase, TenantMixin, TimeZone, id_key
 from backend.utils.timezone import timezone
 
 
-class UserPasswordHistory(DataClassBase):
+class UserPasswordHistory(DataClassBase, TenantMixin):
     """用户密码历史记录表"""
 
     __tablename__ = 'sys_user_password_history'

diff --git a/backend/app/admin/schema/login_log.py b/backend/app/admin/schema/login_log.py
@@ -3,6 +3,7 @@
 from pydantic import ConfigDict, Field
 
 from backend.common.schema import SchemaBase
+from backend.core.conf import settings
 
 
 class LoginLogSchemaBase(SchemaBase):
@@ -26,6 +27,9 @@ class LoginLogSchemaBase(SchemaBase):
 class CreateLoginLogParam(LoginLogSchemaBase):
     """创建登录日志参数"""
 
+    if settings.TENANT_ENABLED:
+        tenant_id: int = Field(description='租户 ID')
+
 
 class UpdateLoginLogParam(LoginLogSchemaBase):
     """更新登录日志参数"""

diff --git a/backend/app/admin/schema/opera_log.py b/backend/app/admin/schema/opera_log.py
@@ -5,6 +5,7 @@
 
 from backend.common.enums import StatusType
 from backend.common.schema import SchemaBase
+from backend.core.conf import settings
 
 
 class OperaLogSchemaBase(SchemaBase):
@@ -34,6 +35,9 @@ class OperaLogSchemaBase(SchemaBase):
 class CreateOperaLogParam(OperaLogSchemaBase):
     """创建操作日志参数"""
 
+    if settings.TENANT_ENABLED:
+        tenant_id: int = Field(description='租户 ID')
+
 
 class UpdateOperaLogParam(OperaLogSchemaBase):
     """更新操作日志参数"""

diff --git a/backend/app/admin/schema/user.py b/backend/app/admin/schema/user.py
@@ -8,6 +8,7 @@
 from backend.app.admin.schema.role import GetRoleWithRelationDetail
 from backend.common.enums import StatusType
 from backend.common.schema import CustomEmailStr, CustomPhoneNumber, SchemaBase, ser_string
+from backend.core.conf import settings
 
 
 class AuthSchemaBase(SchemaBase):
@@ -20,6 +21,9 @@ class AuthSchemaBase(SchemaBase):
 class AuthLoginParam(AuthSchemaBase):
     """用户登录参数"""
 
+    if settings.TENANT_ENABLED:
+        tenant_id: int = Field(settings.TENANT_DEFAULT_ID, description='租户 ID')
+
     uuid: str | None = Field(None, description='验证码 UUID')
     captcha: str | None = Field(None, description='验证码')
 
@@ -80,6 +84,9 @@ class GetUserInfoDetail(UserInfoSchemaBase):
 
     model_config = ConfigDict(from_attributes=True)
 
+    if settings.TENANT_ENABLED:
+        tenant_id: int = Field(description='租户 ID')
+
     dept_id: int | None = Field(None, description='部门 ID')
     id: int = Field(description='用户 ID')
     uuid: str = Field(description='用户 UUID')