添加动态权限控制

2025-07-02 21:54:13 +08:00
parent eace8a524d
commit 78b9f9e832
12 changed files with 186 additions and 24 deletions
--- a/backend/system/management/commands/gen_menu_json.py
+++ b/backend/system/management/commands/gen_menu_json.py
@@ -47,10 +47,12 @@ def gen_menu(app_name, model_name, parent_menu_name, creator='admin'):

    # 按钮权限
    buttons = [
-        {"name": "Query", "title": "common.query", "auth_code": f"{app_name}:{model_lower}:query"},
        {"name": "Create", "title": "common.create", "auth_code": f"{app_name}:{model_lower}:create"},
        {"name": "Edit", "title": "common.edit", "auth_code": f"{app_name}:{model_lower}:edit"},
        {"name": "Delete", "title": "common.delete", "auth_code": f"{app_name}:{model_lower}:delete"},
+        {"name": "Query", "title": "common.query", "auth_code": f"{app_name}:{model_lower}:query"},
+        {"name": "Query", "title": "common.query", "auth_code": f"{app_name}:{model_lower}:import"},
+        {"name": "Query", "title": "common.query", "auth_code": f"{app_name}:{model_lower}:export"},
    ]
    for idx, btn in enumerate(buttons):
        btn_meta = MenuMeta.objects.create(
--- a/backend/system/views/login_log.py
+++ b/backend/system/views/login_log.py
@@ -2,6 +2,7 @@ from system.models import LoginLog
 from utils.serializers import CustomModelSerializer
 from utils.custom_model_viewSet import CustomModelViewSet
 from rest_framework import serializers
+from utils.permissions import HasButtonPermission

 class LoginLogSerializer(CustomModelSerializer):
    """
@@ -28,3 +29,4 @@ class LoginLogViewSet(CustomModelViewSet):
    search_fields = ['name']  # 根据实际字段调整
    ordering_fields = ['create_time', 'id']
    ordering = ['-create_time']
+    permission_classes = [HasButtonPermission]
--- a/backend/system/views/user.py
+++ b/backend/system/views/user.py
@@ -8,7 +8,6 @@ from django.contrib.auth.hashers import make_password
 from rest_framework.permissions import IsAuthenticated

 from system.models import User, Menu, LoginLog
-from system.views.menu import MenuSerializer

 from utils.serializers import CustomModelSerializer
 from utils.custom_model_viewSet import CustomModelViewSet
@@ -79,13 +78,14 @@ class UserInfo(APIView):
        if user.is_superuser:
            roles = ['admin']
            # menus = Menu.objects.filter(pid__isnull=True).order_by('sort')
-            # permissions = Menu.objects.filter(type='button').order_by('sort').values_list('auth_code', flat=True)
+            permissions = Menu.objects.filter(type='button').order_by('auth_code').values_list('auth_code', flat=True)
        else:
            roles = user.get_role_name
            # menus = Menu.objects.filter(pid__isnull=True, role__users=user).order_by('sort').distinct()
-            # permissions = Menu.objects.filter(type='button', role__users=user).order_by('sort').distinct().values_list('auth_code', flat=True)
+            permissions = Menu.objects.filter(type='button', role__users=user).order_by('auth_code').distinct().values_list('auth_code', flat=True)
        # menus_data = MenuSerializer(menus, many=True).data
        user_data['roles'] = roles
+        user_data['permissions'] = permissions
        return Response({
            "code": 0,
            "data": user_data,