1.完成新版接口授权

backend/dvadmin/utils/filters.py

@@ -20,7 +20,7 @@ from django_filters.rest_framework import DjangoFilterBackend
 from django_filters.utils import get_model_field
 from rest_framework.filters import BaseFilterBackend
 
-from dvadmin.system.models import Dept, ApiWhiteList, RoleMenuButtonPermission
+from dvadmin.system.models import Dept, ApiWhiteList, RoleApiPermission
 
 
 def get_dept(dept_id: int, dept_all_list=None, dept_list=None):
@@ -116,18 +116,17 @@ class DataLevelPermissionsFilter(BaseFilterBackend):
         if _pk: # 判断是否是单例查询
             re_api = re.sub(_pk,'{id}', api)
         role_id_list = request.user.role.values_list('id', flat=True)
-        role_permission_list=RoleMenuButtonPermission.objects.filter(
+        role_permission_list=RoleApiPermission.objects.filter(
             role__in=role_id_list,
             role__status=1,
-            menu_button__api=re_api,
-            menu_button__method=method).values(
+            api=re_api,
+            method=method).values(
             'data_range',
-            role_admin=F('role__admin')
         )
         dataScope_list = []  # 权限范围列表
         for ele in role_permission_list:
                 # 判断用户是否为超级管理员角色/如果拥有[全部数据权限]则返回所有数据
-            if ele.get("data_range") == 3 or ele.get("role_admin") == True:
+            if ele.get("data_range") == 3:
                 return queryset
             dataScope_list.append(ele.get("data_range"))
         dataScope_list = list(set(dataScope_list))

backend/dvadmin/utils/permission.py

@@ -12,7 +12,7 @@ from django.contrib.auth.models import AnonymousUser
 from django.db.models import F
 from rest_framework.permissions import BasePermission
 
-from dvadmin.system.models import ApiWhiteList, RoleMenuButtonPermission
+from dvadmin.system.models import ApiWhiteList, RoleApiPermission
 
 
 def ValidationApi(reqApi, validApi):
@@ -74,18 +74,18 @@ class CustomPermission(BasePermission):
             methodList = ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'PATCH']
             method = methodList.index(method)
             # ***接口白名单***
-            api_white_list = ApiWhiteList.objects.values(permission__api=F('url'), permission__method=F('method'))
+            api_white_list = ApiWhiteList.objects.values('method',api=F('url'))
             api_white_list = [
-                str(item.get('permission__api').replace('{id}', '([a-zA-Z0-9-]+)')) + ":" + str(
-                    item.get('permission__method')) + '$' for item in api_white_list if item.get('permission__api')]
+                str(item.get('api').replace('{id}', '([a-zA-Z0-9-]+)')) + ":" + str(
+                    item.get('method')) + '$' for item in api_white_list if item.get('api')]
             # ********#
             if not hasattr(request.user, "role"):
                 return False
             role_id_list = request.user.role.values_list('id',flat=True)
-            userApiList = RoleMenuButtonPermission.objects.filter(role__in=role_id_list).values(permission__api=F('menu_button__api'), permission__method=F('menu_button__method'))  # 获取当前用户的角色拥有的所有接口
+            userApiList = RoleApiPermission.objects.filter(role__in=role_id_list).values('api','method')  # 获取当前用户的角色拥有的所有接口
             ApiList = [
-                str(item.get('permission__api').replace('{id}', '([a-zA-Z0-9-]+)')) + ":" + str(
-                    item.get('permission__method')) + '$' for item in userApiList if item.get('permission__api')]
+                str(item.get('api').replace('{id}', '([a-zA-Z0-9-]+)')) + ":" + str(
+                    item.get('method')) + '$' for item in userApiList if item.get('api')]
             new_api_ist = api_white_list + ApiList
             new_api = api + ":" + str(method)
             for item in new_api_ist: