admin/django-vue3-admin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

!108 修复字段权限筛选错误,update backend/dvadmin/utils/viewset.py.

Browse Source 
Merge pull request !108 from lxy/N/A
This commit is contained in:
dvadmin
2025-03-20 19:54:37 +00:00
committed by Gitee
parent 01604a27db a5cc87eb55
commit 1578c9d710
1 changed files with 17 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
backend/dvadmin/utils/viewset.py
View File

@@ -70,13 +70,13 @@ class CustomModelViewSet(ModelViewSet, ImportSerializerMixin, ExportSerializerMi
# 全部以可见字段为准 # 全部以可见字段为准
can_see = self.get_menu_field(serializer_class) can_see = self.get_menu_field(serializer_class)
# 排除掉序列化器级的字段(排除字段权限中未授权的字段) # 排除掉序列化器级的字段(排除字段权限中未授权的字段)
if not self.request.user.is_superuser: # if not self.request.user.is_superuser:
exclude_set = set(serializer_class._declared_fields.keys()) - set(can_see) # exclude_set = set(serializer_class._declared_fields.keys()) - set(can_see)
for field in exclude_set: # for field in exclude_set:
serializer_class._declared_fields.pop(field) # serializer_class._declared_fields.pop(field)
meta = copy.deepcopy(serializer_class.Meta) # meta = copy.deepcopy(serializer_class.Meta)
meta.fields = list(can_see) # meta.fields = list(can_see)
serializer_class.Meta = meta # serializer_class.Meta = meta
# 在分页器中使用 # 在分页器中使用
self.request.permission_fields = can_see self.request.permission_fields = can_see
if isinstance(self.request.data, list): if isinstance(self.request.data, list):
@@ -87,16 +87,17 @@ class CustomModelViewSet(ModelViewSet, ImportSerializerMixin, ExportSerializerMi
def get_menu_field(self, serializer_class): def get_menu_field(self, serializer_class):
"""获取字段权限""" """获取字段权限"""
finded = False
for model in get_custom_app_models(): if not any(model['object'] is serializer_class.Meta.model for model in get_custom_app_models()):
if model['object'] is serializer_class.Meta.model:
finded = True
break
if finded is False:
return [] return []
roles = self.request.user.role.values_list('id', flat=True)
return FieldPermission.objects.filter(is_query=True, role__in=roles, field__model=model['model']).values_list( # 匿名用户没有角色
'field__field_name', flat=True) ret = FieldPermission.objects.filter(field__model=serializer_class.Meta.model.__name__)
if hasattr(self.request.user, 'role'):
roles = self.request.user.role.values_list('id', flat=True)
ret = ret.filter(is_query=True, role__in=roles)
return ret.values_list('field__field_name', flat=True)
def create(self, request, *args, **kwargs): def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data, request=request) serializer = self.get_serializer(data=request.data, request=request)