diff --git a/backend/dvadmin/utils/filters.py b/backend/dvadmin/utils/filters.py
index f129945..b68ec9e 100644
--- a/backend/dvadmin/utils/filters.py
+++ b/backend/dvadmin/utils/filters.py
@@ -75,7 +75,7 @@ class DataLevelPermissionsFilter(BaseFilterBackend):
if item.get("permission__api")
]
for item in api_white_list:
- new_api = api + ":" + str(method)
+ new_api = f"{api}:{method}"
matchObj = re.match(item, new_api, re.M | re.I)
if matchObj is None:
continue
@@ -86,74 +86,78 @@ class DataLevelPermissionsFilter(BaseFilterBackend):
如果不是超级管理员,则进入下一步权限判断
"""
if request.user.is_superuser == 0:
- # 0. 获取用户的部门id,没有部门则返回空
- user_dept_id = getattr(request.user, "dept_id", None)
- if not user_dept_id:
- return queryset.none()
-
- # 1. 判断过滤的数据是否有创建人所在部门 "dept_belong_id" 字段
- if not getattr(queryset.model, "dept_belong_id", None):
- return queryset
-
- # 2. 如果用户没有关联角色则返回本部门数据
- if not hasattr(request.user, "role"):
- return queryset.filter(dept_belong_id=user_dept_id)
-
- # 3. 根据所有角色 获取所有权限范围
- # (0, "仅本人数据权限"),
- # (1, "本部门及以下数据权限"),
- # (2, "本部门数据权限"),
- # (3, "全部数据权限"),
- # (4, "自定数据权限")
- replace_str = re.compile('\d')
- re_api = replace_str.sub('{id}', api)
- role_id_list = request.user.role.values_list('id', flat=True)
- role_permission_list=RoleMenuButtonPermission.objects.filter(
- role__in=role_id_list,
- role__status=1,
- menu_button__api=re_api,
- menu_button__method=method).values(
- 'data_range',
- role_admin=F('role__admin')
- )
- dataScope_list = [] # 权限范围列表
- for ele in role_permission_list:
- # 判断用户是否为超级管理员角色/如果拥有[全部数据权限]则返回所有数据
- if 3 == ele.get("data_range") or ele.get("role_admin") == True:
- return queryset
- dataScope_list.append(ele.get("data_range"))
- dataScope_list = list(set(dataScope_list))
-
- # 4. 只为仅本人数据权限时只返回过滤本人数据,并且部门为自己本部门(考虑到用户会变部门,只能看当前用户所在的部门数据)
- if 0 in dataScope_list:
- return queryset.filter(
- creator=request.user, dept_belong_id=user_dept_id
- )
-
- # 5. 自定数据权限 获取部门,根据部门过滤
- dept_list = []
- for ele in dataScope_list:
- if ele == 4:
- dept_list.extend(
- request.user.role.filter(status=1).values_list(
- "dept__id", flat=True
- )
- )
- elif ele == 2:
- dept_list.append(user_dept_id)
- elif ele == 1:
- dept_list.append(user_dept_id)
- dept_list.extend(
- get_dept(
- user_dept_id,
- )
- )
- if queryset.model._meta.model_name == 'dept':
- return queryset.filter(id__in=list(set(dept_list)))
- return queryset.filter(dept_belong_id__in=list(set(dept_list)))
+ return self._extracted_from_filter_queryset_33(request, queryset, api, method)
else:
return queryset
+ # TODO Rename this here and in `filter_queryset`
+ def _extracted_from_filter_queryset_33(self, request, queryset, api, method):
+ # 0. 获取用户的部门id,没有部门则返回空
+ user_dept_id = getattr(request.user, "dept_id", None)
+ if not user_dept_id:
+ return queryset.none()
+
+ # 1. 判断过滤的数据是否有创建人所在部门 "dept_belong_id" 字段
+ if not getattr(queryset.model, "dept_belong_id", None):
+ return queryset
+
+ # 2. 如果用户没有关联角色则返回本部门数据
+ if not hasattr(request.user, "role"):
+ return queryset.filter(dept_belong_id=user_dept_id)
+
+ # 3. 根据所有角色 获取所有权限范围
+ # (0, "仅本人数据权限"),
+ # (1, "本部门及以下数据权限"),
+ # (2, "本部门数据权限"),
+ # (3, "全部数据权限"),
+ # (4, "自定数据权限")
+ replace_str = re.compile('\d')
+ re_api = replace_str.sub('{id}', api)
+ role_id_list = request.user.role.values_list('id', flat=True)
+ role_permission_list=RoleMenuButtonPermission.objects.filter(
+ role__in=role_id_list,
+ role__status=1,
+ menu_button__api=re_api,
+ menu_button__method=method).values(
+ 'data_range',
+ role_admin=F('role__admin')
+ )
+ dataScope_list = [] # 权限范围列表
+ for ele in role_permission_list:
+ # 判断用户是否为超级管理员角色/如果拥有[全部数据权限]则返回所有数据
+ if ele.get("data_range") == 3 or ele.get("role_admin") == True:
+ return queryset
+ dataScope_list.append(ele.get("data_range"))
+ dataScope_list = list(set(dataScope_list))
+
+ # 4. 只为仅本人数据权限时只返回过滤本人数据,并且部门为自己本部门(考虑到用户会变部门,只能看当前用户所在的部门数据)
+ if 0 in dataScope_list:
+ return queryset.filter(
+ creator=request.user, dept_belong_id=user_dept_id
+ )
+
+ # 5. 自定数据权限 获取部门,根据部门过滤
+ dept_list = []
+ for ele in dataScope_list:
+ if ele == 1:
+ dept_list.append(user_dept_id)
+ dept_list.extend(
+ get_dept(
+ user_dept_id,
+ )
+ )
+ elif ele == 2:
+ dept_list.append(user_dept_id)
+ elif ele == 4:
+ dept_list.extend(
+ request.user.role.filter(status=1).values_list(
+ "dept__id", flat=True
+ )
+ )
+ if queryset.model._meta.model_name == 'dept':
+ return queryset.filter(id__in=list(set(dept_list)))
+ return queryset.filter(dept_belong_id__in=list(set(dept_list)))
+
class CustomDjangoFilterBackend(DjangoFilterBackend):
lookup_prefixes = {
diff --git a/web/package.json b/web/package.json
index 345af77..43fdacf 100644
--- a/web/package.json
+++ b/web/package.json
@@ -49,7 +49,7 @@
"vue-grid-layout": "^3.0.0-beta1",
"vue-i18n": "^9.2.2",
"vue-router": "^4.1.6",
- "vxe-table": "^4.3.10",
+ "vxe-table": "^4.4.1",
"xe-utils": "^3.5.7"
},
"devDependencies": {
diff --git a/web/src/main.ts b/web/src/main.ts
index e68fc94..e20e8d1 100644
--- a/web/src/main.ts
+++ b/web/src/main.ts
@@ -27,7 +27,8 @@ import iconfont from '/@/assets/iconfont/iconfont.json'; //引入json文件
import '/@/assets/iconfont/iconfont.css'; //引入css
// 自动注册插件
import { scanAndInstallPlugins } from '/@/views/plugins/index';
-
+import VXETable from 'vxe-table'
+import 'vxe-table/lib/style.css'
let forIconfont = analyzingIconForIconfont(iconfont); //解析class
iconList.addIcon(forIconfont.list); // 添加iconfont dvadmin3的icon
iconList.addIcon(elementPlus); // 添加element plus的图标
@@ -47,6 +48,8 @@ pinia.use(piniaPersist);
directive(app);
other.elSvg(app);
+
+app.use(VXETable)
app.use(permission);
app.use(pinia).use(router).use(ElementPlus, { i18n: i18n.global.t }).use(i18n).use(VueGridLayout).use(fastCrud).mount('#app');
diff --git a/web/src/views/system/role/components/permission.vue b/web/src/views/system/role/components/permission.vue
index 7ebc9de..5fc590e 100644
--- a/web/src/views/system/role/components/permission.vue
+++ b/web/src/views/system/role/components/permission.vue
@@ -22,6 +22,7 @@
:row-config="{keyField: 'menu_id'}"
:tree-config="{transform: true, rowField: 'menu_id', parentField: 'parent'}"
:checkbox-config="{labelField: 'menu_id', checkRowKeys: multipleTableData,checkStrictly:true}"
+ @toggle-row-expand="menuNodeClick"
:data="menuData">
@@ -106,7 +107,7 @@ import * as api from './api.ts'
import type {FormRules, FormInstance} from 'element-plus'
import {ElMessage} from 'element-plus'
import XEUtils from 'xe-utils'
-import { VXETable, VxeTableInstance } from 'vxe-table'
+import { VXETable, VxeTableInstance,VxeTableEvents } from 'vxe-table'
interface tableRow {
menu_id: number
@@ -169,16 +170,16 @@ let isBtnPermissionShow = ref(false)
let buttonOptions = ref<[]>()
let editedMenuInfo = ref()
//菜单节点点击事件
-const menuNodeClick = (node: any) => {
- isBtnPermissionShow.value = !node.is_catalog
- if (!node.is_catalog) {
+const menuNodeClick: VxeTableEvents.ToggleRowExpand = ({ expanded, row}) => {
+ // isBtnPermissionShow.value = !node.is_catalog
+ if (!row.is_catalog) {
buttonOptions.value = []
- editedMenuInfo.value = node
- api.GetMenuButton({menu: node.menu_id}).then((res: any) => {
+ editedMenuInfo.value = row
+ api.GetMenuButton({menu: row.menu_id}).then((res: any) => {
const {data} = res
buttonOptions.value = data
})
- api.getObj({menu: node.menu_id, role: editedRoleInfo.value.id}).then((res: any) => {
+ api.getObj({menu: row.menu_id, role: editedRoleInfo.value.id}).then((res: any) => {
const {data} = res
buttonPermissionData.value = data
})