admin/django-vue3-admin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: 优化部门权限

Browse Source
This commit is contained in:
李强
2024-08-29 09:04:13 +08:00
parent 47b0ee7fe7
commit 233774a981
2 changed files with 36 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
backend/dvadmin/utils/permission.py
View File

@@ -44,6 +44,35 @@ class AnonymousUserPermission(BasePermission):
return True return True
class SuperuserPermission(BasePermission):
"""
超级管理员权限类
"""
def has_permission(self, request, view):
if isinstance(request.user, AnonymousUser):
return False
# 判断是否是超级管理员
if request.user.is_superuser:
return True
class AdminPermission(BasePermission):
"""
普通管理员权限类
"""
def has_permission(self, request, view):
if isinstance(request.user, AnonymousUser):
return False
# 判断是否是超级管理员
is_superuser = request.user.is_superuser
# 判断是否是管理员角色
is_admin = request.user.role.values_list('admin', flat=True)
if is_superuser or True in is_admin:
return True
def ReUUID(api): def ReUUID(api):
""" """
将接口的uuid替换掉 将接口的uuid替换掉
@@ -82,7 +111,8 @@ class CustomPermission(BasePermission):
if not hasattr(request.user, "role"): if not hasattr(request.user, "role"):
return False return False
role_id_list = request.user.role.values_list('id', flat=True) role_id_list = request.user.role.values_list('id', flat=True)
userApiList = RoleMenuButtonPermission.objects.filter(role__in=role_id_list).values(permission__api=F('menu_button__api'), permission__method=F('menu_button__method')) # 获取当前用户的角色拥有的所有接口 userApiList = RoleMenuButtonPermission.objects.filter(role__in=role_id_list).values(
permission__api=F('menu_button__api'), permission__method=F('menu_button__method')) # 获取当前用户的角色拥有的所有接口
ApiList = [ ApiList = [
str(item.get('permission__api').replace('{id}', '([a-zA-Z0-9-]+)')) + ":" + str( str(item.get('permission__api').replace('{id}', '([a-zA-Z0-9-]+)')) + ":" + str(
item.get('permission__method')) + '$' for item in userApiList if item.get('permission__api')] item.get('permission__method')) + '$' for item in userApiList if item.get('permission__api')]

5
backend/dvadmin/utils/serializers.py
View File

@@ -26,7 +26,6 @@ class CustomModelSerializer(DynamicFieldsMixin, ModelSerializer):
# 修改人的审计字段名称, 默认modifier, 继承使用时可自定义覆盖 # 修改人的审计字段名称, 默认modifier, 继承使用时可自定义覆盖
modifier_field_id = "modifier" modifier_field_id = "modifier"
modifier_name = serializers.SerializerMethodField(read_only=True) modifier_name = serializers.SerializerMethodField(read_only=True)
dept_belong_id = serializers.IntegerField(required=False, allow_null=True)
def get_modifier_name(self, instance): def get_modifier_name(self, instance):
if not hasattr(instance, "modifier"): if not hasattr(instance, "modifier"):
@@ -52,7 +51,7 @@ class CustomModelSerializer(DynamicFieldsMixin, ModelSerializer):
format="%Y-%m-%d %H:%M:%S", required=False, read_only=True format="%Y-%m-%d %H:%M:%S", required=False, read_only=True
) )
update_datetime = serializers.DateTimeField( update_datetime = serializers.DateTimeField(
format="%Y-%m-%d %H:%M:%S", required=False format="%Y-%m-%d %H:%M:%S", required=False, read_only=True
) )
def __init__(self, instance=None, data=empty, request=None, **kwargs): def __init__(self, instance=None, data=empty, request=None, **kwargs):
@@ -75,7 +74,7 @@ class CustomModelSerializer(DynamicFieldsMixin, ModelSerializer):
and validated_data.get(self.dept_belong_id_field_name, None) is None and validated_data.get(self.dept_belong_id_field_name, None) is None
): ):
validated_data[self.dept_belong_id_field_name] = getattr( validated_data[self.dept_belong_id_field_name] = getattr(
self.request.user, "dept_id", None self.request.user, "dept_id", validated_data.get(self.dept_belong_id_field_name, None)
) )
return super().create(validated_data) return super().create(validated_data)