From 27226312763f7f0158cbc0aa6dc2970882c1bdd9 Mon Sep 17 00:00:00 2001 From: ahhui Date: Tue, 8 Aug 2023 16:31:55 +0800 Subject: [PATCH] =?UTF-8?q?test:=20=E5=88=97=E6=9D=83=E9=99=90=E6=B5=8B?= =?UTF-8?q?=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/dvadmin/utils/pagination.py | 7 +++--- backend/dvadmin/utils/viewset.py | 35 +++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 3 deletions(-) diff --git a/backend/dvadmin/utils/pagination.py b/backend/dvadmin/utils/pagination.py index 40191ef..52bf143 100644 --- a/backend/dvadmin/utils/pagination.py +++ b/backend/dvadmin/utils/pagination.py @@ -76,8 +76,9 @@ class CustomPagination(PageNumberPagination): ('msg', msg), ('page', page), ('limit', limit), - ('total',total), - ('is_next',is_next), + ('total', total), + ('is_next', is_next), ('is_previous', is_previous), - ('data', data) + ('data', data), + ('permission', self.request.permission_fields) ])) diff --git a/backend/dvadmin/utils/viewset.py b/backend/dvadmin/utils/viewset.py index 47e1c6c..7f9c3a7 100644 --- a/backend/dvadmin/utils/viewset.py +++ b/backend/dvadmin/utils/viewset.py @@ -16,6 +16,8 @@ from dvadmin.utils.filters import DataLevelPermissionsFilter from dvadmin.utils.import_export_mixin import ExportSerializerMixin, ImportSerializerMixin from dvadmin.utils.json_response import SuccessResponse, ErrorResponse, DetailResponse from dvadmin.utils.permission import CustomPermission +from dvadmin.utils.models import get_custom_app_models +from dvadmin.system.models import Columns from django_restql.mixins import QueryArgumentsMixin @@ -61,12 +63,45 @@ class CustomModelViewSet(ModelViewSet, ImportSerializerMixin, ExportSerializerMi def get_serializer(self, *args, **kwargs): serializer_class = self.get_serializer_class() kwargs.setdefault('context', self.get_serializer_context()) + # 全部以可见字段为准 + can_see = self.get_column_permission(serializer_class) + # 排除掉序列化器级的字段 + # sub_set = set(serializer_class._declared_fields.keys()) - set(can_see) + # for field in sub_set: + # serializer_class._declared_fields.pop(field) + # if not self.request.user.is_superuser: + # serializer_class.Meta.fields = can_see + # 在分页器中使用 + self.request.permission_fields = can_see if isinstance(self.request.data, list): with transaction.atomic(): return serializer_class(many=True, *args, **kwargs) else: return serializer_class(*args, **kwargs) + def get_column_permission(self, serializer_class): + """获取列权限""" + action_map = { + 'list': 'is_query', + 'retrieve': 'is_query', + 'create': 'is_create', + 'update': 'is_update' + } + finded = False + for app in get_custom_app_models(): + for model in app: + if model['object'] is serializer_class.Meta.model: + finded = True + break + if finded: + break + if finded is False: + return [] + column_permission = Columns.objects.filter(app=model['app'], model=model['model']) + if self.action in action_map: + return [obj.field_name for obj in column_permission if getattr(obj, action_map[self.action])] + return [] + def create(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data, request=request) serializer.is_valid(raise_exception=True)