test: 列权限测试
This commit is contained in:
ahhui
@@ -76,8 +76,9 @@ class CustomPagination(PageNumberPagination):
|
|||||||
('msg', msg),
|
('msg', msg),
|
||||||
('page', page),
|
('page', page),
|
||||||
('limit', limit),
|
('limit', limit),
|
||||||
('total',total),
|
('total', total),
|
||||||
('is_next',is_next),
|
('is_next', is_next),
|
||||||
('is_previous', is_previous),
|
('is_previous', is_previous),
|
||||||
('data', data)
|
('data', data),
|
||||||
|
('permission', self.request.permission_fields)
|
||||||
]))
|
]))
|
||||||
|
|||||||
@@ -16,6 +16,8 @@ from dvadmin.utils.filters import DataLevelPermissionsFilter
|
|||||||
from dvadmin.utils.import_export_mixin import ExportSerializerMixin, ImportSerializerMixin
|
from dvadmin.utils.import_export_mixin import ExportSerializerMixin, ImportSerializerMixin
|
||||||
from dvadmin.utils.json_response import SuccessResponse, ErrorResponse, DetailResponse
|
from dvadmin.utils.json_response import SuccessResponse, ErrorResponse, DetailResponse
|
||||||
from dvadmin.utils.permission import CustomPermission
|
from dvadmin.utils.permission import CustomPermission
|
||||||
|
from dvadmin.utils.models import get_custom_app_models
|
||||||
|
from dvadmin.system.models import Columns
|
||||||
from django_restql.mixins import QueryArgumentsMixin
|
from django_restql.mixins import QueryArgumentsMixin
|
||||||
|
|
||||||
|
|
||||||
@@ -61,12 +63,45 @@ class CustomModelViewSet(ModelViewSet, ImportSerializerMixin, ExportSerializerMi
|
|||||||
def get_serializer(self, *args, **kwargs):
|
def get_serializer(self, *args, **kwargs):
|
||||||
serializer_class = self.get_serializer_class()
|
serializer_class = self.get_serializer_class()
|
||||||
kwargs.setdefault('context', self.get_serializer_context())
|
kwargs.setdefault('context', self.get_serializer_context())
|
||||||
|
# 全部以可见字段为准
|
||||||
|
can_see = self.get_column_permission(serializer_class)
|
||||||
|
# 排除掉序列化器级的字段
|
||||||
|
# sub_set = set(serializer_class._declared_fields.keys()) - set(can_see)
|
||||||
|
# for field in sub_set:
|
||||||
|
# serializer_class._declared_fields.pop(field)
|
||||||
|
# if not self.request.user.is_superuser:
|
||||||
|
# serializer_class.Meta.fields = can_see
|
||||||
|
# 在分页器中使用
|
||||||
|
self.request.permission_fields = can_see
|
||||||
if isinstance(self.request.data, list):
|
if isinstance(self.request.data, list):
|
||||||
with transaction.atomic():
|
with transaction.atomic():
|
||||||
return serializer_class(many=True, *args, **kwargs)
|
return serializer_class(many=True, *args, **kwargs)
|
||||||
else:
|
else:
|
||||||
return serializer_class(*args, **kwargs)
|
return serializer_class(*args, **kwargs)
|
||||||
|
|
||||||
|
def get_column_permission(self, serializer_class):
|
||||||
|
"""获取列权限"""
|
||||||
|
action_map = {
|
||||||
|
'list': 'is_query',
|
||||||
|
'retrieve': 'is_query',
|
||||||
|
'create': 'is_create',
|
||||||
|
'update': 'is_update'
|
||||||
|
}
|
||||||
|
finded = False
|
||||||
|
for app in get_custom_app_models():
|
||||||
|
for model in app:
|
||||||
|
if model['object'] is serializer_class.Meta.model:
|
||||||
|
finded = True
|
||||||
|
break
|
||||||
|
if finded:
|
||||||
|
break
|
||||||
|
if finded is False:
|
||||||
|
return []
|
||||||
|
column_permission = Columns.objects.filter(app=model['app'], model=model['model'])
|
||||||
|
if self.action in action_map:
|
||||||
|
return [obj.field_name for obj in column_permission if getattr(obj, action_map[self.action])]
|
||||||
|
return []
|
||||||
|
|
||||||
def create(self, request, *args, **kwargs):
|
def create(self, request, *args, **kwargs):
|
||||||
serializer = self.get_serializer(data=request.data, request=request)
|
serializer = self.get_serializer(data=request.data, request=request)
|
||||||
serializer.is_valid(raise_exception=True)
|
serializer.is_valid(raise_exception=True)
|
||||||
|
|||||||
Reference in New Issue
Block a user