功能变化: 权限model

2023-02-07 21:56:29 +08:00
parent 1812619e6c
commit 7d0819590a
3 changed files with 24 additions and 7 deletions
--- a/backend/dvadmin/system/models.py
+++ b/backend/dvadmin/system/models.py
@@ -191,12 +191,11 @@ class MenuButton(CoreModel):
        verbose_name_plural = verbose_name
        ordering = ("-name",)

-
-class RoleMenuButtonPermission(CoreModel):
+class RoleMenuPermission(CoreModel):
    role = models.ForeignKey(
        to="Role",
        db_constraint=False,
-        related_name="role_menu_button",
+        related_name="role_menu",
        on_delete=models.CASCADE,
        verbose_name="关联角色",
        help_text="关联角色",
@@ -209,6 +208,21 @@ class RoleMenuButtonPermission(CoreModel):
        verbose_name="关联菜单",
        help_text="关联菜单",
    )
+    class Meta:
+        db_table = table_prefix + "role_menu_permission"
+        verbose_name = "角色菜单权限表"
+        verbose_name_plural = verbose_name
+        ordering = ("-create_datetime",)
+
+class RoleMenuButtonPermission(CoreModel):
+    role = models.ForeignKey(
+        to="Role",
+        db_constraint=False,
+        related_name="role_menu_button",
+        on_delete=models.CASCADE,
+        verbose_name="关联角色",
+        help_text="关联角色",
+    )
    menu_button = models.ForeignKey(
        to="MenuButton",
        db_constraint=False,
@@ -232,7 +246,7 @@ class RoleMenuButtonPermission(CoreModel):
                                  help_text="数据权限-关联部门")
    class Meta:
        db_table = table_prefix + "role_menu_button_permission"
-        verbose_name = "角色菜单权限表"
+        verbose_name = "角色按钮权限表"
        verbose_name_plural = verbose_name
        ordering = ("-create_datetime",)

--- a/backend/dvadmin/utils/filters.py
+++ b/backend/dvadmin/utils/filters.py
@@ -20,7 +20,7 @@ from django_filters.rest_framework import DjangoFilterBackend
 from django_filters.utils import get_model_field
 from rest_framework.filters import BaseFilterBackend

-from dvadmin.system.models import Dept, ApiWhiteList
+from dvadmin.system.models import Dept, ApiWhiteList, RoleMenuButtonPermission


 def get_dept(dept_id: int, dept_all_list=None, dept_list=None):
@@ -85,6 +85,8 @@ class DataLevelPermissionsFilter(BaseFilterBackend):
        判断是否为超级管理员:
        如果不是超级管理员,则进入下一步权限判断
        """
+        print(api)
+        print(RoleMenuButtonPermission.objects.filter(menu_button__api__icontains=api))
        if request.user.is_superuser == 0:
            # 0. 获取用户的部门id，没有部门则返回空
            user_dept_id = getattr(request.user, "dept_id", None)
--- a/backend/dvadmin/utils/permission.py
+++ b/backend/dvadmin/utils/permission.py
@@ -12,7 +12,7 @@ from django.contrib.auth.models import AnonymousUser
 from django.db.models import F
 from rest_framework.permissions import BasePermission

-from dvadmin.system.models import ApiWhiteList
+from dvadmin.system.models import ApiWhiteList, RoleMenuButtonPermission


 def ValidationApi(reqApi, validApi):
@@ -81,7 +81,8 @@ class CustomPermission(BasePermission):
            # ********#
            if not hasattr(request.user, "role"):
                return False
-            userApiList = request.user.role.values('permission__api', 'permission__method')  # 获取当前用户的角色拥有的所有接口
+            role_id_list = request.user.role.values_list('id',flat=True)
+            userApiList = RoleMenuButtonPermission.objects.filter(role__in=role_id_list).values(permission__api=F('menu_button__api'), permission__method=F('menu_button__method'))  # 获取当前用户的角色拥有的所有接口
            ApiList = [
                str(item.get('permission__api').replace('{id}', '([a-zA-Z0-9-]+)')) + ":" + str(
                    item.get('permission__method')) + '$' for item in userApiList if item.get('permission__api')]