功能变化: 权限model

backend/dvadmin/system/models.py

@@ -191,12 +191,11 @@ class MenuButton(CoreModel):
         verbose_name_plural = verbose_name
         ordering = ("-name",)
 
-
+class RoleMenuPermission(CoreModel):
-class RoleMenuButtonPermission(CoreModel):
     role = models.ForeignKey(
         to="Role",
         db_constraint=False,
-        related_name="role_menu_button",
+        related_name="role_menu",
         on_delete=models.CASCADE,
         verbose_name="关联角色",
         help_text="关联角色",
@@ -209,6 +208,21 @@ class RoleMenuButtonPermission(CoreModel):
         verbose_name="关联菜单",
         help_text="关联菜单",
     )
+    class Meta:
+        db_table = table_prefix + "role_menu_permission"
+        verbose_name = "角色菜单权限表"
+        verbose_name_plural = verbose_name
+        ordering = ("-create_datetime",)
+
+class RoleMenuButtonPermission(CoreModel):
+    role = models.ForeignKey(
+        to="Role",
+        db_constraint=False,
+        related_name="role_menu_button",
+        on_delete=models.CASCADE,
+        verbose_name="关联角色",
+        help_text="关联角色",
+    )
     menu_button = models.ForeignKey(
         to="MenuButton",
         db_constraint=False,
@@ -232,7 +246,7 @@ class RoleMenuButtonPermission(CoreModel):
                                   help_text="数据权限-关联部门")
     class Meta:
         db_table = table_prefix + "role_menu_button_permission"
-        verbose_name = "角色菜单权限表"
+        verbose_name = "角色按钮权限表"
         verbose_name_plural = verbose_name
         ordering = ("-create_datetime",)
 

backend/dvadmin/utils/filters.py

@@ -20,7 +20,7 @@ from django_filters.rest_framework import DjangoFilterBackend
 from django_filters.utils import get_model_field
 from rest_framework.filters import BaseFilterBackend
 
-from dvadmin.system.models import Dept, ApiWhiteList
+from dvadmin.system.models import Dept, ApiWhiteList, RoleMenuButtonPermission
 
 
 def get_dept(dept_id: int, dept_all_list=None, dept_list=None):
@@ -85,6 +85,8 @@ class DataLevelPermissionsFilter(BaseFilterBackend):
         判断是否为超级管理员:
         如果不是超级管理员,则进入下一步权限判断
         """
+        print(api)
+        print(RoleMenuButtonPermission.objects.filter(menu_button__api__icontains=api))
         if request.user.is_superuser == 0:
             # 0. 获取用户的部门id，没有部门则返回空
             user_dept_id = getattr(request.user, "dept_id", None)

backend/dvadmin/utils/permission.py

@@ -12,7 +12,7 @@ from django.contrib.auth.models import AnonymousUser
 from django.db.models import F
 from rest_framework.permissions import BasePermission
 
-from dvadmin.system.models import ApiWhiteList
+from dvadmin.system.models import ApiWhiteList, RoleMenuButtonPermission
 
 
 def ValidationApi(reqApi, validApi):
@@ -81,7 +81,8 @@ class CustomPermission(BasePermission):
             # ********#
             if not hasattr(request.user, "role"):
                 return False
-            userApiList = request.user.role.values('permission__api', 'permission__method')  # 获取当前用户的角色拥有的所有接口
+            role_id_list = request.user.role.values_list('id',flat=True)
+            userApiList = RoleMenuButtonPermission.objects.filter(role__in=role_id_list).values(permission__api=F('menu_button__api'), permission__method=F('menu_button__method'))  # 获取当前用户的角色拥有的所有接口
             ApiList = [
                 str(item.get('permission__api').replace('{id}', '([a-zA-Z0-9-]+)')) + ":" + str(
                     item.get('permission__method')) + '$' for item in userApiList if item.get('permission__api')]