admin/django-vue3-admin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

功能变化: 接口数据权限完成

Browse Source
This commit is contained in:
猿小天
2023-02-07 23:47:53 +08:00
parent 376724a929
commit 8431e9a87e
11 changed files with 26 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
backend/dvadmin/system/tests.py
View File

@@ -0,0 +1 @@
from django.test import TestCase

2
backend/dvadmin/system/views/area.py
View File

@@ -44,4 +44,4 @@ class AreaViewSet(CustomModelViewSet):
"""
queryset = Area.objects.all()
serializer_class = AreaSerializer
extra_filter_backends = []
extra_filter_class = []

4
backend/dvadmin/system/views/dept.py
View File

@@ -134,7 +134,7 @@ class DeptViewSet(CustomModelViewSet):
update_serializer_class = DeptCreateUpdateSerializer
filter_fields = ['name', 'id', 'parent']
search_fields = []
# extra_filter_backends = []
# extra_filter_class = []
import_serializer_class = DeptImportSerializer
import_field_dict = {
"name": "部门名称",
@@ -182,7 +182,7 @@ class DeptViewSet(CustomModelViewSet):
return DetailResponse(data=queryset, msg="获取成功")
@action(methods=["GET"], detail=False, permission_classes=[AnonymousUserPermission])
@action(methods=["GET"], detail=False, permission_classes=[AnonymousUserPermission],extra_filter_class=[])
def all_dept(self, request, *args, **kwargs):
queryset = self.filter_queryset(self.get_queryset())
data = queryset.filter(status=True).order_by('sort').values('name', 'id', 'parent')

2
backend/dvadmin/system/views/dictionary.py
View File

@@ -92,7 +92,7 @@ class DictionaryViewSet(CustomModelViewSet):
"""
queryset = Dictionary.objects.all()
serializer_class = DictionarySerializer
extra_filter_backends = []
extra_filter_class = []
search_fields = ['label']

2
backend/dvadmin/system/views/login_log.py
View File

@@ -33,4 +33,4 @@ class LoginLogViewSet(CustomModelViewSet):
"""
queryset = LoginLog.objects.all()
serializer_class = LoginLogSerializer
extra_filter_backends = []
extra_filter_class = []

2
backend/dvadmin/system/views/menu.py
View File

@@ -165,7 +165,7 @@ class MenuViewSet(CustomModelViewSet):
update_serializer_class = MenuCreateSerializer
search_fields = ['name', 'status']
filter_fields = ['parent', 'name', 'status', 'is_link', 'visible', 'cache', 'is_catalog']
# extra_filter_backends = []
# extra_filter_class = []
@action(methods=['GET'], detail=False, permission_classes=[])
def web_router(self, request):

2
backend/dvadmin/system/views/menu_button.py
View File

@@ -56,4 +56,4 @@ class MenuButtonViewSet(CustomModelViewSet):
serializer_class = MenuButtonSerializer
create_serializer_class = MenuButtonCreateUpdateSerializer
update_serializer_class = MenuButtonCreateUpdateSerializer
extra_filter_backends = []
extra_filter_class = []

2
backend/dvadmin/system/views/message_center.py
View File

@@ -160,7 +160,7 @@ class MessageCenterViewSet(CustomModelViewSet):
queryset = MessageCenter.objects.order_by('create_datetime')
serializer_class = MessageCenterSerializer
create_serializer_class = MessageCenterCreateSerializer
extra_filter_backends = []
extra_filter_class = []
def get_queryset(self):
if self.action == 'list':

4
backend/dvadmin/system/views/role_menu_button_permission.py
View File

@@ -61,7 +61,7 @@ class RoleMenuButtonPermissionViewSet(CustomModelViewSet):
serializer_class = RoleMenuButtonPermissionSerializer
create_serializer_class = RoleMenuButtonPermissionCreateUpdateSerializer
update_serializer_class = RoleMenuButtonPermissionCreateUpdateSerializer
extra_filter_backends = []
extra_filter_class = []
@action(methods=['GET'], detail=False, permission_classes=[IsAuthenticated])
def role_get_menu(self, request):
@@ -191,7 +191,7 @@ class RoleMenuButtonPermissionViewSet(CustomModelViewSet):
role_id = params.get('role', None)
if role_id is None:
return ErrorResponse(msg="未获取到参数")
queryset = RoleMenuButtonPermission.objects.filter(role=role_id,menu=menu_id).values(
queryset = RoleMenuButtonPermission.objects.filter(role=role_id,menu_button__menu=menu_id).values(
'data_range',
'menu_button'
)

18
backend/dvadmin/utils/filters.py
View File

@@ -85,8 +85,6 @@ class DataLevelPermissionsFilter(BaseFilterBackend):
判断是否为超级管理员:
如果不是超级管理员,则进入下一步权限判断
"""
print(api)
print(RoleMenuButtonPermission.objects.filter(menu_button__api__iregex=api,menu_button__method=method))
if request.user.is_superuser == 0:
# 0. 获取用户的部门id没有部门则返回空
user_dept_id = getattr(request.user, "dept_id", None)
@@ -107,11 +105,21 @@ class DataLevelPermissionsFilter(BaseFilterBackend):
# (2, "本部门数据权限"),
# (3, "全部数据权限"),
# (4, "自定数据权限")
role_list = request.user.role.filter(status=1).values("admin", "data_range")
replace_str = re.compile('\d')
re_api = replace_str.sub('{id}', api)
role_id_list = request.user.role.values_list('id', flat=True)
role_permission_list=RoleMenuButtonPermission.objects.filter(
role__in=role_id_list,
role__status=1,
menu_button__api=re_api,
menu_button__method=method).values(
'data_range',
role_admin=F('role__admin')
)
dataScope_list = [] # 权限范围列表
for ele in role_list:
for ele in role_permission_list:
# 判断用户是否为超级管理员角色/如果拥有[全部数据权限]则返回所有数据
if 3 == ele.get("data_range") or ele.get("admin") == True:
if 3 == ele.get("data_range") or ele.get("role_admin") == True:
return queryset
dataScope_list.append(ele.get("data_range"))
dataScope_list = list(set(dataScope_list))

4
backend/dvadmin/utils/viewset.py
View File

@@ -37,13 +37,13 @@ class CustomModelViewSet(ModelViewSet, ImportSerializerMixin, ExportSerializerMi
update_serializer_class = None
filter_fields = '__all__'
search_fields = ()
extra_filter_backends = [DataLevelPermissionsFilter]
extra_filter_class = [DataLevelPermissionsFilter]
permission_classes = [CustomPermission]
import_field_dict = {}
export_field_label = {}
def filter_queryset(self, queryset):
for backend in set(set(self.filter_backends) | set(self.extra_filter_backends or [])):
for backend in set(set(self.filter_backends) | set(self.extra_filter_class or [])):
queryset = backend().filter_queryset(self.request, queryset, self)
return queryset