From a030409c462841d2ac2d4b0b1fe4d0ba63f3363c Mon Sep 17 00:00:00 2001 From: liqiang <1206709430@qq.com> Date: Sun, 2 Mar 2025 00:05:44 +0800 Subject: [PATCH] =?UTF-8?q?fix(system):=20=E4=BF=AE=E5=A4=8D=E6=9D=83?= =?UTF-8?q?=E9=99=90=E8=8E=B7=E5=8F=96=20bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 优化权限查询逻辑,先判断菜单按钮对象是否存在 - 修复了在某些情况下可能导致权限获取失败的问题 --- backend/dvadmin/utils/filters.py | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/backend/dvadmin/utils/filters.py b/backend/dvadmin/utils/filters.py index 4db96db..fa418be 100644 --- a/backend/dvadmin/utils/filters.py +++ b/backend/dvadmin/utils/filters.py @@ -22,7 +22,7 @@ from django_filters.rest_framework import DjangoFilterBackend from django_filters.utils import get_model_field from rest_framework.filters import BaseFilterBackend from django_filters.conf import settings -from dvadmin.system.models import Dept, ApiWhiteList, RoleMenuButtonPermission +from dvadmin.system.models import Dept, ApiWhiteList, RoleMenuButtonPermission, MenuButton from dvadmin.utils.models import CoreModel class CoreModelFilterBankend(BaseFilterBackend): @@ -149,13 +149,16 @@ class DataLevelPermissionsFilter(BaseFilterBackend): if _pk: # 判断是否是单例查询 re_api = re.sub(_pk,'{id}', api) role_id_list = request.user.role.values_list('id', flat=True) - role_permission_list=RoleMenuButtonPermission.objects.filter( - role__in=role_id_list, - role__status=1, - menu_button__api=re_api, - menu_button__method=method).values( - 'data_range' - ) + # 修复权限获取bug + menu_button_obj = MenuButton.objects.filter(api=re_api, method=method).first() + role_permission_list = [] + if menu_button_obj: + role_permission_list = RoleMenuButtonPermission.objects.filter( + role__in=role_id_list, + role__status=1, + menu_button=menu_button_obj).values( + 'data_range' + ) dataScope_list = [] # 权限范围列表 for ele in role_permission_list: # 判断用户是否为超级管理员角色/如果拥有[全部数据权限]则返回所有数据