From c6a20735376f116636a41409148f212c2216a113 Mon Sep 17 00:00:00 2001
From: 1638245306 <1638245306@qq.com>
Date: Sun, 9 Feb 2025 23:17:26 +0800
Subject: [PATCH] =?UTF-8?q?feat(utils):=20=E5=AE=8C=E5=96=84=E5=AD=97?=
 =?UTF-8?q?=E6=AE=B5=E6=9D=83=E9=99=90=E6=8E=A7=E5=88=B6=E5=B9=B6=E6=B7=BB?=
 =?UTF-8?q?=E5=8A=A0=E8=A7=92=E8=89=B2=E8=BF=87=E6=BB=A4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 添加了对普通用户进行字段权限过滤的逻辑
- 使用 deepcopy 复制 serializer_class.Meta 以避免直接修改原类
- 修改 get_menu_field 方法，根据用户角色过滤字段权限
---
 backend/dvadmin/utils/viewset.py | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/backend/dvadmin/utils/viewset.py b/backend/dvadmin/utils/viewset.py
index d7d1dc0..6b5cfcb 100644
--- a/backend/dvadmin/utils/viewset.py
+++ b/backend/dvadmin/utils/viewset.py
@@ -6,6 +6,8 @@
 @Created on: 2021/6/1 001 22:57
 @Remark: 自定义视图集
 """
+import copy
+
 from django.db import transaction
 from django_filters import DateTimeFromToRangeFilter
 from django_filters.rest_framework import FilterSet
@@ -67,12 +69,14 @@ class CustomModelViewSet(ModelViewSet, ImportSerializerMixin, ExportSerializerMi
         kwargs.setdefault('context', self.get_serializer_context())
         # 全部以可见字段为准
         can_see = self.get_menu_field(serializer_class)
-        # 排除掉序列化器级的字段
-        # sub_set = set(serializer_class._declared_fields.keys()) - set(can_see)
-        # for field in sub_set:
-        #     serializer_class._declared_fields.pop(field)
-        # if not self.request.user.is_superuser:
-        #     serializer_class.Meta.fields = can_see
+        # 排除掉序列化器级的字段(排除字段权限中未授权的字段)
+        if not self.request.user.is_superuser:
+            exclude_set = set(serializer_class._declared_fields.keys()) - set(can_see)
+            for field in exclude_set:
+                serializer_class._declared_fields.pop(field)
+            meta = copy.deepcopy(serializer_class.Meta)
+            meta.fields = list(can_see)
+            serializer_class.Meta = meta
         # 在分页器中使用
         self.request.permission_fields = can_see
         if isinstance(self.request.data, list):
@@ -90,8 +94,9 @@ class CustomModelViewSet(ModelViewSet, ImportSerializerMixin, ExportSerializerMi
                 break
         if finded is False:
             return []
-        return MenuField.objects.filter(model=model['model']
-        ).values('field_name', 'title')
+        roles = self.request.user.role.values_list('id', flat=True)
+        return FieldPermission.objects.filter(is_query=True, role__in=roles, field__model=model['model']).values_list(
+            'field__field_name', flat=True)
 
     def create(self, request, *args, **kwargs):
         serializer = self.get_serializer(data=request.data, request=request)