admin/django-vue3-admin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(utils): 完善字段权限控制并添加角色过滤

Browse Source 
- 添加了对普通用户进行字段权限过滤的逻辑
- 使用 deepcopy 复制 serializer_class.Meta 以避免直接修改原类
- 修改 get_menu_field 方法,根据用户角色过滤字段权限
This commit is contained in:
1638245306
2025-02-09 23:17:26 +08:00
parent 77bfc87679
commit c6a2073537
1 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
backend/dvadmin/utils/viewset.py
View File

@@ -6,6 +6,8 @@
@Created on: 2021/6/1 001 22:57 @Created on: 2021/6/1 001 22:57
@Remark: 自定义视图集 @Remark: 自定义视图集
""" """
import copy
from django.db import transaction from django.db import transaction
from django_filters import DateTimeFromToRangeFilter from django_filters import DateTimeFromToRangeFilter
from django_filters.rest_framework import FilterSet from django_filters.rest_framework import FilterSet
@@ -67,12 +69,14 @@ class CustomModelViewSet(ModelViewSet, ImportSerializerMixin, ExportSerializerMi
kwargs.setdefault('context', self.get_serializer_context()) kwargs.setdefault('context', self.get_serializer_context())
# 全部以可见字段为准 # 全部以可见字段为准
can_see = self.get_menu_field(serializer_class) can_see = self.get_menu_field(serializer_class)
# 排除掉序列化器级的字段 # 排除掉序列化器级的字段(排除字段权限中未授权的字段)
# sub_set = set(serializer_class._declared_fields.keys()) - set(can_see) if not self.request.user.is_superuser:
# for field in sub_set: exclude_set = set(serializer_class._declared_fields.keys()) - set(can_see)
# serializer_class._declared_fields.pop(field) for field in exclude_set:
# if not self.request.user.is_superuser: serializer_class._declared_fields.pop(field)
# serializer_class.Meta.fields = can_see meta = copy.deepcopy(serializer_class.Meta)
meta.fields = list(can_see)
serializer_class.Meta = meta
# 在分页器中使用 # 在分页器中使用
self.request.permission_fields = can_see self.request.permission_fields = can_see
if isinstance(self.request.data, list): if isinstance(self.request.data, list):
@@ -90,8 +94,9 @@ class CustomModelViewSet(ModelViewSet, ImportSerializerMixin, ExportSerializerMi
break break
if finded is False: if finded is False:
return [] return []
return MenuField.objects.filter(model=model['model'] roles = self.request.user.role.values_list('id', flat=True)
).values('field_name', 'title') return FieldPermission.objects.filter(is_query=True, role__in=roles, field__model=model['model']).values_list(
'field__field_name', flat=True)
def create(self, request, *args, **kwargs): def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data, request=request) serializer = self.get_serializer(data=request.data, request=request)