feat(role_menu_20240628): 优化权限配置
- 修复非管理员角色给其他角色分配权限的bug - 修复列权限禁用判断逻辑 - 修复自定义数据权限部门判断逻辑
This commit is contained in:
李小涛
@@ -198,6 +198,8 @@ class RoleMenuButtonPermissionViewSet(CustomModelViewSet):
|
|||||||
params = request.query_params
|
params = request.query_params
|
||||||
# 需要授权的角色信息
|
# 需要授权的角色信息
|
||||||
current_role = params.get('role', None)
|
current_role = params.get('role', None)
|
||||||
|
# 当前登录用户的角色
|
||||||
|
role_list = request.user.role.values_list('id', flat=True)
|
||||||
if current_role is None:
|
if current_role is None:
|
||||||
return ErrorResponse(msg='参数错误')
|
return ErrorResponse(msg='参数错误')
|
||||||
is_superuser = request.user.is_superuser
|
is_superuser = request.user.is_superuser
|
||||||
@@ -243,20 +245,27 @@ class RoleMenuButtonPermissionViewSet(CustomModelViewSet):
|
|||||||
)
|
)
|
||||||
|
|
||||||
for column_item in menu_item.menufield_set.all():
|
for column_item in menu_item.menufield_set.all():
|
||||||
|
# 需要授权角色已拥有的列权限
|
||||||
fieldpermission_queryset = column_item.menu_field.filter(role_id=current_role).first()
|
fieldpermission_queryset = column_item.menu_field.filter(role_id=current_role).first()
|
||||||
query = fieldpermission_queryset.is_query if fieldpermission_queryset else None
|
is_query = fieldpermission_queryset.is_query if fieldpermission_queryset else None
|
||||||
create = fieldpermission_queryset.is_create if fieldpermission_queryset else None
|
is_create = fieldpermission_queryset.is_create if fieldpermission_queryset else None
|
||||||
update = fieldpermission_queryset.is_update if fieldpermission_queryset else None
|
is_update = fieldpermission_queryset.is_update if fieldpermission_queryset else None
|
||||||
|
# 当前登录用户角色可分配的列权限
|
||||||
|
fieldpermission_queryset_disabled = column_item.menu_field.filter(role_id__in=role_list).first()
|
||||||
|
disabled_query = fieldpermission_queryset_disabled.is_query if fieldpermission_queryset else None
|
||||||
|
disabled_create = fieldpermission_queryset_disabled.is_create if fieldpermission_queryset else None
|
||||||
|
disabled_update = fieldpermission_queryset_disabled.is_update if fieldpermission_queryset else None
|
||||||
|
|
||||||
dicts['columns'].append({
|
dicts['columns'].append({
|
||||||
'id': column_item.id,
|
'id': column_item.id,
|
||||||
'field_name': column_item.field_name,
|
'field_name': column_item.field_name,
|
||||||
'title': column_item.title,
|
'title': column_item.title,
|
||||||
'is_query': query,
|
'is_query': is_query,
|
||||||
'is_create': create,
|
'is_create': is_create,
|
||||||
'is_update': update,
|
'is_update': is_update,
|
||||||
'disabled_query': False if is_superuser else not query,
|
'disabled_query': False if is_superuser else not disabled_query,
|
||||||
'disabled_create': False if is_superuser else not create,
|
'disabled_create': False if is_superuser else not disabled_create,
|
||||||
'disabled_update': False if is_superuser else not update,
|
'disabled_update': False if is_superuser else not disabled_update,
|
||||||
})
|
})
|
||||||
result.append(dicts)
|
result.append(dicts)
|
||||||
return DetailResponse(data=result)
|
return DetailResponse(data=result)
|
||||||
@@ -375,11 +384,21 @@ class RoleMenuButtonPermissionViewSet(CustomModelViewSet):
|
|||||||
"""
|
"""
|
||||||
is_superuser = request.user.is_superuser
|
is_superuser = request.user.is_superuser
|
||||||
params = request.query_params
|
params = request.query_params
|
||||||
role_id = params.get('role')
|
# 需要授权的角色信息
|
||||||
|
role_id = params.get('role', None)
|
||||||
|
# 当前登录用户的角色
|
||||||
|
role_list = request.user.role.values_list('id', flat=True)
|
||||||
|
|
||||||
menu_button_id = params.get('menu_button')
|
menu_button_id = params.get('menu_button')
|
||||||
|
# 当前授权的角色已有的自定义部门权限
|
||||||
dept_checked = RoleMenuButtonPermission.objects.filter(
|
dept_checked = RoleMenuButtonPermission.objects.filter(
|
||||||
role_id=role_id, menu_button_id=menu_button_id
|
role_id=role_id, menu_button_id=menu_button_id
|
||||||
).values_list('dept', flat=True)
|
).values_list('dept', flat=True)
|
||||||
|
# 当前登录用户角色可以分配的自定义部门权限
|
||||||
|
dept_checked_disabled = RoleMenuButtonPermission.objects.filter(
|
||||||
|
role_id__in=role_list, menu_button_id=menu_button_id
|
||||||
|
).values_list('dept', flat=True)
|
||||||
|
|
||||||
dept_list = Dept.objects.values('id', 'name', 'parent')
|
dept_list = Dept.objects.values('id', 'name', 'parent')
|
||||||
data = {
|
data = {
|
||||||
'depts': [],
|
'depts': [],
|
||||||
@@ -387,7 +406,7 @@ class RoleMenuButtonPermissionViewSet(CustomModelViewSet):
|
|||||||
}
|
}
|
||||||
|
|
||||||
for dept in dept_list:
|
for dept in dept_list:
|
||||||
dept["disabled"] = False if is_superuser else dept["id"] not in dept_checked
|
dept["disabled"] = False if is_superuser else dept["id"] not in dept_checked_disabled
|
||||||
data['depts'].append(dept)
|
data['depts'].append(dept)
|
||||||
return DetailResponse(data=data)
|
return DetailResponse(data=data)
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user