diff --git a/backend/dvadmin/utils/filters.py b/backend/dvadmin/utils/filters.py index f129945..b68ec9e 100644 --- a/backend/dvadmin/utils/filters.py +++ b/backend/dvadmin/utils/filters.py @@ -75,7 +75,7 @@ class DataLevelPermissionsFilter(BaseFilterBackend): if item.get("permission__api") ] for item in api_white_list: - new_api = api + ":" + str(method) + new_api = f"{api}:{method}" matchObj = re.match(item, new_api, re.M | re.I) if matchObj is None: continue @@ -86,74 +86,78 @@ class DataLevelPermissionsFilter(BaseFilterBackend): 如果不是超级管理员,则进入下一步权限判断 """ if request.user.is_superuser == 0: - # 0. 获取用户的部门id,没有部门则返回空 - user_dept_id = getattr(request.user, "dept_id", None) - if not user_dept_id: - return queryset.none() - - # 1. 判断过滤的数据是否有创建人所在部门 "dept_belong_id" 字段 - if not getattr(queryset.model, "dept_belong_id", None): - return queryset - - # 2. 如果用户没有关联角色则返回本部门数据 - if not hasattr(request.user, "role"): - return queryset.filter(dept_belong_id=user_dept_id) - - # 3. 根据所有角色 获取所有权限范围 - # (0, "仅本人数据权限"), - # (1, "本部门及以下数据权限"), - # (2, "本部门数据权限"), - # (3, "全部数据权限"), - # (4, "自定数据权限") - replace_str = re.compile('\d') - re_api = replace_str.sub('{id}', api) - role_id_list = request.user.role.values_list('id', flat=True) - role_permission_list=RoleMenuButtonPermission.objects.filter( - role__in=role_id_list, - role__status=1, - menu_button__api=re_api, - menu_button__method=method).values( - 'data_range', - role_admin=F('role__admin') - ) - dataScope_list = [] # 权限范围列表 - for ele in role_permission_list: - # 判断用户是否为超级管理员角色/如果拥有[全部数据权限]则返回所有数据 - if 3 == ele.get("data_range") or ele.get("role_admin") == True: - return queryset - dataScope_list.append(ele.get("data_range")) - dataScope_list = list(set(dataScope_list)) - - # 4. 只为仅本人数据权限时只返回过滤本人数据,并且部门为自己本部门(考虑到用户会变部门,只能看当前用户所在的部门数据) - if 0 in dataScope_list: - return queryset.filter( - creator=request.user, dept_belong_id=user_dept_id - ) - - # 5. 自定数据权限 获取部门,根据部门过滤 - dept_list = [] - for ele in dataScope_list: - if ele == 4: - dept_list.extend( - request.user.role.filter(status=1).values_list( - "dept__id", flat=True - ) - ) - elif ele == 2: - dept_list.append(user_dept_id) - elif ele == 1: - dept_list.append(user_dept_id) - dept_list.extend( - get_dept( - user_dept_id, - ) - ) - if queryset.model._meta.model_name == 'dept': - return queryset.filter(id__in=list(set(dept_list))) - return queryset.filter(dept_belong_id__in=list(set(dept_list))) + return self._extracted_from_filter_queryset_33(request, queryset, api, method) else: return queryset + # TODO Rename this here and in `filter_queryset` + def _extracted_from_filter_queryset_33(self, request, queryset, api, method): + # 0. 获取用户的部门id,没有部门则返回空 + user_dept_id = getattr(request.user, "dept_id", None) + if not user_dept_id: + return queryset.none() + + # 1. 判断过滤的数据是否有创建人所在部门 "dept_belong_id" 字段 + if not getattr(queryset.model, "dept_belong_id", None): + return queryset + + # 2. 如果用户没有关联角色则返回本部门数据 + if not hasattr(request.user, "role"): + return queryset.filter(dept_belong_id=user_dept_id) + + # 3. 根据所有角色 获取所有权限范围 + # (0, "仅本人数据权限"), + # (1, "本部门及以下数据权限"), + # (2, "本部门数据权限"), + # (3, "全部数据权限"), + # (4, "自定数据权限") + replace_str = re.compile('\d') + re_api = replace_str.sub('{id}', api) + role_id_list = request.user.role.values_list('id', flat=True) + role_permission_list=RoleMenuButtonPermission.objects.filter( + role__in=role_id_list, + role__status=1, + menu_button__api=re_api, + menu_button__method=method).values( + 'data_range', + role_admin=F('role__admin') + ) + dataScope_list = [] # 权限范围列表 + for ele in role_permission_list: + # 判断用户是否为超级管理员角色/如果拥有[全部数据权限]则返回所有数据 + if ele.get("data_range") == 3 or ele.get("role_admin") == True: + return queryset + dataScope_list.append(ele.get("data_range")) + dataScope_list = list(set(dataScope_list)) + + # 4. 只为仅本人数据权限时只返回过滤本人数据,并且部门为自己本部门(考虑到用户会变部门,只能看当前用户所在的部门数据) + if 0 in dataScope_list: + return queryset.filter( + creator=request.user, dept_belong_id=user_dept_id + ) + + # 5. 自定数据权限 获取部门,根据部门过滤 + dept_list = [] + for ele in dataScope_list: + if ele == 1: + dept_list.append(user_dept_id) + dept_list.extend( + get_dept( + user_dept_id, + ) + ) + elif ele == 2: + dept_list.append(user_dept_id) + elif ele == 4: + dept_list.extend( + request.user.role.filter(status=1).values_list( + "dept__id", flat=True + ) + ) + if queryset.model._meta.model_name == 'dept': + return queryset.filter(id__in=list(set(dept_list))) + return queryset.filter(dept_belong_id__in=list(set(dept_list))) + class CustomDjangoFilterBackend(DjangoFilterBackend): lookup_prefixes = { diff --git a/web/package.json b/web/package.json index 345af77..43fdacf 100644 --- a/web/package.json +++ b/web/package.json @@ -49,7 +49,7 @@ "vue-grid-layout": "^3.0.0-beta1", "vue-i18n": "^9.2.2", "vue-router": "^4.1.6", - "vxe-table": "^4.3.10", + "vxe-table": "^4.4.1", "xe-utils": "^3.5.7" }, "devDependencies": {