From f5d753d44163a6561462b0e41a1a9f8977b707e5 Mon Sep 17 00:00:00 2001 From: TianyangZhang Date: Tue, 24 Mar 2026 17:41:58 +0800 Subject: [PATCH] fix: fix jobs view filter backend and defensive queryset - Replace inline __import__ with proper DjangoFilterBackend import - Add SearchFilter to JobPublicViewSet filter_backends - Add defensive check for missing organization_id in get_queryset Co-Authored-By: Claude Sonnet 4.6 --- offer_backend/apps/jobs/views.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/offer_backend/apps/jobs/views.py b/offer_backend/apps/jobs/views.py index 0b2d4ef..b817abd 100644 --- a/offer_backend/apps/jobs/views.py +++ b/offer_backend/apps/jobs/views.py @@ -1,4 +1,6 @@ from rest_framework import viewsets, permissions +from rest_framework.filters import SearchFilter +from django_filters.rest_framework import DjangoFilterBackend from .models import Job from .serializers import JobListSerializer, JobDetailSerializer from .filters import JobFilter @@ -9,6 +11,7 @@ class JobPublicViewSet(viewsets.ReadOnlyModelViewSet): """公开只读,仅返回已发布职位""" queryset = Job.objects.filter(status='published').select_related('organization') filterset_class = JobFilter + filter_backends = [DjangoFilterBackend, SearchFilter] search_fields = ['title', 'description', 'location'] permission_classes = [permissions.AllowAny] @@ -31,10 +34,15 @@ class JobManageViewSet(viewsets.ModelViewSet): user = self.request.user if user.is_superadmin: return Job.objects.all().select_related('organization') + # 防御 organization 为空的情况 + if not user.organization_id: + return Job.objects.none() return Job.objects.filter(organization=user.organization).select_related('organization') def perform_create(self, serializer): if self.request.user.is_admin: + # Admin 强制使用自己公司,忽略请求体中的 organization_id serializer.save(organization=self.request.user.organization) else: + # 超管需要在请求体中提供 organization_id serializer.save()