修改文件

2021-03-18 11:05:51 +08:00 · 2021-03-18 11:05:51 +08:00 · a0af16de78
parent 610becb715
commit a0af16de78
3 changed files with 23 additions and 5 deletions
--- a/server/apps/supervision/views.py
+++ b/server/apps/supervision/views.py
@ -16,7 +16,7 @@ from django.utils import timezone
 from .filters import RecordFilter
 from django.db.models.query import QuerySet
 from django.core.cache import cache
-from apps.system.permission import get_permission_list
+from apps.system.permission import get_permission_list, has_permission
 # Create your views here.

 class ContentViewSet(CreateUpdateCustomMixin, ModelViewSet):
@ -121,11 +121,14 @@ class RecordViewSet(RbacFilterSet, PageOrNot, CreateUpdateCustomMixin, ModelView

    @action(methods=['get'], detail=False, perms_map = {'get':'*'})
    def todos(self, request, *args, **kwargs):
-        dept = request.user.belong_dept
+        ret={}
+        dept = request.user.dept
        objs = Record.objects.filter(is_deleted=False, belong_dept=dept)
-        toup = Record.objects.filter(is_deleted=False, belong_dept=dept, state='待上报').count()
-        tozg = Record.objects.filter(is_delete=False,belong_dept=dept,state='待整改').count()
-        return Response({'toup':toup, 'tozg':tozg})
+        ret['toup'] = objs.filter(state='待上报').count()
+        ret['tozg'] = objs.filter(state='待整改').count()
+        if has_permission('record_confirm', request.user):
+            ret['toconfirm'] = Record.objects.filter(is_deleted=False, state='已上报').count()
+        return Response(ret)

    def update(self, request, *args, **kwargs):
        instance = self.get_object()
--- a/server/apps/system/models.py
+++ b/server/apps/system/models.py
@ -125,6 +125,7 @@ class User(AbstractUser):
    def __str__(self):
        return self.username

+
 class DictType(SoftModel):
    """
    数据字典类型
--- a/server/apps/system/permission.py
+++ b/server/apps/system/permission.py
@ -21,6 +21,20 @@ def get_permission_list(user):
    cache.set(user.username + '__perms', perms_list)
    return perms_list

+def has_permission(action, user):
+    """
+    判断有无权限
+    action为操作权限
+    """
+    if user.is_superuser:
+        return True
+    else:
+        perms = cache.get(user.username + '__perms')
+        if not perms:
+            perms = get_permission_list(user)
+        if action in perms:
+            return True
+    return False

 class RbacPermission(BasePermission):
    """