From a360299bc2735787de2d21a6c84d9d52e58365f4 Mon Sep 17 00:00:00 2001 From: caoqianming Date: Thu, 13 May 2021 09:25:33 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9D=83=E9=99=90=E6=8E=A7=E5=88=B6bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- client_mp/pages/inspectrecord/recorddetail.vue | 1 - server/apps/quality/permission.py | 3 +++ server/apps/quality/views.py | 14 +++++++++++--- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/client_mp/pages/inspectrecord/recorddetail.vue b/client_mp/pages/inspectrecord/recorddetail.vue index b6bd469..b4059fa 100644 --- a/client_mp/pages/inspectrecord/recorddetail.vue +++ b/client_mp/pages/inspectrecord/recorddetail.vue @@ -68,7 +68,6 @@ this.$u.api.getInspectRecord(id).then(res => { this.form = res.data let fileList = [] - console.log(this.vuex_token) for (var i = 0; i < res.data.imgs_.length; i++) { fileList.push(res.data.imgs_[i].file + '?token='+ this.vuex_token) } diff --git a/server/apps/quality/permission.py b/server/apps/quality/permission.py index 62a09ad..ee5e176 100644 --- a/server/apps/quality/permission.py +++ b/server/apps/quality/permission.py @@ -3,13 +3,16 @@ from .models import * class IsSubInspectTaskLeader(RbacPermission): def has_object_permission(self, request, view, obj): + print(obj, request.user.name) if InspectTeam.objects.filter(subtask=obj.subtask, type='组长').first().member == request.user: # 如果是组长 return True return False class IsInspectRecordChecker(RbacPermission): + def has_object_permission(self, request, view, obj): + print(2, obj, request.user.name) if obj.checker == request.user or obj.checker == None: return True return False \ No newline at end of file diff --git a/server/apps/quality/views.py b/server/apps/quality/views.py index a4796fd..a92e5ca 100644 --- a/server/apps/quality/views.py +++ b/server/apps/quality/views.py @@ -7,6 +7,7 @@ from django.shortcuts import render from django.utils import timezone from rest_framework import status from rest_framework.decorators import action, permission_classes +from rest_framework.exceptions import PermissionDenied from rest_framework.mixins import CreateModelMixin, DestroyModelMixin, ListModelMixin, RetrieveModelMixin from rest_framework.permissions import IsAdminUser from rest_framework.response import Response @@ -275,8 +276,7 @@ class InspectRecordViewSet(OptimizationMixin, PageOrNot, ModelViewSet): return InspectRecordDetailSerializer return InspectRecordListSerializer - @action(methods=['post'], detail=False, perms_map = {'post':'inspectrecord_update'}, - permission_classes=[IsAdminUser|IsSubInspectTaskLeader]) + @action(methods=['post'], detail=False, perms_map = {'post':'inspectrecord_update'}) def appoint(self, request, *args, **kwargs): """ 检查项目指派 @@ -284,10 +284,15 @@ class InspectRecordViewSet(OptimizationMixin, PageOrNot, ModelViewSet): """ data = request.data records = InspectRecord.objects.filter(id__in=data['records']) + subtask = records.first().subtask + if request.user == InspectTeam.objects.get(subtask=subtask, type='组长').member: + pass + else: + raise PermissionDenied checker = User.objects.get(pk=data['checker']) records.filter(checked=False).update(checker=checker) # 子任务下未分配检查项目按该逻辑分配 - subtask = records.first().subtask + items = records.values_list('item', flat=True) InspectRecord.objects.filter(item__in=items, subtask=subtask, checker__isnull=True, checked= False).update(checker=checker) return Response(status=status.HTTP_200_OK) @@ -299,6 +304,9 @@ class InspectRecordViewSet(OptimizationMixin, PageOrNot, ModelViewSet): 提交单条记录检查结果 """ instance = self.get_object() + leader = InspectTeam.objects.get(subtask=instance.subtask, type='组长').member + if request.user == instance.checker or request.user == None or request.user == leader: + raise PermissionDenied if instance.subtask.state == '执行中': serializer = InspectRecordCheckSerializer(instance, data=request.data) serializer.is_valid(raise_exception=True)