feat: mio和mioitem的权限控制

2023-10-11 16:27:44 +08:00 · 2023-10-11 16:27:44 +08:00 · 56ed286eaf
parent 1cc632b35b
commit 56ed286eaf
2 changed files with 12 additions and 0 deletions
--- a/apps/inm/views.py
+++ b/apps/inm/views.py
@ -13,6 +13,7 @@ from apps.inm.serializers import (
 from apps.utils.viewsets import CustomGenericViewSet, CustomModelViewSet
 from apps.inm.services import InmService
 from apps.utils.mixins import BulkCreateModelMixin, BulkDestroyModelMixin, BulkUpdateModelMixin
+from apps.utils.permission import has_perm


 # Create your views here.
@ -112,11 +113,14 @@ class MIOViewSet(ListModelMixin, BulkCreateModelMixin, BulkUpdateModelMixin, Des

    出入库记录
    """
+    perms_map = {'get': '*', 'post': 'mio.create',
+                 'put': 'mio.update', 'delete': 'mio.delete'}
    queryset = MIO.objects.all()
    select_related_fields = ['create_by', 'belong_dept', 'do_user',
                             'submit_user', 'supplier', 'order', 'customer', 'pu_order']
    serializer_class = MIOListSerializer
    filterset_fields = ['state', 'type', 'pu_order', 'order']
+    data_filter = True

    def get_serializer(self, *args, **kwargs):
        if self.action in ['create', 'update', 'partial_update']:
@ -172,4 +176,6 @@ class MIOItemViewSet(ListModelMixin, BulkCreateModelMixin, BulkDestroyModelMixin
    def perform_destroy(self, instance):
        if instance.state != MIO.MIO_CREATE:
            raise ParseError('出入库记录非创建中不可删除')
+        if has_perm(self.request.user, ['mio.update']) is False and instance.mio.create_by != self.request.user:
+            raise PermissionDenied('无权限删除')
        return super().perform_destroy(instance)
--- a/apps/utils/viewsets.py
+++ b/apps/utils/viewsets.py
@ -92,6 +92,7 @@ class CustomGenericViewSet(MyLoggingMixin, GenericViewSet):
            queryset = queryset.select_related(*self.select_related_fields)
        if self.prefetch_related_fields:
            queryset = queryset.prefetch_related(*self.prefetch_related_fields)
+        self.filter_customer(queryset)
        if self.data_filter:
            user = self.request.user
            if user.is_superuser:
@ -128,6 +129,11 @@ class CustomGenericViewSet(MyLoggingMixin, GenericViewSet):
                        return queryset.none()
        return queryset

+    def filter_custom(self, queryset):
+        """自定义过滤逻辑需要的时候可重写
+        """
+        pass
+
    def filter_s_a_b(self, queryset, dept):
        """过滤同级及以下, 可重写
        """