zcdsj
/
factory
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

swagger bug

This commit is contained in:
caoqianming 2022-11-02 15:18:30 +08:00
parent a5940c869c
commit 64a331a825
4 changed files with 20 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
apps/rpm/views.py
View File

@ -32,8 +32,9 @@ class RpartyViewSet(CustomModelViewSet):
def get_queryset(self):
queryset = super().get_queryset()
# 防止越权,加入的逻辑,可以通过岗位控权实现
if self.request.user.type == 'remployee':
queryset = queryset.filter(dept=self.request.user.belong_dept)
user = self.request.user
if user.is_authenticated and user.type == 'remployee':
queryset = queryset.filter(dept=user.belong_dept)
return queryset
@action(methods=['post'], detail=True, perms_map={'post': 'rparty:assgin'}, serializer_class=RpartyAssignSerializer)
@ -88,8 +89,9 @@ class RfileViewSet(ListModelMixin, CustomGenericViewSet):
def get_queryset(self):
queryset = super().get_queryset()
# 防止越权,加入的逻辑,可以通过岗位控权实现
if self.request.user.type == 'remployee':
queryset = queryset.filter(rparty__dept=self.request.user.belong_dept)
user = self.request.user
if user.is_authenticated and user.type == 'remployee':
queryset = queryset.filter(rparty__dept=user.belong_dept)
return queryset
@ -107,8 +109,9 @@ class RemployeeViewSet(CustomModelViewSet):
def get_queryset(self):
queryset = super().get_queryset()
if self.request.user.type == 'remployee':
queryset = queryset.filter(rparty__dept=self.request.user.belong_dept)
user = self.request.user
if user.is_authenticated and user.type == 'remployee':
queryset = queryset.filter(rparty__dept=user.belong_dept)
return queryset
@transaction.atomic
@ -147,8 +150,9 @@ class RcertificateViewSet(CustomModelViewSet):
def get_queryset(self):
queryset = super().get_queryset()
if self.request.user.type == 'remployee':
queryset = queryset.filter(remployee__rparty__dept=self.request.user.belong_dept)
user = self.request.user
if user.is_authenticated and user.type == 'remployee':
queryset = queryset.filter(remployee__rparty__dept=user.belong_dept)
return queryset
@ -166,8 +170,9 @@ class RpjViewSet(CustomModelViewSet):
def get_queryset(self):
queryset = super().get_queryset()
if self.request.user.type == 'remployee':
queryset = queryset.filter(rparty__dept=self.request.user.belong_dept)
user = self.request.user
if user.is_authenticated and user.type == 'remployee':
queryset = queryset.filter(rparty__dept=user.belong_dept)
return queryset
@transaction.atomic

2
apps/utils/permission.py
View File

@ -33,7 +33,7 @@ def get_user_perms_map(user):
user_perms_map[code][dept_id] = data_range
else:
user_perms_map[code] = {dept_id: pr.data_range}
cache.set('perms_' + user.id, user_perms_map, timeout=None)
cache.set('perms_' + str(user.id), user_perms_map, timeout=None)
return user_perms_map

7
apps/utils/viewsets.py
View File

@ -59,11 +59,10 @@ class CustomGenericViewSet(MyLoggingMixin, GenericViewSet):
if self.prefetch_related_fields:
queryset = queryset.prefetch_related(*self.prefetch_related_fields)
if self.data_filter:
if self.request.user.is_superuser:
return queryset
# if hasattr(queryset.model, 'belong_dept'):
user = self.request.user
user_perms_map = cache.get('perms_' + user.id, None)
if user.is_superuser:
return queryset
user_perms_map = cache.get('perms_' + str(user.id), None)
if user_perms_map is None:
user_perms_map = get_user_perms_map(self.request.user)
if isinstance(user_perms_map, dict):

2
apps/vm/views.py
View File

@ -35,7 +35,7 @@ class VisitViewSet(CustomModelViewSet):
def get_queryset(self):
user = self.request.user
queryset = super().get_queryset()
if user.type != 'employee':
if user.is_authenticated and user.type != 'employee':
queryset = queryset.filter(create_by=user)
return queryset