swagger bug
This commit is contained in:
parent
a5940c869c
commit
64a331a825
|
@ -32,8 +32,9 @@ class RpartyViewSet(CustomModelViewSet):
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
queryset = super().get_queryset()
|
queryset = super().get_queryset()
|
||||||
# 防止越权,加入的逻辑,可以通过岗位控权实现
|
# 防止越权,加入的逻辑,可以通过岗位控权实现
|
||||||
if self.request.user.type == 'remployee':
|
user = self.request.user
|
||||||
queryset = queryset.filter(dept=self.request.user.belong_dept)
|
if user.is_authenticated and user.type == 'remployee':
|
||||||
|
queryset = queryset.filter(dept=user.belong_dept)
|
||||||
return queryset
|
return queryset
|
||||||
|
|
||||||
@action(methods=['post'], detail=True, perms_map={'post': 'rparty:assgin'}, serializer_class=RpartyAssignSerializer)
|
@action(methods=['post'], detail=True, perms_map={'post': 'rparty:assgin'}, serializer_class=RpartyAssignSerializer)
|
||||||
|
@ -88,8 +89,9 @@ class RfileViewSet(ListModelMixin, CustomGenericViewSet):
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
queryset = super().get_queryset()
|
queryset = super().get_queryset()
|
||||||
# 防止越权,加入的逻辑,可以通过岗位控权实现
|
# 防止越权,加入的逻辑,可以通过岗位控权实现
|
||||||
if self.request.user.type == 'remployee':
|
user = self.request.user
|
||||||
queryset = queryset.filter(rparty__dept=self.request.user.belong_dept)
|
if user.is_authenticated and user.type == 'remployee':
|
||||||
|
queryset = queryset.filter(rparty__dept=user.belong_dept)
|
||||||
return queryset
|
return queryset
|
||||||
|
|
||||||
|
|
||||||
|
@ -107,8 +109,9 @@ class RemployeeViewSet(CustomModelViewSet):
|
||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
queryset = super().get_queryset()
|
queryset = super().get_queryset()
|
||||||
if self.request.user.type == 'remployee':
|
user = self.request.user
|
||||||
queryset = queryset.filter(rparty__dept=self.request.user.belong_dept)
|
if user.is_authenticated and user.type == 'remployee':
|
||||||
|
queryset = queryset.filter(rparty__dept=user.belong_dept)
|
||||||
return queryset
|
return queryset
|
||||||
|
|
||||||
@transaction.atomic
|
@transaction.atomic
|
||||||
|
@ -147,8 +150,9 @@ class RcertificateViewSet(CustomModelViewSet):
|
||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
queryset = super().get_queryset()
|
queryset = super().get_queryset()
|
||||||
if self.request.user.type == 'remployee':
|
user = self.request.user
|
||||||
queryset = queryset.filter(remployee__rparty__dept=self.request.user.belong_dept)
|
if user.is_authenticated and user.type == 'remployee':
|
||||||
|
queryset = queryset.filter(remployee__rparty__dept=user.belong_dept)
|
||||||
return queryset
|
return queryset
|
||||||
|
|
||||||
|
|
||||||
|
@ -166,8 +170,9 @@ class RpjViewSet(CustomModelViewSet):
|
||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
queryset = super().get_queryset()
|
queryset = super().get_queryset()
|
||||||
if self.request.user.type == 'remployee':
|
user = self.request.user
|
||||||
queryset = queryset.filter(rparty__dept=self.request.user.belong_dept)
|
if user.is_authenticated and user.type == 'remployee':
|
||||||
|
queryset = queryset.filter(rparty__dept=user.belong_dept)
|
||||||
return queryset
|
return queryset
|
||||||
|
|
||||||
@transaction.atomic
|
@transaction.atomic
|
||||||
|
|
|
@ -33,7 +33,7 @@ def get_user_perms_map(user):
|
||||||
user_perms_map[code][dept_id] = data_range
|
user_perms_map[code][dept_id] = data_range
|
||||||
else:
|
else:
|
||||||
user_perms_map[code] = {dept_id: pr.data_range}
|
user_perms_map[code] = {dept_id: pr.data_range}
|
||||||
cache.set('perms_' + user.id, user_perms_map, timeout=None)
|
cache.set('perms_' + str(user.id), user_perms_map, timeout=None)
|
||||||
return user_perms_map
|
return user_perms_map
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -59,11 +59,10 @@ class CustomGenericViewSet(MyLoggingMixin, GenericViewSet):
|
||||||
if self.prefetch_related_fields:
|
if self.prefetch_related_fields:
|
||||||
queryset = queryset.prefetch_related(*self.prefetch_related_fields)
|
queryset = queryset.prefetch_related(*self.prefetch_related_fields)
|
||||||
if self.data_filter:
|
if self.data_filter:
|
||||||
if self.request.user.is_superuser:
|
|
||||||
return queryset
|
|
||||||
# if hasattr(queryset.model, 'belong_dept'):
|
|
||||||
user = self.request.user
|
user = self.request.user
|
||||||
user_perms_map = cache.get('perms_' + user.id, None)
|
if user.is_superuser:
|
||||||
|
return queryset
|
||||||
|
user_perms_map = cache.get('perms_' + str(user.id), None)
|
||||||
if user_perms_map is None:
|
if user_perms_map is None:
|
||||||
user_perms_map = get_user_perms_map(self.request.user)
|
user_perms_map = get_user_perms_map(self.request.user)
|
||||||
if isinstance(user_perms_map, dict):
|
if isinstance(user_perms_map, dict):
|
||||||
|
|
|
@ -35,7 +35,7 @@ class VisitViewSet(CustomModelViewSet):
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
user = self.request.user
|
user = self.request.user
|
||||||
queryset = super().get_queryset()
|
queryset = super().get_queryset()
|
||||||
if user.type != 'employee':
|
if user.is_authenticated and user.type != 'employee':
|
||||||
queryset = queryset.filter(create_by=user)
|
queryset = queryset.filter(create_by=user)
|
||||||
return queryset
|
return queryset
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue