feat: viewset中默认perms_map为{'get': '*'}
This commit is contained in:
parent
2597617a94
commit
c785409e37
|
@ -31,7 +31,8 @@ def get_user_perms_map(user):
|
||||||
if perm.codes:
|
if perm.codes:
|
||||||
for code in perm.codes:
|
for code in perm.codes:
|
||||||
if code in user_perms_map:
|
if code in user_perms_map:
|
||||||
data_range = user_perms_map[code].get(dept_id, -1)
|
data_range = user_perms_map[code].get(
|
||||||
|
dept_id, -1)
|
||||||
if pr.data_range < data_range:
|
if pr.data_range < data_range:
|
||||||
user_perms_map[code][dept_id] = pr.data_range
|
user_perms_map[code][dept_id] = pr.data_range
|
||||||
else:
|
else:
|
||||||
|
@ -77,6 +78,7 @@ class RbacDataMixin:
|
||||||
带性能优化
|
带性能优化
|
||||||
此处对性能有较大影响,根据业务需求进行修改或取舍
|
此处对性能有较大影响,根据业务需求进行修改或取舍
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
assert self.queryset is not None, (
|
assert self.queryset is not None, (
|
||||||
"'%s' should either include a `queryset` attribute, "
|
"'%s' should either include a `queryset` attribute, "
|
||||||
|
@ -103,7 +105,8 @@ class RbacDataMixin:
|
||||||
if isinstance(user_perms_map, dict):
|
if isinstance(user_perms_map, dict):
|
||||||
if hasattr(self.view, 'perms_map'):
|
if hasattr(self.view, 'perms_map'):
|
||||||
perms_map = self.view.perms_map
|
perms_map = self.view.perms_map
|
||||||
action_str = perms_map.get(self.request._request.method.lower(), None)
|
action_str = perms_map.get(
|
||||||
|
self.request._request.method.lower(), None)
|
||||||
if '*' in perms_map:
|
if '*' in perms_map:
|
||||||
return queryset
|
return queryset
|
||||||
elif action_str == '*':
|
elif action_str == '*':
|
||||||
|
@ -116,13 +119,16 @@ class RbacDataMixin:
|
||||||
return queryset
|
return queryset
|
||||||
elif data_range == DataFilter.SAMELEVE_AND_BELOW:
|
elif data_range == DataFilter.SAMELEVE_AND_BELOW:
|
||||||
if dept.parent:
|
if dept.parent:
|
||||||
belong_depts = get_child_queryset2(dept.parent)
|
belong_depts = get_child_queryset2(
|
||||||
|
dept.parent)
|
||||||
else:
|
else:
|
||||||
belong_depts = get_child_queryset2(dept)
|
belong_depts = get_child_queryset2(dept)
|
||||||
queryset = queryset.filter(belong_dept__in=belong_depts)
|
queryset = queryset.filter(
|
||||||
|
belong_dept__in=belong_depts)
|
||||||
elif data_range == DataFilter.THISLEVEL_AND_BELOW:
|
elif data_range == DataFilter.THISLEVEL_AND_BELOW:
|
||||||
belong_depts = get_child_queryset2(dept)
|
belong_depts = get_child_queryset2(dept)
|
||||||
queryset = queryset.filter(belong_dept__in=belong_depts)
|
queryset = queryset.filter(
|
||||||
|
belong_dept__in=belong_depts)
|
||||||
elif data_range == DataFilter.THISLEVEL:
|
elif data_range == DataFilter.THISLEVEL:
|
||||||
queryset = queryset.filter(belong_dept=dept)
|
queryset = queryset.filter(belong_dept=dept)
|
||||||
elif data_range == DataFilter.MYSELF:
|
elif data_range == DataFilter.MYSELF:
|
||||||
|
|
|
@ -26,7 +26,7 @@ class CustomGenericViewSet(MyLoggingMixin, GenericViewSet):
|
||||||
"""
|
"""
|
||||||
增强的GenericViewSet
|
增强的GenericViewSet
|
||||||
"""
|
"""
|
||||||
perms_map = {'get': '*'} # 权限标识
|
perms_map = {} # 权限标识
|
||||||
throttle_classes = [UserRateThrottle]
|
throttle_classes = [UserRateThrottle]
|
||||||
logging_methods = ['POST', 'PUT', 'PATCH', 'DELETE']
|
logging_methods = ['POST', 'PUT', 'PATCH', 'DELETE']
|
||||||
ordering_fields = '__all__'
|
ordering_fields = '__all__'
|
||||||
|
@ -170,7 +170,7 @@ class CustomModelViewSet(BulkCreateModelMixin, BulkUpdateModelMixin, ListModelMi
|
||||||
def __init__(self, **kwargs) -> None:
|
def __init__(self, **kwargs) -> None:
|
||||||
super().__init__(**kwargs)
|
super().__init__(**kwargs)
|
||||||
# 增加默认权限标识
|
# 增加默认权限标识
|
||||||
if not self.perms_map:
|
if not self.perms_map or self.perms_map == {'get': '*'}:
|
||||||
basename = self.basename
|
basename = self.basename
|
||||||
self.perms_map = {'get': '*', 'post': '{}.create'.format(basename), 'put': '{}.update'.format(
|
self.perms_map = {'get': '*', 'post': '{}.create'.format(basename), 'put': '{}.update'.format(
|
||||||
basename), 'patch': '{}.update'.format(basename), 'delete': '{}.delete'.format(basename)}
|
basename), 'patch': '{}.update'.format(basename), 'delete': '{}.delete'.format(basename)}
|
||||||
|
|
Loading…
Reference in New Issue