rbac permission bug

This commit is contained in:
caoqianming 2022-04-02 10:32:09 +08:00
parent e2a20fe67a
commit d748a8dd59
3 changed files with 8 additions and 2 deletions

View File

@ -277,6 +277,11 @@ class UserPostSerializer(CustomModelSerializer):
model = UserPost model = UserPost
fields = '__all__' fields = '__all__'
class UserPostCreateSerializer(CustomModelSerializer):
class Meta:
model = UserPost
exclude = EXCLUDE_FIELDS_BASE
class UserInfoSerializer(CustomModelSerializer): class UserInfoSerializer(CustomModelSerializer):
posts_ = UserPostSerializer(source='post', read_only=True) posts_ = UserPostSerializer(source='post', read_only=True)

View File

@ -29,7 +29,7 @@ from .serializers import (DeptCreateUpdateSerializer, DeptSerializer, DictCreate
FileSerializer, PermissionCreateUpdateSerializer, PermissionSerializer, PostCreateUpdateSerializer, PostSerializer, FileSerializer, PermissionCreateUpdateSerializer, PermissionSerializer, PostCreateUpdateSerializer, PostSerializer,
PTaskCreateUpdateSerializer, PTaskResultSerializer, PTaskCreateUpdateSerializer, PTaskResultSerializer,
PTaskSerializer, RoleCreateUpdateSerializer, RoleSerializer, PTaskSerializer, RoleCreateUpdateSerializer, RoleSerializer,
UserCreateSerializer, UserListSerializer, UserCreateSerializer, UserListSerializer, UserPostCreateSerializer,
UserPostSerializer, UserUpdateSerializer) UserPostSerializer, UserUpdateSerializer)
logger = logging.getLogger('log') logger = logging.getLogger('log')
@ -253,6 +253,7 @@ class UserPostViewSet(CreateModelMixin, DestroyModelMixin, ListModelMixin, Custo
perms_map = {'get': '*', 'post': 'user_update', 'delete': 'user_update'} perms_map = {'get': '*', 'post': 'user_update', 'delete': 'user_update'}
queryset = UserPost.objects.select_related('user', 'post', 'dept').all() queryset = UserPost.objects.select_related('user', 'post', 'dept').all()
serializer_class = UserPostSerializer serializer_class = UserPostSerializer
create_serializer_class = UserPostCreateSerializer
filterset_fields = ['user', 'post', 'dept'] filterset_fields = ['user', 'post', 'dept']
def perform_create(self, serializer): def perform_create(self, serializer):

View File

@ -47,7 +47,7 @@ class RbacPermission(BasePermission):
return False return False
user_perms_map = cache.get('perms_' + request.user.id, None) user_perms_map = cache.get('perms_' + request.user.id, None)
if user_perms_map is None: if user_perms_map is None:
user_perms_map = get_user_perms_map(self.request.user) user_perms_map = get_user_perms_map(request.user)
if isinstance(user_perms_map, dict): if isinstance(user_perms_map, dict):
if 'superuser' in user_perms_map: if 'superuser' in user_perms_map:
return True return True