rbac permission bug
This commit is contained in:
parent
e2a20fe67a
commit
d748a8dd59
|
@ -277,6 +277,11 @@ class UserPostSerializer(CustomModelSerializer):
|
||||||
model = UserPost
|
model = UserPost
|
||||||
fields = '__all__'
|
fields = '__all__'
|
||||||
|
|
||||||
|
class UserPostCreateSerializer(CustomModelSerializer):
|
||||||
|
class Meta:
|
||||||
|
model = UserPost
|
||||||
|
exclude = EXCLUDE_FIELDS_BASE
|
||||||
|
|
||||||
|
|
||||||
class UserInfoSerializer(CustomModelSerializer):
|
class UserInfoSerializer(CustomModelSerializer):
|
||||||
posts_ = UserPostSerializer(source='post', read_only=True)
|
posts_ = UserPostSerializer(source='post', read_only=True)
|
||||||
|
|
|
@ -29,7 +29,7 @@ from .serializers import (DeptCreateUpdateSerializer, DeptSerializer, DictCreate
|
||||||
FileSerializer, PermissionCreateUpdateSerializer, PermissionSerializer, PostCreateUpdateSerializer, PostSerializer,
|
FileSerializer, PermissionCreateUpdateSerializer, PermissionSerializer, PostCreateUpdateSerializer, PostSerializer,
|
||||||
PTaskCreateUpdateSerializer, PTaskResultSerializer,
|
PTaskCreateUpdateSerializer, PTaskResultSerializer,
|
||||||
PTaskSerializer, RoleCreateUpdateSerializer, RoleSerializer,
|
PTaskSerializer, RoleCreateUpdateSerializer, RoleSerializer,
|
||||||
UserCreateSerializer, UserListSerializer,
|
UserCreateSerializer, UserListSerializer, UserPostCreateSerializer,
|
||||||
UserPostSerializer, UserUpdateSerializer)
|
UserPostSerializer, UserUpdateSerializer)
|
||||||
|
|
||||||
logger = logging.getLogger('log')
|
logger = logging.getLogger('log')
|
||||||
|
@ -253,6 +253,7 @@ class UserPostViewSet(CreateModelMixin, DestroyModelMixin, ListModelMixin, Custo
|
||||||
perms_map = {'get': '*', 'post': 'user_update', 'delete': 'user_update'}
|
perms_map = {'get': '*', 'post': 'user_update', 'delete': 'user_update'}
|
||||||
queryset = UserPost.objects.select_related('user', 'post', 'dept').all()
|
queryset = UserPost.objects.select_related('user', 'post', 'dept').all()
|
||||||
serializer_class = UserPostSerializer
|
serializer_class = UserPostSerializer
|
||||||
|
create_serializer_class = UserPostCreateSerializer
|
||||||
filterset_fields = ['user', 'post', 'dept']
|
filterset_fields = ['user', 'post', 'dept']
|
||||||
|
|
||||||
def perform_create(self, serializer):
|
def perform_create(self, serializer):
|
||||||
|
|
|
@ -47,7 +47,7 @@ class RbacPermission(BasePermission):
|
||||||
return False
|
return False
|
||||||
user_perms_map = cache.get('perms_' + request.user.id, None)
|
user_perms_map = cache.get('perms_' + request.user.id, None)
|
||||||
if user_perms_map is None:
|
if user_perms_map is None:
|
||||||
user_perms_map = get_user_perms_map(self.request.user)
|
user_perms_map = get_user_perms_map(request.user)
|
||||||
if isinstance(user_perms_map, dict):
|
if isinstance(user_perms_map, dict):
|
||||||
if 'superuser' in user_perms_map:
|
if 'superuser' in user_perms_map:
|
||||||
return True
|
return True
|
||||||
|
|
Loading…
Reference in New Issue