rbac permission bug

This commit is contained in:
caoqianming 2022-04-02 10:32:09 +08:00
parent e2a20fe67a
commit d748a8dd59
3 changed files with 8 additions and 2 deletions

View File

@ -277,6 +277,11 @@ class UserPostSerializer(CustomModelSerializer):
model = UserPost
fields = '__all__'
class UserPostCreateSerializer(CustomModelSerializer):
class Meta:
model = UserPost
exclude = EXCLUDE_FIELDS_BASE
class UserInfoSerializer(CustomModelSerializer):
posts_ = UserPostSerializer(source='post', read_only=True)

View File

@ -29,7 +29,7 @@ from .serializers import (DeptCreateUpdateSerializer, DeptSerializer, DictCreate
FileSerializer, PermissionCreateUpdateSerializer, PermissionSerializer, PostCreateUpdateSerializer, PostSerializer,
PTaskCreateUpdateSerializer, PTaskResultSerializer,
PTaskSerializer, RoleCreateUpdateSerializer, RoleSerializer,
UserCreateSerializer, UserListSerializer,
UserCreateSerializer, UserListSerializer, UserPostCreateSerializer,
UserPostSerializer, UserUpdateSerializer)
logger = logging.getLogger('log')
@ -253,6 +253,7 @@ class UserPostViewSet(CreateModelMixin, DestroyModelMixin, ListModelMixin, Custo
perms_map = {'get': '*', 'post': 'user_update', 'delete': 'user_update'}
queryset = UserPost.objects.select_related('user', 'post', 'dept').all()
serializer_class = UserPostSerializer
create_serializer_class = UserPostCreateSerializer
filterset_fields = ['user', 'post', 'dept']
def perform_create(self, serializer):

View File

@ -47,7 +47,7 @@ class RbacPermission(BasePermission):
return False
user_perms_map = cache.get('perms_' + request.user.id, None)
if user_perms_map is None:
user_perms_map = get_user_perms_map(self.request.user)
user_perms_map = get_user_perms_map(request.user)
if isinstance(user_perms_map, dict):
if 'superuser' in user_perms_map:
return True