From 47d798e3803aedcfb2d38801ceaf87a4f59a6492 Mon Sep 17 00:00:00 2001 From: caoqianming Date: Wed, 11 Mar 2026 12:07:33 +0800 Subject: [PATCH] feat: restrict material edit/delete to draft for users --- backend/apps/material/views.py | 8 ++++++++ frontend/src/views/MaterialManage.vue | 6 ++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/backend/apps/material/views.py b/backend/apps/material/views.py index c22df97..34304b1 100644 --- a/backend/apps/material/views.py +++ b/backend/apps/material/views.py @@ -92,6 +92,10 @@ class MaterialViewSet(ModelViewSet): if (self.request.user.role != 'admin' and self.request.user.factory_id != self.get_object().factory_id): raise PermissionDenied("无权修改其他工厂的材料") + + # 普通用户只能编辑创建中的材料 + if self.request.user.role != 'admin' and self.get_object().status != 'draft': + raise PermissionDenied("只有创建中的材料可以编辑") serializer.save() def perform_destroy(self, instance): @@ -102,6 +106,10 @@ class MaterialViewSet(ModelViewSet): if (self.request.user.role != 'admin' and self.request.user.factory_id != instance.factory_id): raise PermissionDenied("无权删除其他工厂的材料") + + # 普通用户只能删除创建中的材料 + if self.request.user.role != 'admin' and instance.status != 'draft': + raise PermissionDenied("只有创建中的材料可以删除") instance.delete() @action(detail=True, methods=['post']) diff --git a/frontend/src/views/MaterialManage.vue b/frontend/src/views/MaterialManage.vue index e683eab..28c2025 100644 --- a/frontend/src/views/MaterialManage.vue +++ b/frontend/src/views/MaterialManage.vue @@ -24,11 +24,11 @@ @@ -399,6 +399,8 @@ const onReject = async (row) => { loadMaterials() } +const canEdit = (row) => isAdmin.value || row.status === 'draft' +const canDelete = (row) => isAdmin.value || row.status === 'draft' const canSubmit = (row) => !isAdmin.value && row.status === 'draft' const canApprove = (row) => isAdmin.value && row.status === 'pending'