zcdsj
/
mat
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: restrict material edit/delete to draft for users

This commit is contained in:
caoqianming 2026-03-11 12:07:33 +08:00
parent bf6685c670
commit 47d798e380
2 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
backend/apps/material/views.py
View File

@ -92,6 +92,10 @@ class MaterialViewSet(ModelViewSet):
if (self.request.user.role != 'admin' and if (self.request.user.role != 'admin' and
self.request.user.factory_id != self.get_object().factory_id): self.request.user.factory_id != self.get_object().factory_id):
raise PermissionDenied("无权修改其他工厂的材料") raise PermissionDenied("无权修改其他工厂的材料")
# 普通用户只能编辑创建中的材料
if self.request.user.role != 'admin' and self.get_object().status != 'draft':
raise PermissionDenied("只有创建中的材料可以编辑")
serializer.save() serializer.save()
def perform_destroy(self, instance): def perform_destroy(self, instance):
@ -102,6 +106,10 @@ class MaterialViewSet(ModelViewSet):
if (self.request.user.role != 'admin' and if (self.request.user.role != 'admin' and
self.request.user.factory_id != instance.factory_id): self.request.user.factory_id != instance.factory_id):
raise PermissionDenied("无权删除其他工厂的材料") raise PermissionDenied("无权删除其他工厂的材料")
# 普通用户只能删除创建中的材料
if self.request.user.role != 'admin' and instance.status != 'draft':
raise PermissionDenied("只有创建中的材料可以删除")
instance.delete() instance.delete()
@action(detail=True, methods=['post']) @action(detail=True, methods=['post'])

6
frontend/src/views/MaterialManage.vue
View File

@ -24,11 +24,11 @@
<template #default="scope"> <template #default="scope">
<div class="table-actions"> <div class="table-actions">
<el-button size="small" @click="goDetail(scope.row)">详情</el-button> <el-button size="small" @click="goDetail(scope.row)">详情</el-button>
<el-button size="small" @click="openEdit(scope.row)">编辑</el-button> <el-button v-if="canEdit(scope.row)" size="small" @click="openEdit(scope.row)">编辑</el-button>
<el-button v-if="canSubmit(scope.row)" size="small" type="warning" @click="onSubmitAudit(scope.row)">提交审核</el-button> <el-button v-if="canSubmit(scope.row)" size="small" type="warning" @click="onSubmitAudit(scope.row)">提交审核</el-button>
<el-button v-if="canApprove(scope.row)" size="small" type="success" @click="onApprove(scope.row)">审核通过</el-button> <el-button v-if="canApprove(scope.row)" size="small" type="success" @click="onApprove(scope.row)">审核通过</el-button>
<el-button v-if="canApprove(scope.row)" size="small" type="danger" @click="onReject(scope.row)">审核拒绝</el-button> <el-button v-if="canApprove(scope.row)" size="small" type="danger" @click="onReject(scope.row)">审核拒绝</el-button>
<el-button size="small" type="danger" @click="onDelete(scope.row)">删除</el-button> <el-button v-if="canDelete(scope.row)" size="small" type="danger" @click="onDelete(scope.row)">删除</el-button>
</div> </div>
</template> </template>
</el-table-column> </el-table-column>
@ -399,6 +399,8 @@ const onReject = async (row) => {
loadMaterials() loadMaterials()
} }
const canEdit = (row) => isAdmin.value || row.status === 'draft'
const canDelete = (row) => isAdmin.value || row.status === 'draft'
const canSubmit = (row) => !isAdmin.value && row.status === 'draft' const canSubmit = (row) => !isAdmin.value && row.status === 'draft'
const canApprove = (row) => isAdmin.value && row.status === 'pending' const canApprove = (row) => isAdmin.value && row.status === 'pending'