feat: restrict material edit/delete to draft for users
This commit is contained in:
parent
bf6685c670
commit
47d798e380
|
|
@ -92,6 +92,10 @@ class MaterialViewSet(ModelViewSet):
|
|||
if (self.request.user.role != 'admin' and
|
||||
self.request.user.factory_id != self.get_object().factory_id):
|
||||
raise PermissionDenied("无权修改其他工厂的材料")
|
||||
|
||||
# 普通用户只能编辑创建中的材料
|
||||
if self.request.user.role != 'admin' and self.get_object().status != 'draft':
|
||||
raise PermissionDenied("只有创建中的材料可以编辑")
|
||||
serializer.save()
|
||||
|
||||
def perform_destroy(self, instance):
|
||||
|
|
@ -102,6 +106,10 @@ class MaterialViewSet(ModelViewSet):
|
|||
if (self.request.user.role != 'admin' and
|
||||
self.request.user.factory_id != instance.factory_id):
|
||||
raise PermissionDenied("无权删除其他工厂的材料")
|
||||
|
||||
# 普通用户只能删除创建中的材料
|
||||
if self.request.user.role != 'admin' and instance.status != 'draft':
|
||||
raise PermissionDenied("只有创建中的材料可以删除")
|
||||
instance.delete()
|
||||
|
||||
@action(detail=True, methods=['post'])
|
||||
|
|
|
|||
|
|
@ -24,11 +24,11 @@
|
|||
<template #default="scope">
|
||||
<div class="table-actions">
|
||||
<el-button size="small" @click="goDetail(scope.row)">详情</el-button>
|
||||
<el-button size="small" @click="openEdit(scope.row)">编辑</el-button>
|
||||
<el-button v-if="canEdit(scope.row)" size="small" @click="openEdit(scope.row)">编辑</el-button>
|
||||
<el-button v-if="canSubmit(scope.row)" size="small" type="warning" @click="onSubmitAudit(scope.row)">提交审核</el-button>
|
||||
<el-button v-if="canApprove(scope.row)" size="small" type="success" @click="onApprove(scope.row)">审核通过</el-button>
|
||||
<el-button v-if="canApprove(scope.row)" size="small" type="danger" @click="onReject(scope.row)">审核拒绝</el-button>
|
||||
<el-button size="small" type="danger" @click="onDelete(scope.row)">删除</el-button>
|
||||
<el-button v-if="canDelete(scope.row)" size="small" type="danger" @click="onDelete(scope.row)">删除</el-button>
|
||||
</div>
|
||||
</template>
|
||||
</el-table-column>
|
||||
|
|
@ -399,6 +399,8 @@ const onReject = async (row) => {
|
|||
loadMaterials()
|
||||
}
|
||||
|
||||
const canEdit = (row) => isAdmin.value || row.status === 'draft'
|
||||
const canDelete = (row) => isAdmin.value || row.status === 'draft'
|
||||
const canSubmit = (row) => !isAdmin.value && row.status === 'draft'
|
||||
const canApprove = (row) => isAdmin.value && row.status === 'pending'
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue