diff --git a/backend/application/settings.py b/backend/application/settings.py index 1d0adf79b43c695cbb576518c213ea2837303a07..e6bdec5eaa5fa6bc0778592ace87c8da995262ef 100644 --- a/backend/application/settings.py +++ b/backend/application/settings.py @@ -404,7 +404,7 @@ PLUGINS_URL_PATTERNS = [] # ********** 一键导入插件配置开始 ********** # 例如: # from dvadmin_upgrade_center.settings import * # 升级中心 -from dvadmin3_celery.settings import * # celery 异步任务 +# from dvadmin3_celery.settings import * # celery 异步任务 # from dvadmin_third.settings import * # 第三方用户管理 # from dvadmin_ak_sk.settings import * # 秘钥管理管理 # from dvadmin_tenants.settings import * # 租户管理 diff --git a/backend/dvadmin/system/views/download_center.py b/backend/dvadmin/system/views/download_center.py index 2587d7447c6dc944d525cf44e55043a74b486524..4fa88bb9dead2d98be618894fd00bed3afe9aa39 100644 --- a/backend/dvadmin/system/views/download_center.py +++ b/backend/dvadmin/system/views/download_center.py @@ -41,6 +41,9 @@ class DownloadCenterViewSet(CustomModelViewSet): serializer_class = DownloadCenterSerializer filter_class = DownloadCenterFilterSet permission_classes = [] + extra_filter_class = [] def get_queryset(self): + if self.request.user.is_superuser: + return super().get_queryset() return super().get_queryset().filter(creator=self.request.user) diff --git a/backend/dvadmin/system/views/file_list.py b/backend/dvadmin/system/views/file_list.py index eb972709a858610125e5cb5cc94924d5922f0b82..c0fed8d289efb3bdb018edc10c73aeef5b4d4276 100644 --- a/backend/dvadmin/system/views/file_list.py +++ b/backend/dvadmin/system/views/file_list.py @@ -34,10 +34,6 @@ class FileSerializer(CustomModelSerializer): model = FileList fields = "__all__" - class Meta: - model = FileList - fields = "__all__" - def create(self, validated_data): file_engine = dispatch.get_system_config_values("fileStorageConfig.file_engine") or 'local' file_backup = dispatch.get_system_config_values("fileStorageConfig.file_backup") diff --git a/backend/dvadmin/system/views/role.py b/backend/dvadmin/system/views/role.py index a5b5a6f92802a0606466a55139f848d8227302ce..07a1637615dc75ef2afea90adc9ee19a441a8368 100644 --- a/backend/dvadmin/system/views/role.py +++ b/backend/dvadmin/system/views/role.py @@ -26,6 +26,12 @@ class RoleSerializer(CustomModelSerializer): """ 角色-序列化器 """ + users = serializers.SerializerMethodField() + + @staticmethod + def get_users(instance): + users = instance.users_set.exclude(id=1).values('id', 'name', 'dept__name') + return users class Meta: model = Role @@ -116,3 +122,23 @@ class RoleViewSet(CustomModelViewSet, FastCrudMixin,FieldPermissionMixin): create_serializer_class = RoleCreateUpdateSerializer update_serializer_class = RoleCreateUpdateSerializer search_fields = ['name', 'key'] + + @action(methods=['PUT'], detail=True, permission_classes=[IsAuthenticated]) + def set_role_users(self, request, pk): + """ + 设置 角色-用户 + :param request: + :return: + """ + data = request.data + direction = data.get('direction') + movedKeys = data.get('movedKeys') + role = Role.objects.get(pk=pk) + if direction == "left": + # left : 移除用户权限 + role.users_set.remove(*movedKeys) + else: + # right : 添加用户权限 + role.users_set.add(*movedKeys) + serializer = RoleSerializer(role) + return DetailResponse(data=serializer.data, msg="更新成功") \ No newline at end of file diff --git a/backend/dvadmin/system/views/role_menu_button_permission.py b/backend/dvadmin/system/views/role_menu_button_permission.py index 3ee596df38d01d44393910c881c6749c422ae446..723cd2a6a4af20c6d1c2b983c7d0e17d4b7383c4 100644 --- a/backend/dvadmin/system/views/role_menu_button_permission.py +++ b/backend/dvadmin/system/views/role_menu_button_permission.py @@ -6,24 +6,20 @@ @Created on: 2021/6/3 003 0:30 @Remark: 菜单按钮管理 """ -from django.db.models import F, Subquery, OuterRef, Exists, BooleanField, Q, Case, Value, When -from django.db.models.functions import Coalesce from rest_framework import serializers from rest_framework.decorators import action -from rest_framework.fields import ListField from rest_framework.permissions import IsAuthenticated -from dvadmin.system.models import RoleMenuButtonPermission, Menu, MenuButton, Dept, RoleMenuPermission, FieldPermission, \ - MenuField -from dvadmin.system.views.menu import MenuSerializer -from dvadmin.utils.json_response import DetailResponse, ErrorResponse +from dvadmin.system.models import RoleMenuButtonPermission, Menu, Dept, MenuButton, RoleMenuPermission, \ + MenuField, FieldPermission +from dvadmin.utils.json_response import DetailResponse from dvadmin.utils.serializers import CustomModelSerializer from dvadmin.utils.viewset import CustomModelViewSet class RoleMenuButtonPermissionSerializer(CustomModelSerializer): """ - 菜单按钮-序列化器 + 角色-菜单-按钮-权限 查询序列化 """ class Meta: @@ -34,7 +30,7 @@ class RoleMenuButtonPermissionSerializer(CustomModelSerializer): class RoleMenuButtonPermissionCreateUpdateSerializer(CustomModelSerializer): """ - 初始化菜单按钮-序列化器 + 角色-菜单-按钮-权限 创建/修改序列化 """ menu_button__name = serializers.CharField(source='menu_button.name', read_only=True) menu_button__value = serializers.CharField(source='menu_button.value', read_only=True) @@ -45,63 +41,99 @@ class RoleMenuButtonPermissionCreateUpdateSerializer(CustomModelSerializer): read_only_fields = ["id"] -class RoleButtonPermissionSerializer(CustomModelSerializer): +class RoleMenuSerializer(CustomModelSerializer): + """ + 角色-菜单 序列化 + """ + isCheck = serializers.SerializerMethodField() + + def get_isCheck(self, instance): + params = self.request.query_params + data = self.request.data + return RoleMenuPermission.objects.filter( + menu_id=instance.id, + role_id=params.get('roleId', data.get('roleId')), + ).exists() + + class Meta: + model = Menu + fields = ["id", "name", "parent", "is_catalog", "isCheck"] + + +class RoleMenuButtonSerializer(CustomModelSerializer): """ - 角色按钮权限 + 角色-菜单-按钮 序列化 """ isCheck = serializers.SerializerMethodField() data_range = serializers.SerializerMethodField() + role_menu_btn_perm_id = serializers.SerializerMethodField() + dept = serializers.SerializerMethodField() def get_isCheck(self, instance): params = self.request.query_params + data = self.request.data return RoleMenuButtonPermission.objects.filter( - menu_button__id=instance['id'], - role__id=params.get('role'), + menu_button_id=instance.id, + role_id=params.get('roleId', data.get('roleId')), ).exists() def get_data_range(self, instance): - params = self.request.query_params - obj = RoleMenuButtonPermission.objects.filter( - menu_button__id=instance['id'], - role__id=params.get('role'), - ).first() + obj = self.get_role_menu_btn_prem(instance) if obj is None: return None return obj.data_range - class Meta: - model = MenuButton - fields = ['id', 'name', 'value', 'isCheck', 'data_range'] + def get_role_menu_btn_perm_id(self, instance): + obj = self.get_role_menu_btn_prem(instance) + if obj is None: + return None + return obj.id + def get_dept(self, instance): + obj = self.get_role_menu_btn_prem(instance) + if obj is None: + return None + return obj.dept.all().values_list('id', flat=True) + + def get_role_menu_btn_prem(self, instance): + params = self.request.query_params + data = self.request.data + obj = RoleMenuButtonPermission.objects.filter( + menu_button_id=instance.id, + role_id=params.get('roleId', data.get('roleId')), + ).first() + return obj -class RoleFieldPermissionSerializer(CustomModelSerializer): class Meta: - model = FieldPermission - fields = "__all__" + model = MenuButton + fields = ['id', 'menu', 'name', 'isCheck', 'data_range', 'role_menu_btn_perm_id', 'dept'] class RoleMenuFieldSerializer(CustomModelSerializer): + """ + 角色-菜单-字段 序列化 + """ is_query = serializers.SerializerMethodField() is_create = serializers.SerializerMethodField() is_update = serializers.SerializerMethodField() def get_is_query(self, instance): params = self.request.query_params - queryset = instance.menu_field.filter(role=params.get('role')).first() + queryset = instance.menu_field.filter(role=params.get('roleId')).first() if queryset: return queryset.is_query return False def get_is_create(self, instance): params = self.request.query_params - queryset = instance.menu_field.filter(role=params.get('role')).first() + queryset = instance.menu_field.filter(role=params.get('roleId')).first() if queryset: return queryset.is_create return False def get_is_update(self, instance): params = self.request.query_params - queryset = instance.menu_field.filter(role=params.get('role')).first() + queryset = instance.menu_field.filter(role=params.get('roleId')).first() if queryset: return queryset.is_update return False @@ -111,54 +143,6 @@ class RoleMenuFieldSerializer(CustomModelSerializer): fields = ['id', 'field_name', 'title', 'is_query', 'is_create', 'is_update'] -class RoleMenuSerializer(CustomModelSerializer): - menus = serializers.SerializerMethodField() - - def get_menus(self, instance): - menu_list = Menu.objects.filter(parent=instance['id']).values('id', 'name') - serializer = RoleMenuPermissionSerializer(menu_list, many=True, request=self.request) - return serializer.data - - class Meta: - model = Menu - fields = ['id', 'name', 'menus'] - - -class RoleMenuPermissionSerializer(CustomModelSerializer): - """ - 菜单和按钮权限 - """ - # name = serializers.SerializerMethodField() - isCheck = serializers.SerializerMethodField() - btns = serializers.SerializerMethodField() - columns = serializers.SerializerMethodField() - - # def get_name(self, instance): - # parent_list = Menu.get_all_parent(instance['id']) - # names = [d["name"] for d in parent_list] - # return "/".join(names) - def get_isCheck(self, instance): - params = self.request.query_params - return RoleMenuPermission.objects.filter( - menu__id=instance['id'], - role__id=params.get('role'), - ).exists() - - def get_btns(self, instance): - btn_list = MenuButton.objects.filter(menu__id=instance['id']).values('id', 'name', 'value') - serializer = RoleButtonPermissionSerializer(btn_list, many=True, request=self.request) - return serializer.data - - def get_columns(self, instance): - col_list = MenuField.objects.filter(menu=instance['id']) - serializer = RoleMenuFieldSerializer(col_list, many=True, request=self.request) - return serializer.data - - class Meta: - model = Menu - fields = ['id', 'name', 'isCheck', 'btns', 'columns'] - - class RoleMenuButtonPermissionViewSet(CustomModelViewSet): """ 菜单按钮接口 @@ -174,202 +158,103 @@ class RoleMenuButtonPermissionViewSet(CustomModelViewSet): update_serializer_class = RoleMenuButtonPermissionCreateUpdateSerializer extra_filter_class = [] - # @action(methods=['GET'], detail=False, permission_classes=[IsAuthenticated]) - # def get_role_premission(self, request): - # """ - # 角色授权获取: - # :param request: role - # :return: menu,btns,columns - # """ - # params = request.query_params - # is_superuser = request.user.is_superuser - # if is_superuser: - # queryset = Menu.objects.filter(status=1, is_catalog=True).values('name', 'id').all() - # else: - # role_id = request.user.role.values_list('id', flat=True) - # menu_list = RoleMenuPermission.objects.filter(role__in=role_id).values_list('menu__id', flat=True) - # queryset = Menu.objects.filter(status=1, is_catalog=True, id__in=menu_list).values('name', 'id').all() - # serializer = RoleMenuSerializer(queryset, many=True, request=request) - # data = serializer.data - # return DetailResponse(data=data) - @action(methods=['GET'], detail=False, permission_classes=[IsAuthenticated]) - def get_role_permission(self, request): - params = request.query_params - # 需要授权的角色信息 - current_role = params.get('role', None) - # 当前登录用户的角色 - role_list = request.user.role.values_list('id', flat=True) - if current_role is None: - return ErrorResponse(msg='参数错误') - is_superuser = request.user.is_superuser - if is_superuser: - menu_queryset = Menu.objects.prefetch_related('menuPermission').prefetch_related( - 'menufield_set') - else: - role_id_list = request.user.role.values_list('id', flat=True) - menu_list = RoleMenuPermission.objects.filter(role__in=role_id_list).values_list('menu__id', flat=True) - - # 当前角色已授权的菜单 - menu_queryset = Menu.objects.filter(id__in=menu_list).prefetch_related('menuPermission').prefetch_related( - 'menufield_set') - result = [] - for menu_item in menu_queryset: - isCheck = RoleMenuPermission.objects.filter( - menu_id=menu_item.id, - role_id=current_role - ).exists() - dicts = { - 'name': menu_item.name, - 'id': menu_item.id, - 'parent': menu_item.parent.id if menu_item.parent else None, - 'isCheck': isCheck, - 'btns': [], - 'columns': [] - } - for mb_item in menu_item.menuPermission.all(): - rolemenubuttonpermission_queryset = RoleMenuButtonPermission.objects.filter( - menu_button_id=mb_item.id, - role_id=current_role - ).first() - dicts['btns'].append( - { - 'id': mb_item.id, - 'name': mb_item.name, - 'value': mb_item.value, - 'data_range': rolemenubuttonpermission_queryset.data_range - if rolemenubuttonpermission_queryset - else None, - 'isCheck': bool(rolemenubuttonpermission_queryset), - 'dept': rolemenubuttonpermission_queryset.dept.all().values_list('id', flat=True) - if rolemenubuttonpermission_queryset - else [], - } - ) - for column_item in menu_item.menufield_set.all(): - # 需要授权角色已拥有的列权限 - fieldpermission_queryset = column_item.menu_field.filter(role_id=current_role).first() - is_query = fieldpermission_queryset.is_query if fieldpermission_queryset else False - is_create = fieldpermission_queryset.is_create if fieldpermission_queryset else False - is_update = fieldpermission_queryset.is_update if fieldpermission_queryset else False - # 当前登录用户角色可分配的列权限 - fieldpermission_queryset_disabled = column_item.menu_field.filter(role_id__in=role_list).first() - disabled_query = fieldpermission_queryset_disabled.is_query if fieldpermission_queryset_disabled else True - disabled_create = fieldpermission_queryset_disabled.is_create if fieldpermission_queryset_disabled else True - disabled_update = fieldpermission_queryset_disabled.is_update if fieldpermission_queryset_disabled else True - - dicts['columns'].append({ - 'id': column_item.id, - 'field_name': column_item.field_name, - 'title': column_item.title, - 'is_query': is_query, - 'is_create': is_create, - 'is_update': is_update, - 'disabled_query': False if is_superuser else not disabled_query, - 'disabled_create': False if is_superuser else not disabled_create, - 'disabled_update': False if is_superuser else not disabled_update, - }) - result.append(dicts) - return DetailResponse(data=result) - - @action(methods=['PUT'], detail=True, permission_classes=[IsAuthenticated]) - def set_role_premission(self, request, pk): + def get_role_menu(self, request): """ - 对角色的菜单和按钮及按钮范围授权: + 获取 角色-菜单 :param request: - :param pk: role :return: """ - body = request.data - RoleMenuPermission.objects.filter(role=pk).delete() - RoleMenuButtonPermission.objects.filter(role=pk).delete() - for item in body: - if item.get('isCheck'): - RoleMenuPermission.objects.create(role_id=pk, menu_id=item["id"]) - for btn in item.get('btns'): - if btn.get('isCheck'): - data_range = btn.get('data_range', 0) or 0 - instance = RoleMenuButtonPermission.objects.create(role_id=pk, menu_button_id=btn.get('id'), - data_range=data_range) - instance.dept.set(btn.get('dept', [])) - for col in item.get('columns'): - FieldPermission.objects.update_or_create(role_id=pk, field_id=col.get('id'), - defaults={ - 'is_query': col.get('is_query'), - 'is_create': col.get('is_create'), - 'is_update': col.get('is_update') - }) - return DetailResponse(msg="授权成功") + menu_queryset = Menu.objects.all() + serializer = RoleMenuSerializer(menu_queryset, many=True, request=request) + return DetailResponse(data=serializer.data) - @action(methods=['GET'], detail=False, permission_classes=[IsAuthenticated]) - def role_menu_get_button(self, request): + @action(methods=['PUT'], detail=False, permission_classes=[IsAuthenticated]) + def set_role_menu(self, request): """ - 当前用户角色和菜单获取可下拉选项的按钮:角色授权页面使用 + 设置 角色-菜单 :param request: :return: """ - if params := request.query_params: - if menu_id := params.get('menu', None): - is_superuser = request.user.is_superuser - if is_superuser: - queryset = MenuButton.objects.filter(menu=menu_id).values('id', 'name') - else: - role_list = request.user.role.values_list('id', flat=True) - queryset = RoleMenuButtonPermission.objects.filter( - role__in=role_list, menu_button__menu=menu_id - ).values(btn_id=F('menu_button__id'), name=F('menu_button__name')) - return DetailResponse(data=queryset) - return ErrorResponse(msg="参数错误") + data = request.data + roleId = data.get('roleId') + menuId = data.get('menuId') + isCheck = data.get('isCheck') + if isCheck: + # 添加权限:创建关联记录 + instance = RoleMenuPermission.objects.create(role_id=roleId, menu_id=menuId) + else: + # 删除权限:移除关联记录 + RoleMenuPermission.objects.filter(role_id=roleId, menu_id=menuId).delete() + menu_instance = Menu.objects.get(id=menuId) + serializer = RoleMenuSerializer(menu_instance, request=request) + return DetailResponse(data=serializer.data, msg="更新成功") @action(methods=['GET'], detail=False, permission_classes=[IsAuthenticated]) - def data_scope(self, request): + def get_role_menu_btn_field(self, request): """ - 获取数据权限范围:角色授权页面使用 + 获取 角色-菜单-按钮-列字段 :param request: :return: """ - is_superuser = request.user.is_superuser - if is_superuser: - data = [ - {"value": 0, "label": '仅本人数据权限'}, - {"value": 1, "label": '本部门及以下数据权限'}, - {"value": 2, "label": '本部门数据权限'}, - {"value": 3, "label": '全部数据权限'}, - {"value": 4, "label": '自定义数据权限'} - ] - return DetailResponse(data=data) + params = request.query_params + menuId = params.get('menuId', None) + menu_btn_queryset = MenuButton.objects.filter(menu_id=menuId) + menu_btn_serializer = RoleMenuButtonSerializer(menu_btn_queryset, many=True, request=request) + menu_field_queryset = MenuField.objects.filter(menu_id=menuId) + menu_field_serializer = RoleMenuFieldSerializer(menu_field_queryset, many=True, request=request) + return DetailResponse(data={'menu_btn': menu_btn_serializer.data, 'menu_field': menu_field_serializer.data}) + + @action(methods=['PUT'], detail=True, permission_classes=[IsAuthenticated]) + def set_role_menu_field(self, request, pk): + """ + 设置 角色-菜单-列字段 + """ + data = request.data + for col in data: + FieldPermission.objects.update_or_create( + role_id=pk, field_id=col.get('id'), + defaults={ + 'is_create': col.get('is_create'), + 'is_update': col.get('is_update'), + 'is_query': col.get('is_query'), + }) + + return DetailResponse(data=[], msg="更新成功") + + @action(methods=['PUT'], detail=False, permission_classes=[IsAuthenticated]) + def set_role_menu_btn(self, request): + """ + 设置 角色-菜单-按钮 + """ + data = request.data + isCheck = data.get('isCheck', None) + roleId = data.get('roleId', None) + btnId = data.get('btnId', None) + if isCheck: + # 添加权限:创建关联记录 + RoleMenuButtonPermission.objects.create(role_id=roleId, menu_button_id=btnId) else: - params = request.query_params - data = [{"value": 0, "label": '仅本人数据权限'}] - role_list = request.user.role.values_list('id', flat=True) - # 权限页面进入初始化获取所有的数据权限范围 - role_queryset = RoleMenuButtonPermission.objects.filter( - role__in=role_list - ).values_list('data_range', flat=True) - # 通过按钮小齿轮获取指定按钮的权限 - if menu_button_id := params.get('menu_button', None): - role_queryset = RoleMenuButtonPermission.objects.filter( - role__in=role_list, menu_button__id=menu_button_id - ).values_list('data_range', flat=True) - - data_range_list = list(set(role_queryset)) - for item in data_range_list: - if item == 0: - data = data - elif item == 1: - data.extend([ - {"value": 1, "label": '本部门及以下数据权限'}, - {"value": 2, "label": '本部门数据权限'} - ]) - elif item == 2: - data.extend([{"value": 2, "label": '本部门数据权限'}]) - elif item == 3: - data.extend([{"value": 3, "label": '全部数据权限'}]) - elif item == 4: - data.extend([{"value": 4, "label": '自定义数据权限'}]) - else: - data = [] - return DetailResponse(data=data) + # 删除权限:移除关联记录 + RoleMenuButtonPermission.objects.filter(role_id=roleId, menu_button_id=btnId).delete() + menu_btn_instance = MenuButton.objects.get(id=btnId) + serializer = RoleMenuButtonSerializer(menu_btn_instance, request=request) + return DetailResponse(data=serializer.data, msg="更新成功") + + @action(methods=['PUT'], detail=False, permission_classes=[IsAuthenticated]) + def set_role_menu_btn_data_range(self, request): + """ + 设置 角色-菜单-按钮-权限 + """ + data = request.data + instance = RoleMenuButtonPermission.objects.get(id=data.get('role_menu_btn_perm_id')) + instance.data_range = data.get('data_range') + instance.dept.add(*data.get('dept')) + if not data.get('dept'): + instance.dept.clear() + instance.save() + serializer = RoleMenuButtonPermissionSerializer(instance, request=request) + return DetailResponse(data=serializer.data, msg="更新成功") @action(methods=['get'], detail=False, permission_classes=[IsAuthenticated]) def role_to_dept_all(self, request): @@ -395,55 +280,3 @@ class RoleMenuButtonPermissionViewSet(CustomModelViewSet): dept["disabled"] = False if is_superuser else dept["id"] not in dept_checked_disabled data.append(dept) return DetailResponse(data=data) - - @action(methods=['get'], detail=False, permission_classes=[IsAuthenticated]) - def menu_to_button(self, request): - """ - 根据所选择菜单获取已配置的按钮/接口权限:角色授权页面使用 - :param request: - :return: - """ - params = request.query_params - menu_id = params.get('menu', None) - if menu_id is None: - return ErrorResponse(msg="未获取到参数") - is_superuser = request.user.is_superuser - if is_superuser: - queryset = RoleMenuButtonPermission.objects.filter(menu_button__menu=menu_id).values( - 'id', - 'data_range', - 'menu_button', - 'menu_button__name', - 'menu_button__value' - ) - return DetailResponse(data=queryset) - else: - if params: - - role_id = params.get('role', None) - if role_id is None: - return ErrorResponse(msg="未获取到参数") - queryset = RoleMenuButtonPermission.objects.filter(role=role_id, menu_button__menu=menu_id).values( - 'id', - 'data_range', - 'menu_button', - 'menu_button__name', - 'menu_button__value' - ) - return DetailResponse(data=queryset) - return ErrorResponse(msg="未获取到参数") - - @action(methods=['get'], detail=False, permission_classes=[IsAuthenticated]) - def role_to_menu(self, request): - """ - 获取角色对应的按钮权限 - :param request: - :return: - """ - params = request.query_params - role_id = params.get('role', None) - if role_id is None: - return ErrorResponse(msg="未获取到参数") - queryset = RoleMenuPermission.objects.filter(role_id=role_id).values_list('menu_id', flat=True).distinct() - - return DetailResponse(data=queryset) diff --git a/backend/dvadmin/utils/field_permission.py b/backend/dvadmin/utils/field_permission.py index 7c259f6820b2040171c9db8f2d06b25b35ea9d95..87026845f3972ce67daf4a0833e2e0aee918f00d 100644 --- a/backend/dvadmin/utils/field_permission.py +++ b/backend/dvadmin/utils/field_permission.py @@ -1,71 +1,43 @@ # -*- coding: utf-8 -*- - -from itertools import groupby - from django.db.models import F from rest_framework.decorators import action from rest_framework.permissions import IsAuthenticated from dvadmin.system.models import FieldPermission, MenuField from dvadmin.utils.json_response import DetailResponse -from dvadmin.utils.models import get_custom_app_models + + +def merge_permission(data): + """ + 合并权限 + """ + result = {} + for item in data: + field_name = item.pop('field_name') + if field_name not in result: + result[field_name] = item + else: + for key, value in item.items(): + result[field_name][key] = result[field_name][key] or value + return result class FieldPermissionMixin: - @action(methods=['get'], detail=False,permission_classes=[IsAuthenticated]) + @action(methods=['get'], detail=False, permission_classes=[IsAuthenticated]) def field_permission(self, request): """ 获取字段权限 """ - finded = False - for model in get_custom_app_models(): - if model['object'] is self.serializer_class.Meta.model: - finded = True - break - if finded: - break - if finded is False: - return [] + model = self.serializer_class.Meta.model.__name__ user = request.user - if user.is_superuser==1: - data = MenuField.objects.filter( model=model['model']).values('field_name') - for item in data: - item['is_create'] = True - item['is_query'] = True - item['is_update'] = True + # 创建一个默认字典来存储最终的结果 + if user.is_superuser == 1: + data = MenuField.objects.filter(model=model).values('field_name') + result = {item['field_name']: {"is_create": True, "is_query": True, "is_update": True} for item in data} else: roles = request.user.role.values_list('id', flat=True) - data= FieldPermission.objects.filter( - field__model=model['model'],role__in=roles - ).values( 'is_create', 'is_query', 'is_update',field_name=F('field__field_name')) - - """ - 合并权限 - - 这段代码首先根据 field_name 对列表进行排序, - 然后使用 groupby 按 field_name 进行分组。 - 对于每个组,它创建一个新的字典 merged, - 并遍历组中的每个字典,将布尔值字段使用逻辑或(or)操作符进行合并(如果 merged 中还没有该字段,则默认为 False), - 其他字段(如 field_name)则直接取组的关键字(即 key) - """ - - # 使用field_name对列表进行分组, # groupby 需要先对列表进行排序,因为它只能对连续相同的元素进行分组。 - grouped = groupby(sorted(list(data), key=lambda x: x['field_name']), key=lambda x: x['field_name']) - - data = [] - - # 遍历分组,合并权限 - for key, group in grouped: - - # 初始化一个空字典来存储合并后的结果 - merged = {} - for item in group: - # 合并权限, True值优先 - merged['is_create'] = merged.get('is_create', False) or item['is_create'] - merged['is_query'] = merged.get('is_query', False) or item['is_query'] - merged['is_update'] = merged.get('is_update', False) or item['is_update'] - merged['field_name'] = key - - data.append(merged) - - return DetailResponse(data=data) \ No newline at end of file + data = FieldPermission.objects.filter( + field__model=model, role__in=roles + ).values('is_create', 'is_query', 'is_update', field_name=F('field__field_name')) + result = merge_permission(data) + return DetailResponse(data=result) diff --git a/backend/dvadmin/utils/filters.py b/backend/dvadmin/utils/filters.py index d09a8a1510e02c5922cfec34b22f098e678929f1..da808ace31b75cf11e7259e2e2f4c24543bab036 100644 --- a/backend/dvadmin/utils/filters.py +++ b/backend/dvadmin/utils/filters.py @@ -340,7 +340,7 @@ class CustomDjangoFilterBackend(DjangoFilterBackend): from timezone_field import TimeZoneField # 不进行 过滤的model 类 - if isinstance(field, (models.JSONField, TimeZoneField)): + if isinstance(field, (models.JSONField, TimeZoneField, models.FileField)): continue # warn if the field doesn't exist. if field is None: diff --git a/backend/dvadmin/utils/import_export.py b/backend/dvadmin/utils/import_export.py index 2bd6e1e8a5490cab9225d3daa5656cbd44b7fd0b..a3bccd95e69d8889d1b65cb0926d532ebf66ba95 100644 --- a/backend/dvadmin/utils/import_export.py +++ b/backend/dvadmin/utils/import_export.py @@ -86,4 +86,5 @@ def import_to_data(file_url, field_data, m2m_fields=None): else: array[key] = cell_value tables.append(array) - return tables + data = [i for i in tables if len(i) != 0] + return data diff --git a/backend/dvadmin/utils/import_export_mixin.py b/backend/dvadmin/utils/import_export_mixin.py index 74e85fd708d8030c5fefb893ad68f02117adcfc6..e188ff5fa2916fd57acadc5659dd9872f138227f 100644 --- a/backend/dvadmin/utils/import_export_mixin.py +++ b/backend/dvadmin/utils/import_export_mixin.py @@ -305,11 +305,10 @@ class ExportSerializerMixin: assert self.export_serializer_class, "'%s' 请配置对应的导出序列化器。" % self.__class__.__name__ data = self.export_serializer_class(queryset, many=True, request=request).data try: - from dvadmin3_celery import settings async_export_data.delay( data, str(f"导出{get_verbose_name(queryset)}-{datetime.datetime.now().strftime('%Y%m%d%H%M%S')}.xlsx"), - DownloadCenter.objects.create(creator=request.user, task_name=f'{get_verbose_name(queryset)}数据导出任务').pk, + DownloadCenter.objects.create(creator=request.user, task_name=f'{get_verbose_name(queryset)}数据导出任务', dept_belong_id=request.user.dept_id).pk, self.export_field_label ) return SuccessResponse(msg="导入任务已创建,请前往‘下载中心’等待下载") diff --git a/web/src/components/fileSelector/index.vue b/web/src/components/fileSelector/index.vue index 55b1fa2fe808d877b8e56ca6fc20470f00556b35..1e1862c348f8084092665c86a73af860b8e87d90 100644 --- a/web/src/components/fileSelector/index.vue +++ b/web/src/components/fileSelector/index.vue @@ -66,7 +66,7 @@ -