From d41eb5cc2c094d2c3202418d8004ca010118de7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=BC=BA?= <1206709430@qq.com> Date: Mon, 29 Mar 2021 23:36:59 +0800 Subject: [PATCH 01/21] =?UTF-8?q?=E4=BF=AE=E5=A4=8DBUG(=E5=88=A0=E9=99=A4?= =?UTF-8?q?=E9=83=A8=E9=97=A8):=20=E9=83=A8=E9=97=A8=E9=87=8C=E9=9D=A2?= =?UTF-8?q?=E5=AD=98=E5=9C=A8=E7=94=A8=E6=88=B7=EF=BC=8C=E4=BE=9D=E7=84=B6?= =?UTF-8?q?=E8=83=BD=E5=A4=9F=E5=88=A0=E9=99=A4=E9=83=A8=E9=97=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Closes https://gitee.com/liqianglog/django-vue-admin/issues/I3E2BQ --- .../apps/vadmin/permission/permissions.py | 20 +++++++++++++++++++ .../apps/vadmin/permission/views.py | 4 ++-- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/dvadmin-backend/apps/vadmin/permission/permissions.py b/dvadmin-backend/apps/vadmin/permission/permissions.py index 0186adb..3c09387 100644 --- a/dvadmin-backend/apps/vadmin/permission/permissions.py +++ b/dvadmin-backend/apps/vadmin/permission/permissions.py @@ -93,3 +93,23 @@ class CommonPermission(CustomPermission): self.message = f"没有此数据操作权限!" res = self.check_queryset(request, instance) return res + + +class DeptDestroyPermission(CustomPermission): + """ + 部门删除权限校验:判断部门下是否有用户存在,存在不可删除 + """ + message = '没有有操作权限' + + def has_permission(self, request: Request, view: APIView): + return True + + def check_queryset(self, request, instance): + if instance.values_list('userprofile', flat=True): + self.message = "该部门下有关联用户,无法删除!" + return False + return True + + def has_object_permission(self, request: Request, view: APIView, instance): + res = self.check_queryset(request, instance) + return res diff --git a/dvadmin-backend/apps/vadmin/permission/views.py b/dvadmin-backend/apps/vadmin/permission/views.py index bec3b8e..72855b4 100644 --- a/dvadmin-backend/apps/vadmin/permission/views.py +++ b/dvadmin-backend/apps/vadmin/permission/views.py @@ -2,7 +2,7 @@ from django.contrib.auth import authenticate from rest_framework.request import Request from rest_framework.views import APIView -from .permissions import CommonPermission +from .permissions import CommonPermission, DeptDestroyPermission from ..op_drf.filters import DataLevelPermissionsFilter from ..op_drf.viewsets import CustomModelViewSet from ..permission.filters import MenuFilter, DeptFilter, PostFilter, RoleFilter, UserProfileFilter @@ -129,7 +129,7 @@ class DeptModelViewSet(CustomModelViewSet): filter_class = DeptFilter extra_filter_backends = [DataLevelPermissionsFilter] update_extra_permission_classes = (CommonPermission,) - destroy_extra_permission_classes = (CommonPermission,) + destroy_extra_permission_classes = (CommonPermission, DeptDestroyPermission) create_extra_permission_classes = (CommonPermission,) search_fields = ('deptName',) ordering = 'create_datetime' # 默认排序 From 438dc5ed57889f107455bf408e74c627a29fae9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=BC=BA?= <1206709430@qq.com> Date: Mon, 29 Mar 2021 23:37:31 +0800 Subject: [PATCH 02/21] =?UTF-8?q?=E4=BF=AE=E5=A4=8DBUG(=E6=96=87=E4=BB=B6?= =?UTF-8?q?=E4=B8=8A=E4=BC=A0):=20doc=EF=BC=8Cdocx=EF=BC=8Cxlsx=E6=96=87?= =?UTF-8?q?=E4=BB=B6=E9=83=BD=E6=97=A0=E6=B3=95=E4=B8=8A=E4=BC=A0=E6=88=90?= =?UTF-8?q?=E5=8A=9F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Closes https://gitee.com/liqianglog/django-vue-admin/issues/I3E2BQ --- dvadmin-backend/apps/vadmin/system/models/save_file.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dvadmin-backend/apps/vadmin/system/models/save_file.py b/dvadmin-backend/apps/vadmin/system/models/save_file.py index b43757d..30407cf 100644 --- a/dvadmin-backend/apps/vadmin/system/models/save_file.py +++ b/dvadmin-backend/apps/vadmin/system/models/save_file.py @@ -13,7 +13,7 @@ def files_path(instance, filename): class SaveFile(CoreModel): name = CharField(max_length=128, verbose_name="文件名称", null=True, blank=True) - type = CharField(max_length=32, verbose_name="文件类型", null=True, blank=True) + type = CharField(max_length=200, verbose_name="文件类型", null=True, blank=True) size = CharField(max_length=64, verbose_name="文件大小", null=True, blank=True) address = CharField(max_length=16, verbose_name="存储位置", null=True, blank=True) # 本地、阿里云、腾讯云.. source = CharField(max_length=16, verbose_name="文件来源", null=True, blank=True) # 导出、用户上传. From 4587b7551c9833250393ef61f66c175cb46d5671 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=BC=BA?= <1206709430@qq.com> Date: Mon, 29 Mar 2021 23:37:57 +0800 Subject: [PATCH 03/21] =?UTF-8?q?=E6=B5=8B=E8=AF=95(=E9=83=A8=E7=BD=B2?= =?UTF-8?q?=E6=B5=8B=E8=AF=95):?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dvadmin-backend/apps/vadmin/op_drf/middleware.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dvadmin-backend/apps/vadmin/op_drf/middleware.py b/dvadmin-backend/apps/vadmin/op_drf/middleware.py index bf28947..fb60065 100644 --- a/dvadmin-backend/apps/vadmin/op_drf/middleware.py +++ b/dvadmin-backend/apps/vadmin/op_drf/middleware.py @@ -91,7 +91,7 @@ class PermissionModeMiddleware(MiddlewareMixin): :return: """ white_list = ['/admin/logout/', '/admin/login/'] - if os.getenv('DEMO_ENV') and not request.method == 'GET' and request.path not in white_list: + if os.getenv('DEMO_ENV') and not request.method in ['GET','OPTIONS'] and request.path not in white_list: return ErrorJsonResponse(data={}, msg=f'演示模式,不允许操作!') def has_interface_permission(self, request, method, view_path, user=None): From ab6c4731d47f159d1580fff209ad737a05478299 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=81=AB=E9=B8=A1=E4=B8=8D=E8=82=A5?= Date: Tue, 30 Mar 2021 00:01:36 +0800 Subject: [PATCH 04/21] =?UTF-8?q?!10=20=E5=90=8E=E7=AB=AF=E6=8E=A5?= =?UTF-8?q?=E5=8F=A3=E6=9D=83=E9=99=90=E9=AA=8C=E8=AF=81bug=E4=BF=AE?= =?UTF-8?q?=E6=94=B9=20Merge=20pull=20request=20!10=20from=20=E7=81=AB?= =?UTF-8?q?=E9=B8=A1=E4=B8=8D=E8=82=A5/dvadmin-dev?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dvadmin-backend/apps/vadmin/op_drf/middleware.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dvadmin-backend/apps/vadmin/op_drf/middleware.py b/dvadmin-backend/apps/vadmin/op_drf/middleware.py index bf28947..5e2f1d1 100644 --- a/dvadmin-backend/apps/vadmin/op_drf/middleware.py +++ b/dvadmin-backend/apps/vadmin/op_drf/middleware.py @@ -130,7 +130,7 @@ class PermissionModeMiddleware(MiddlewareMixin): if user.is_superuser or (hasattr(user, 'role') and user.role.filter(status='1', admin=True).count()): return 20 # (3)user的角色有该接口权限, 是:通过, 否:不通过 - if view_path in user.get_user_interface_dict: + if view_path in user.get_user_interface_dict.get(method, []): return 30 return -10 From b68d40900fcc2fc50b7b372b57bedb0e9892e566 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=BC=BA?= <1206709430@qq.com> Date: Tue, 30 Mar 2021 01:19:39 +0800 Subject: [PATCH 05/21] =?UTF-8?q?=E4=BF=AE=E5=A4=8DBUG(=E4=B8=AD=E9=97=B4?= =?UTF-8?q?=E4=BB=B6bug):=20=E6=97=A5=E5=BF=97=E4=B8=AD=E9=97=B4=E4=BB=B6?= =?UTF-8?q?=E5=AD=98=E5=85=A5=E6=A8=A1=E5=9D=97=E4=BF=A1=E6=81=AF=E4=B8=8D?= =?UTF-8?q?=E5=85=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dvadmin-backend/application/settings.py | 2 +- .../apps/vadmin/op_drf/logging/view_logger.py | 7 ---- .../apps/vadmin/op_drf/middleware.py | 35 ++++++++++++------- .../apps/vadmin/utils/exceptions.py | 2 -- 4 files changed, 23 insertions(+), 23 deletions(-) diff --git a/dvadmin-backend/application/settings.py b/dvadmin-backend/application/settings.py index ee3fc5b..4b385f0 100644 --- a/dvadmin-backend/application/settings.py +++ b/dvadmin-backend/application/settings.py @@ -54,7 +54,6 @@ INSTALLED_APPS = [ ] MIDDLEWARE = [ - 'vadmin.op_drf.middleware.PermissionModeMiddleware', # 权限中间件 'corsheaders.middleware.CorsMiddleware', 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', @@ -64,6 +63,7 @@ MIDDLEWARE = [ 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'vadmin.op_drf.middleware.ApiLoggingMiddleware', # 用于记录API访问日志 + 'vadmin.op_drf.middleware.PermissionModeMiddleware', # 权限中间件 ] # 允许跨域源 CORS_ORIGIN_ALLOW_ALL = CORS_ORIGIN_ALLOW_ALL diff --git a/dvadmin-backend/apps/vadmin/op_drf/logging/view_logger.py b/dvadmin-backend/apps/vadmin/op_drf/logging/view_logger.py index 3e03558..eb110d8 100644 --- a/dvadmin-backend/apps/vadmin/op_drf/logging/view_logger.py +++ b/dvadmin-backend/apps/vadmin/op_drf/logging/view_logger.py @@ -18,13 +18,6 @@ class ViewLogger(object): self.request = request self.model = None self.log_prefix: str = '' - if self.view and hasattr(self.view.get_queryset(), 'model'): - self.model: Model = self.view.get_queryset().model - elif self.view and hasattr(self.view.get_serializer(), 'Meta') and hasattr(self.view.get_serializer().Meta, - 'model'): - self.model: Model = self.view.get_serializer().Meta.model - if self.model: - request.session['model_name'] = str(getattr(self.model, '_meta').verbose_name) def handle(self, request: Request, *args, **kwargs): pass diff --git a/dvadmin-backend/apps/vadmin/op_drf/middleware.py b/dvadmin-backend/apps/vadmin/op_drf/middleware.py index fb60065..86292e3 100644 --- a/dvadmin-backend/apps/vadmin/op_drf/middleware.py +++ b/dvadmin-backend/apps/vadmin/op_drf/middleware.py @@ -1,6 +1,7 @@ """ django中间件 """ +import json import logging import os @@ -11,7 +12,7 @@ from django.utils.deprecation import MiddlewareMixin from apps.vadmin.permission.models import Menu from apps.vadmin.system.models import OperationLog from ..utils.request_util import get_request_ip, get_request_data, get_request_path, get_browser, get_os, \ - get_login_location, get_request_canonical_path, get_request_user + get_login_location, get_request_canonical_path, get_request_user, get_verbose_name from ..utils.response import ErrorJsonResponse logger = logging.getLogger(__name__) @@ -42,9 +43,16 @@ class ApiLoggingMiddleware(MiddlewareMixin): body['password'] = '*' * len(body['password']) if not hasattr(response, 'data') or not isinstance(response.data, dict): response.data = {} + if not response.data and response.content: + try: + content = json.loads(response.content.decode()) + response.data = content if isinstance(content, dict) else {} + except: + pass + user = get_request_user(request) info = { 'request_ip': getattr(request, 'request_ip', 'unknown'), - 'creator': request.user, + 'creator': user if not isinstance(user, AnonymousUser) else '', 'dept_belong_id': getattr(request.user, 'dept_id', None), 'request_method': request.method, 'request_path': request.request_path, @@ -58,11 +66,14 @@ class ApiLoggingMiddleware(MiddlewareMixin): 'json_result': {"code": response.data.get('code'), "msg": response.data.get('msg')}, 'request_modular': request.session.get('model_name'), } - if isinstance(request.user, AnonymousUser): - info['creator'] = None log = OperationLog(**info) log.save() + def process_view(self, request, view_func, view_args, view_kwargs): + if view_func.cls and hasattr(view_func.cls, 'queryset'): + request.session['model_name'] = get_verbose_name(view_func.cls.queryset) + return + def process_request(self, request): self.__handle_request(request) @@ -85,14 +96,7 @@ class PermissionModeMiddleware(MiddlewareMixin): """ def process_request(self, request): - """ - 判断环境变量中,是否为演示模式(正常可忽略此判断) - :param request: - :return: - """ - white_list = ['/admin/logout/', '/admin/login/'] - if os.getenv('DEMO_ENV') and not request.method in ['GET','OPTIONS'] and request.path not in white_list: - return ErrorJsonResponse(data={}, msg=f'演示模式,不允许操作!') + return def has_interface_permission(self, request, method, view_path, user=None): """ @@ -135,13 +139,18 @@ class PermissionModeMiddleware(MiddlewareMixin): return -10 def process_view(self, request, view_func, view_args, view_kwargs): + # 判断环境变量中,是否为演示模式(正常可忽略此判断) + white_list = ['/admin/logout/', '/admin/login/'] + if not os.getenv('DEMO_ENV') and not request.method in ['GET', 'OPTIONS'] and request.path not in white_list: + return ErrorJsonResponse(data={}, msg=f'演示模式,不允许操作!') + if not settings.INTERFACE_PERMISSION: return user = get_request_user(request) if user and not isinstance(user, AnonymousUser): method = request.method.upper() - if method == 'GET': # GET 不设置接口权限 + if method == 'GET': # GET 不设置接口权限 return view_path = get_request_canonical_path(request, *view_args, **view_kwargs) auth_code = self.has_interface_permission(request, method, view_path, user) diff --git a/dvadmin-backend/apps/vadmin/utils/exceptions.py b/dvadmin-backend/apps/vadmin/utils/exceptions.py index cbd065e..f018592 100644 --- a/dvadmin-backend/apps/vadmin/utils/exceptions.py +++ b/dvadmin-backend/apps/vadmin/utils/exceptions.py @@ -65,8 +65,6 @@ def op_exception_handler(ex, context): """ msg = '' code = '201' - request = context.get('request') - request.session['model_name'] = str(get_verbose_name(view=context.get('view'))) if isinstance(ex, AuthenticationFailed): code = 401 From ef8a365ec0405aa4c14b092fd12f5c0b15e99ae4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=BC=BA?= <1206709430@qq.com> Date: Tue, 30 Mar 2021 01:23:09 +0800 Subject: [PATCH 06/21] =?UTF-8?q?!11=20=E4=BF=AE=E5=A4=8D=E5=A4=9A?= =?UTF-8?q?=E4=B8=AAbug=20*=20=E4=BF=AE=E5=A4=8DBUG(=E4=B8=AD=E9=97=B4?= =?UTF-8?q?=E4=BB=B6bug):=20=E6=97=A5=E5=BF=97=E4=B8=AD=E9=97=B4=E4=BB=B6?= =?UTF-8?q?=E5=AD=98=E5=85=A5=E6=A8=A1=E5=9D=97=E4=BF=A1=E6=81=AF=E4=B8=8D?= =?UTF-8?q?=E5=85=A8=20*=20=E6=B5=8B=E8=AF=95(=E9=83=A8=E7=BD=B2=E6=B5=8B?= =?UTF-8?q?=E8=AF=95):=20*=20=E4=BF=AE=E5=A4=8DBUG(=E6=96=87=E4=BB=B6?= =?UTF-8?q?=E4=B8=8A=E4=BC=A0):=20doc=EF=BC=8Cdocx=EF=BC=8Cxlsx=E6=96=87?= =?UTF-8?q?=E4=BB=B6=E9=83=BD=E6=97=A0=E6=B3=95=E4=B8=8A=E4=BC=A0=E6=88=90?= =?UTF-8?q?=E5=8A=9F=20*=20=E4=BF=AE=E5=A4=8DBUG(=E5=88=A0=E9=99=A4?= =?UTF-8?q?=E9=83=A8=E9=97=A8):=20=E9=83=A8=E9=97=A8=E9=87=8C=E9=9D=A2?= =?UTF-8?q?=E5=AD=98=E5=9C=A8=E7=94=A8=E6=88=B7=EF=BC=8C=E4=BE=9D=E7=84=B6?= =?UTF-8?q?=E8=83=BD=E5=A4=9F=E5=88=A0=E9=99=A4=E9=83=A8=E9=97=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dvadmin-backend/application/settings.py | 2 +- .../apps/vadmin/op_drf/logging/view_logger.py | 7 ---- .../apps/vadmin/op_drf/middleware.py | 35 ++++++++++++------- .../apps/vadmin/permission/permissions.py | 20 +++++++++++ .../apps/vadmin/permission/views.py | 4 +-- .../apps/vadmin/system/models/save_file.py | 2 +- .../apps/vadmin/utils/exceptions.py | 2 -- 7 files changed, 46 insertions(+), 26 deletions(-) diff --git a/dvadmin-backend/application/settings.py b/dvadmin-backend/application/settings.py index ee3fc5b..4b385f0 100644 --- a/dvadmin-backend/application/settings.py +++ b/dvadmin-backend/application/settings.py @@ -54,7 +54,6 @@ INSTALLED_APPS = [ ] MIDDLEWARE = [ - 'vadmin.op_drf.middleware.PermissionModeMiddleware', # 权限中间件 'corsheaders.middleware.CorsMiddleware', 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', @@ -64,6 +63,7 @@ MIDDLEWARE = [ 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'vadmin.op_drf.middleware.ApiLoggingMiddleware', # 用于记录API访问日志 + 'vadmin.op_drf.middleware.PermissionModeMiddleware', # 权限中间件 ] # 允许跨域源 CORS_ORIGIN_ALLOW_ALL = CORS_ORIGIN_ALLOW_ALL diff --git a/dvadmin-backend/apps/vadmin/op_drf/logging/view_logger.py b/dvadmin-backend/apps/vadmin/op_drf/logging/view_logger.py index 3e03558..eb110d8 100644 --- a/dvadmin-backend/apps/vadmin/op_drf/logging/view_logger.py +++ b/dvadmin-backend/apps/vadmin/op_drf/logging/view_logger.py @@ -18,13 +18,6 @@ class ViewLogger(object): self.request = request self.model = None self.log_prefix: str = '' - if self.view and hasattr(self.view.get_queryset(), 'model'): - self.model: Model = self.view.get_queryset().model - elif self.view and hasattr(self.view.get_serializer(), 'Meta') and hasattr(self.view.get_serializer().Meta, - 'model'): - self.model: Model = self.view.get_serializer().Meta.model - if self.model: - request.session['model_name'] = str(getattr(self.model, '_meta').verbose_name) def handle(self, request: Request, *args, **kwargs): pass diff --git a/dvadmin-backend/apps/vadmin/op_drf/middleware.py b/dvadmin-backend/apps/vadmin/op_drf/middleware.py index 5e2f1d1..bb19c28 100644 --- a/dvadmin-backend/apps/vadmin/op_drf/middleware.py +++ b/dvadmin-backend/apps/vadmin/op_drf/middleware.py @@ -1,6 +1,7 @@ """ django中间件 """ +import json import logging import os @@ -11,7 +12,7 @@ from django.utils.deprecation import MiddlewareMixin from apps.vadmin.permission.models import Menu from apps.vadmin.system.models import OperationLog from ..utils.request_util import get_request_ip, get_request_data, get_request_path, get_browser, get_os, \ - get_login_location, get_request_canonical_path, get_request_user + get_login_location, get_request_canonical_path, get_request_user, get_verbose_name from ..utils.response import ErrorJsonResponse logger = logging.getLogger(__name__) @@ -42,9 +43,16 @@ class ApiLoggingMiddleware(MiddlewareMixin): body['password'] = '*' * len(body['password']) if not hasattr(response, 'data') or not isinstance(response.data, dict): response.data = {} + if not response.data and response.content: + try: + content = json.loads(response.content.decode()) + response.data = content if isinstance(content, dict) else {} + except: + pass + user = get_request_user(request) info = { 'request_ip': getattr(request, 'request_ip', 'unknown'), - 'creator': request.user, + 'creator': user if not isinstance(user, AnonymousUser) else '', 'dept_belong_id': getattr(request.user, 'dept_id', None), 'request_method': request.method, 'request_path': request.request_path, @@ -58,11 +66,14 @@ class ApiLoggingMiddleware(MiddlewareMixin): 'json_result': {"code": response.data.get('code'), "msg": response.data.get('msg')}, 'request_modular': request.session.get('model_name'), } - if isinstance(request.user, AnonymousUser): - info['creator'] = None log = OperationLog(**info) log.save() + def process_view(self, request, view_func, view_args, view_kwargs): + if view_func.cls and hasattr(view_func.cls, 'queryset'): + request.session['model_name'] = get_verbose_name(view_func.cls.queryset) + return + def process_request(self, request): self.__handle_request(request) @@ -85,14 +96,7 @@ class PermissionModeMiddleware(MiddlewareMixin): """ def process_request(self, request): - """ - 判断环境变量中,是否为演示模式(正常可忽略此判断) - :param request: - :return: - """ - white_list = ['/admin/logout/', '/admin/login/'] - if os.getenv('DEMO_ENV') and not request.method == 'GET' and request.path not in white_list: - return ErrorJsonResponse(data={}, msg=f'演示模式,不允许操作!') + return def has_interface_permission(self, request, method, view_path, user=None): """ @@ -135,13 +139,18 @@ class PermissionModeMiddleware(MiddlewareMixin): return -10 def process_view(self, request, view_func, view_args, view_kwargs): + # 判断环境变量中,是否为演示模式(正常可忽略此判断) + white_list = ['/admin/logout/', '/admin/login/'] + if not os.getenv('DEMO_ENV') and not request.method in ['GET', 'OPTIONS'] and request.path not in white_list: + return ErrorJsonResponse(data={}, msg=f'演示模式,不允许操作!') + if not settings.INTERFACE_PERMISSION: return user = get_request_user(request) if user and not isinstance(user, AnonymousUser): method = request.method.upper() - if method == 'GET': # GET 不设置接口权限 + if method == 'GET': # GET 不设置接口权限 return view_path = get_request_canonical_path(request, *view_args, **view_kwargs) auth_code = self.has_interface_permission(request, method, view_path, user) diff --git a/dvadmin-backend/apps/vadmin/permission/permissions.py b/dvadmin-backend/apps/vadmin/permission/permissions.py index 0186adb..3c09387 100644 --- a/dvadmin-backend/apps/vadmin/permission/permissions.py +++ b/dvadmin-backend/apps/vadmin/permission/permissions.py @@ -93,3 +93,23 @@ class CommonPermission(CustomPermission): self.message = f"没有此数据操作权限!" res = self.check_queryset(request, instance) return res + + +class DeptDestroyPermission(CustomPermission): + """ + 部门删除权限校验:判断部门下是否有用户存在,存在不可删除 + """ + message = '没有有操作权限' + + def has_permission(self, request: Request, view: APIView): + return True + + def check_queryset(self, request, instance): + if instance.values_list('userprofile', flat=True): + self.message = "该部门下有关联用户,无法删除!" + return False + return True + + def has_object_permission(self, request: Request, view: APIView, instance): + res = self.check_queryset(request, instance) + return res diff --git a/dvadmin-backend/apps/vadmin/permission/views.py b/dvadmin-backend/apps/vadmin/permission/views.py index bec3b8e..72855b4 100644 --- a/dvadmin-backend/apps/vadmin/permission/views.py +++ b/dvadmin-backend/apps/vadmin/permission/views.py @@ -2,7 +2,7 @@ from django.contrib.auth import authenticate from rest_framework.request import Request from rest_framework.views import APIView -from .permissions import CommonPermission +from .permissions import CommonPermission, DeptDestroyPermission from ..op_drf.filters import DataLevelPermissionsFilter from ..op_drf.viewsets import CustomModelViewSet from ..permission.filters import MenuFilter, DeptFilter, PostFilter, RoleFilter, UserProfileFilter @@ -129,7 +129,7 @@ class DeptModelViewSet(CustomModelViewSet): filter_class = DeptFilter extra_filter_backends = [DataLevelPermissionsFilter] update_extra_permission_classes = (CommonPermission,) - destroy_extra_permission_classes = (CommonPermission,) + destroy_extra_permission_classes = (CommonPermission, DeptDestroyPermission) create_extra_permission_classes = (CommonPermission,) search_fields = ('deptName',) ordering = 'create_datetime' # 默认排序 diff --git a/dvadmin-backend/apps/vadmin/system/models/save_file.py b/dvadmin-backend/apps/vadmin/system/models/save_file.py index b43757d..30407cf 100644 --- a/dvadmin-backend/apps/vadmin/system/models/save_file.py +++ b/dvadmin-backend/apps/vadmin/system/models/save_file.py @@ -13,7 +13,7 @@ def files_path(instance, filename): class SaveFile(CoreModel): name = CharField(max_length=128, verbose_name="文件名称", null=True, blank=True) - type = CharField(max_length=32, verbose_name="文件类型", null=True, blank=True) + type = CharField(max_length=200, verbose_name="文件类型", null=True, blank=True) size = CharField(max_length=64, verbose_name="文件大小", null=True, blank=True) address = CharField(max_length=16, verbose_name="存储位置", null=True, blank=True) # 本地、阿里云、腾讯云.. source = CharField(max_length=16, verbose_name="文件来源", null=True, blank=True) # 导出、用户上传. diff --git a/dvadmin-backend/apps/vadmin/utils/exceptions.py b/dvadmin-backend/apps/vadmin/utils/exceptions.py index cbd065e..f018592 100644 --- a/dvadmin-backend/apps/vadmin/utils/exceptions.py +++ b/dvadmin-backend/apps/vadmin/utils/exceptions.py @@ -65,8 +65,6 @@ def op_exception_handler(ex, context): """ msg = '' code = '201' - request = context.get('request') - request.session['model_name'] = str(get_verbose_name(view=context.get('view'))) if isinstance(ex, AuthenticationFailed): code = 401 From ed04626aa47b07455156c522c95c2b73aaa4507d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=BC=BA?= <1206709430@qq.com> Date: Tue, 30 Mar 2021 01:24:43 +0800 Subject: [PATCH 07/21] =?UTF-8?q?=E4=BF=AE=E5=A4=8DBUG(=E4=B8=AD=E9=97=B4?= =?UTF-8?q?=E4=BB=B6bug):=20=E6=97=A5=E5=BF=97=E4=B8=AD=E9=97=B4=E4=BB=B6?= =?UTF-8?q?=E5=AD=98=E5=85=A5=E6=A8=A1=E5=9D=97=E4=BF=A1=E6=81=AF=E4=B8=8D?= =?UTF-8?q?=E5=85=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dvadmin-backend/apps/vadmin/op_drf/logging/view_logger.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/dvadmin-backend/apps/vadmin/op_drf/logging/view_logger.py b/dvadmin-backend/apps/vadmin/op_drf/logging/view_logger.py index eb110d8..3e03558 100644 --- a/dvadmin-backend/apps/vadmin/op_drf/logging/view_logger.py +++ b/dvadmin-backend/apps/vadmin/op_drf/logging/view_logger.py @@ -18,6 +18,13 @@ class ViewLogger(object): self.request = request self.model = None self.log_prefix: str = '' + if self.view and hasattr(self.view.get_queryset(), 'model'): + self.model: Model = self.view.get_queryset().model + elif self.view and hasattr(self.view.get_serializer(), 'Meta') and hasattr(self.view.get_serializer().Meta, + 'model'): + self.model: Model = self.view.get_serializer().Meta.model + if self.model: + request.session['model_name'] = str(getattr(self.model, '_meta').verbose_name) def handle(self, request: Request, *args, **kwargs): pass From a37550176ce29ceb219e637f1c4e2d09cc6e25f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=BC=BA?= <1206709430@qq.com> Date: Tue, 30 Mar 2021 01:28:09 +0800 Subject: [PATCH 08/21] =?UTF-8?q?=E4=BF=AE=E5=A4=8DBUG(=E6=8F=90=E4=BA=A4?= =?UTF-8?q?=E9=94=99=E8=AF=AF):=20DEMO=5FENV?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dvadmin-backend/apps/vadmin/op_drf/middleware.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dvadmin-backend/apps/vadmin/op_drf/middleware.py b/dvadmin-backend/apps/vadmin/op_drf/middleware.py index bb19c28..8e8169c 100644 --- a/dvadmin-backend/apps/vadmin/op_drf/middleware.py +++ b/dvadmin-backend/apps/vadmin/op_drf/middleware.py @@ -141,7 +141,7 @@ class PermissionModeMiddleware(MiddlewareMixin): def process_view(self, request, view_func, view_args, view_kwargs): # 判断环境变量中,是否为演示模式(正常可忽略此判断) white_list = ['/admin/logout/', '/admin/login/'] - if not os.getenv('DEMO_ENV') and not request.method in ['GET', 'OPTIONS'] and request.path not in white_list: + if os.getenv('DEMO_ENV') and not request.method in ['GET', 'OPTIONS'] and request.path not in white_list: return ErrorJsonResponse(data={}, msg=f'演示模式,不允许操作!') if not settings.INTERFACE_PERMISSION: From fbc9203ef85925302ed9821ca224207a923b155b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=BC=BA?= <1206709430@qq.com> Date: Tue, 30 Mar 2021 01:35:54 +0800 Subject: [PATCH 09/21] =?UTF-8?q?=E4=BF=AE=E5=A4=8DBUG(=E4=B8=AD=E9=97=B4?= =?UTF-8?q?=E4=BB=B6bug):=20=E6=97=A5=E5=BF=97=E4=B8=AD=E9=97=B4=E4=BB=B6?= =?UTF-8?q?=E5=AD=98=E5=85=A5=E6=A8=A1=E5=9D=97=E4=BF=A1=E6=81=AF=E4=B8=8D?= =?UTF-8?q?=E5=85=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dvadmin-backend/apps/vadmin/op_drf/logging/view_logger.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/dvadmin-backend/apps/vadmin/op_drf/logging/view_logger.py b/dvadmin-backend/apps/vadmin/op_drf/logging/view_logger.py index eb110d8..3e03558 100644 --- a/dvadmin-backend/apps/vadmin/op_drf/logging/view_logger.py +++ b/dvadmin-backend/apps/vadmin/op_drf/logging/view_logger.py @@ -18,6 +18,13 @@ class ViewLogger(object): self.request = request self.model = None self.log_prefix: str = '' + if self.view and hasattr(self.view.get_queryset(), 'model'): + self.model: Model = self.view.get_queryset().model + elif self.view and hasattr(self.view.get_serializer(), 'Meta') and hasattr(self.view.get_serializer().Meta, + 'model'): + self.model: Model = self.view.get_serializer().Meta.model + if self.model: + request.session['model_name'] = str(getattr(self.model, '_meta').verbose_name) def handle(self, request: Request, *args, **kwargs): pass From 85b1f748950a47ce9c25c0c4e0e85f93c95f0bd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=BC=BA?= <1206709430@qq.com> Date: Tue, 30 Mar 2021 01:45:57 +0800 Subject: [PATCH 10/21] =?UTF-8?q?=E4=BF=AE=E5=A4=8DBUG(=E4=B8=AA=E4=BA=BA?= =?UTF-8?q?=E4=BF=A1=E6=81=AF&=E9=80=9A=E7=9F=A5=E5=85=AC=E5=91=8A):=20?= =?UTF-8?q?=E4=B8=AA=E4=BA=BA=E6=9C=AA=E8=AF=BB=E9=80=9A=E7=9F=A5=E5=85=AC?= =?UTF-8?q?=E5=91=8A=E6=95=B0=E9=87=8F=E9=94=99=E8=AF=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dvadmin-backend/apps/vadmin/permission/serializers.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dvadmin-backend/apps/vadmin/permission/serializers.py b/dvadmin-backend/apps/vadmin/permission/serializers.py index f9bfaf3..8fc641e 100644 --- a/dvadmin-backend/apps/vadmin/permission/serializers.py +++ b/dvadmin-backend/apps/vadmin/permission/serializers.py @@ -226,8 +226,8 @@ class UserProfileSerializer(CustomModelSerializer): return False def get_unread_msg_count(self, obj: UserProfile): - return MessagePush.objects.filter(status='2').exclude(user=obj, - messagepushuser_message_push__is_read=True).count() + return MessagePush.objects.filter(status='2').exclude(messagepushuser_message_push__is_read=True, + messagepushuser_message_push__user=obj).count() class Meta: model = UserProfile From 11b7222bee7cbdfb87889d62fbedae42919864ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=BC=BA?= <1206709430@qq.com> Date: Tue, 30 Mar 2021 13:30:25 +0800 Subject: [PATCH 11/21] update dvadmin-backend/apps/vadmin/op_drf/middleware.py. --- dvadmin-backend/apps/vadmin/op_drf/middleware.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dvadmin-backend/apps/vadmin/op_drf/middleware.py b/dvadmin-backend/apps/vadmin/op_drf/middleware.py index 8e8169c..c3b6c54 100644 --- a/dvadmin-backend/apps/vadmin/op_drf/middleware.py +++ b/dvadmin-backend/apps/vadmin/op_drf/middleware.py @@ -70,7 +70,7 @@ class ApiLoggingMiddleware(MiddlewareMixin): log.save() def process_view(self, request, view_func, view_args, view_kwargs): - if view_func.cls and hasattr(view_func.cls, 'queryset'): + if hasattr(view_func, 'cls') and hasattr(view_func.cls, 'queryset'): request.session['model_name'] = get_verbose_name(view_func.cls.queryset) return From bd2fdc289acd75651d618f3a71676fcd873d1cfc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=BC=BA?= <1206709430@qq.com> Date: Tue, 30 Mar 2021 13:37:51 +0800 Subject: [PATCH 12/21] update dvadmin-backend/apps/vadmin/op_drf/middleware.py. --- dvadmin-backend/apps/vadmin/op_drf/middleware.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dvadmin-backend/apps/vadmin/op_drf/middleware.py b/dvadmin-backend/apps/vadmin/op_drf/middleware.py index c3b6c54..0990a07 100644 --- a/dvadmin-backend/apps/vadmin/op_drf/middleware.py +++ b/dvadmin-backend/apps/vadmin/op_drf/middleware.py @@ -52,7 +52,7 @@ class ApiLoggingMiddleware(MiddlewareMixin): user = get_request_user(request) info = { 'request_ip': getattr(request, 'request_ip', 'unknown'), - 'creator': user if not isinstance(user, AnonymousUser) else '', + 'creator': user if not isinstance(user, AnonymousUser) else None, 'dept_belong_id': getattr(request.user, 'dept_id', None), 'request_method': request.method, 'request_path': request.request_path, From f54d20d1e630318d514ed04baed2dd8ac9189552 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=BC=BA?= <1206709430@qq.com> Date: Wed, 31 Mar 2021 10:35:35 +0800 Subject: [PATCH 13/21] =?UTF-8?q?=E4=BF=AE=E5=A4=8DBUG(=E7=94=A8=E6=88=B7?= =?UTF-8?q?=E7=AE=A1=E7=90=86):=20=E4=B8=AA=E4=BA=BA=E4=BF=AE=E6=94=B9?= =?UTF-8?q?=E5=AF=86=E7=A0=81bug=EF=BC=8CUserProfile=E6=A8=A1=E5=9E=8B?= =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E6=95=B0=E6=8D=AE=E5=88=9B=E5=BB=BA=E4=BA=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dvadmin-backend/apps/vadmin/op_drf/middleware.py | 4 ++-- dvadmin-backend/apps/vadmin/permission/models/users.py | 8 +++----- dvadmin-backend/apps/vadmin/permission/views.py | 2 +- .../vadmin/scripts/permission/permission_userprofile.sql | 4 ++-- dvadmin-backend/apps/vadmin/utils/authentication.py | 4 +++- dvadmin-ui/src/views/vadmin/permission/user/index.vue | 3 ++- 6 files changed, 13 insertions(+), 12 deletions(-) diff --git a/dvadmin-backend/apps/vadmin/op_drf/middleware.py b/dvadmin-backend/apps/vadmin/op_drf/middleware.py index 8e8169c..c03c039 100644 --- a/dvadmin-backend/apps/vadmin/op_drf/middleware.py +++ b/dvadmin-backend/apps/vadmin/op_drf/middleware.py @@ -52,7 +52,7 @@ class ApiLoggingMiddleware(MiddlewareMixin): user = get_request_user(request) info = { 'request_ip': getattr(request, 'request_ip', 'unknown'), - 'creator': user if not isinstance(user, AnonymousUser) else '', + 'creator': user if not isinstance(user, AnonymousUser) else None, 'dept_belong_id': getattr(request.user, 'dept_id', None), 'request_method': request.method, 'request_path': request.request_path, @@ -70,7 +70,7 @@ class ApiLoggingMiddleware(MiddlewareMixin): log.save() def process_view(self, request, view_func, view_args, view_kwargs): - if view_func.cls and hasattr(view_func.cls, 'queryset'): + if hasattr(view_func,'cls') and hasattr(view_func.cls, 'queryset'): request.session['model_name'] = get_verbose_name(view_func.cls.queryset) return diff --git a/dvadmin-backend/apps/vadmin/permission/models/users.py b/dvadmin-backend/apps/vadmin/permission/models/users.py index 2fead2f..e609a2a 100644 --- a/dvadmin-backend/apps/vadmin/permission/models/users.py +++ b/dvadmin-backend/apps/vadmin/permission/models/users.py @@ -4,10 +4,10 @@ from django.contrib.auth.models import UserManager, AbstractUser from django.core.cache import cache from django.db.models import IntegerField, ForeignKey, CharField, TextField, ManyToManyField, CASCADE -from ...op_drf.fields import CreateDateTimeField, UpdateDateTimeField +from ...op_drf.models import CoreModel -class UserProfile(AbstractUser): +class UserProfile(AbstractUser, CoreModel): USER_TYPE_CHOICES = ( (0, "后台用户"), (1, "前台用户"), @@ -25,9 +25,6 @@ class UserProfile(AbstractUser): post = ManyToManyField(to='Post', verbose_name='关联岗位', db_constraint=False) role = ManyToManyField(to='Role', verbose_name='关联角色', db_constraint=False) dept = ForeignKey(to='Dept', verbose_name='归属部门', on_delete=CASCADE, db_constraint=False, null=True, blank=True) - dept_belong_id = CharField(max_length=64, verbose_name="数据归属部门", null=True, blank=True) - create_datetime = CreateDateTimeField() - update_datetime = UpdateDateTimeField() @property def get_user_interface_dict(self): @@ -52,6 +49,7 @@ class UserProfile(AbstractUser): :return: """ return cache.delete(f'permission_interface_dict_{self.username}') + class Meta: verbose_name = '用户管理' verbose_name_plural = verbose_name diff --git a/dvadmin-backend/apps/vadmin/permission/views.py b/dvadmin-backend/apps/vadmin/permission/views.py index 72855b4..86110de 100644 --- a/dvadmin-backend/apps/vadmin/permission/views.py +++ b/dvadmin-backend/apps/vadmin/permission/views.py @@ -359,7 +359,7 @@ class UserProfileModelViewSet(CustomModelViewSet): :return: """ instance = self.queryset.get(id=request.user.id) - instance.mobile = request.data.get('newPassword', None) + instance.password = request.data.get('newPassword', None) if not authenticate(username=request.user.username, password=request.data.get('oldPassword', None)): return ErrorResponse(msg='旧密码不正确!') instance.set_password(request.data.get('newPassword')) diff --git a/dvadmin-backend/apps/vadmin/scripts/permission/permission_userprofile.sql b/dvadmin-backend/apps/vadmin/scripts/permission/permission_userprofile.sql index e59fc9e..56e3630 100644 --- a/dvadmin-backend/apps/vadmin/scripts/permission/permission_userprofile.sql +++ b/dvadmin-backend/apps/vadmin/scripts/permission/permission_userprofile.sql @@ -33,8 +33,8 @@ -- ---------------------------- -- Records of permission_userprofile -- ---------------------------- -INSERT INTO `permission_userprofile` (id, password, last_login, is_superuser, first_name, last_name, is_staff, is_active, date_joined, username, secret, email, mobile, avatar, name, gender, remark, user_type, create_datetime, update_datetime, dept_id, dept_belong_id) VALUES (1, 'pbkdf2_sha256$150000$OjTMSXJgkzrE$jEQCjWbIbXwpN4k2z0o8Yvou1UQGuoJALyL/kGDZFd4=', '2021-02-27 06:20:28.214775', 1, '', '', 1, 1, '2021-02-27 06:20:09.188689', 'admin', '3704adf3-380f-4c27-a8da-60420e8cb4ab', 'admin@qq.com', NULL, NULL, '管理员', '2', '1', 2, '2021-02-27 06:20:09.263192', '2021-02-27 09:14:30.009998', 8, 1); -INSERT INTO `permission_userprofile` (id, password, last_login, is_superuser, first_name, last_name, is_staff, is_active, date_joined, username, secret, email, mobile, avatar, name, gender, remark, user_type, create_datetime, update_datetime, dept_id, dept_belong_id) VALUES (2, 'pbkdf2_sha256$150000$5Z9LSi7LpNms$xVguE/dOEpI4D95LjSaKm0xzG7vNSopUolANr8f/6/E=', NULL, 0, '', '', 0, 1, '2021-03-03 15:38:27.009893', 'dvadmin', 'b4c5d79a-f01c-4244-92f8-b5288eca1d50', NULL, NULL, NULL, '普通用户', '2', NULL, 0, '2021-03-03 15:38:27.010771', '2021-03-03 15:38:27.086069', 8, 1); +INSERT INTO `permission_userprofile` (id, password, last_login, is_superuser, first_name, last_name, is_staff, is_active, date_joined, username, secret, email, mobile, avatar, name, gender, remark, user_type, create_datetime, update_datetime, dept_id, dept_belong_id, creator_id) VALUES (1, 'pbkdf2_sha256$150000$OjTMSXJgkzrE$jEQCjWbIbXwpN4k2z0o8Yvou1UQGuoJALyL/kGDZFd4=', '2021-02-27 06:20:28.214775', 1, '', '', 1, 1, '2021-02-27 06:20:09.188689', 'admin', '3704adf3-380f-4c27-a8da-60420e8cb4ab', 'admin@qq.com', NULL, NULL, '管理员', '2', '1', 2, '2021-02-27 06:20:09.263192', '2021-02-27 09:14:30.009998', 1, 1, 1); +INSERT INTO `permission_userprofile` (id, password, last_login, is_superuser, first_name, last_name, is_staff, is_active, date_joined, username, secret, email, mobile, avatar, name, gender, remark, user_type, create_datetime, update_datetime, dept_id, dept_belong_id, creator_id) VALUES (2, 'pbkdf2_sha256$150000$5Z9LSi7LpNms$xVguE/dOEpI4D95LjSaKm0xzG7vNSopUolANr8f/6/E=', NULL, 0, '', '', 0, 1, '2021-03-03 15:38:27.009893', 'dvadmin', 'b4c5d79a-f01c-4244-92f8-b5288eca1d50', NULL, NULL, NULL, '普通用户', '2', NULL, 0, '2021-03-03 15:38:27.010771', '2021-03-03 15:38:27.086069', 1, 1, 1); -- ---------------------------- -- Table structure for permission_userprofile_post -- ---------------------------- diff --git a/dvadmin-backend/apps/vadmin/utils/authentication.py b/dvadmin-backend/apps/vadmin/utils/authentication.py index cc3b781..4a51ca5 100644 --- a/dvadmin-backend/apps/vadmin/utils/authentication.py +++ b/dvadmin-backend/apps/vadmin/utils/authentication.py @@ -12,8 +12,8 @@ from django.utils.translation import ugettext as _ from rest_framework import exceptions from rest_framework_jwt.utils import jwt_decode_handler -from .decorators import exceptionHandler from .jwt_util import jwt_get_session_id +from ..permission.models.users import UserProfile logger = logging.getLogger(__name__) User = get_user_model() @@ -38,6 +38,8 @@ class OpAuthJwtAuthentication(object): raise exceptions.AuthenticationFailed(msg) except jwt.InvalidTokenError: raise exceptions.AuthenticationFailed() + except UserProfile.DoesNotExist: + raise exceptions.AuthenticationFailed() username = payload.get('username', None) if not username: diff --git a/dvadmin-ui/src/views/vadmin/permission/user/index.vue b/dvadmin-ui/src/views/vadmin/permission/user/index.vue index f11d209..35caf58 100755 --- a/dvadmin-ui/src/views/vadmin/permission/user/index.vue +++ b/dvadmin-ui/src/views/vadmin/permission/user/index.vue @@ -161,7 +161,7 @@ - {{role.roleName}} + {{role.roleName}} @@ -648,6 +648,7 @@ this.$refs['form'].validate(valid => { if (valid) { if (this.form.id != undefined) { + this.form.creator = undefined updateUser(this.form).then(response => { this.msgSuccess('修改成功') this.open = false From f26a9502fe08fec750db1e57002bafcbe38e6323 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=BC=BA?= <1206709430@qq.com> Date: Wed, 31 Mar 2021 11:08:09 +0800 Subject: [PATCH 14/21] =?UTF-8?q?=E5=8A=9F=E8=83=BD=E5=8F=98=E5=8C=96(?= =?UTF-8?q?=E8=8E=B7=E5=8F=96=E8=B7=AF=E7=94=B1=E6=8E=A5=E5=8F=A3):=20admi?= =?UTF-8?q?n=E7=94=A8=E6=88=B7=E8=8F=9C=E5=8D=95=E5=8F=AF=E6=9F=A5?= =?UTF-8?q?=E7=9C=8B=E5=85=A8=E9=83=A8=EF=BC=8C=E4=BE=BF=E4=BA=8E=E5=BC=80?= =?UTF-8?q?=E5=8F=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dvadmin-backend/apps/vadmin/permission/views.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dvadmin-backend/apps/vadmin/permission/views.py b/dvadmin-backend/apps/vadmin/permission/views.py index 86110de..8ece4fa 100644 --- a/dvadmin-backend/apps/vadmin/permission/views.py +++ b/dvadmin-backend/apps/vadmin/permission/views.py @@ -48,7 +48,10 @@ class GetRouters(APIView): return dict def get(self, request, format=None): - menus = Menu.objects.filter(role__userprofile=request.user) \ + kwargs = {} + if not request.user.is_superuser: + kwargs['role__userprofile'] = request.user + menus = Menu.objects.filter(**kwargs) \ .exclude(menuType='2').values('id', 'name', 'web_path', 'visible', 'status', 'isFrame', 'component_path', 'icon', 'parentId', 'orderNum', 'isCache').distinct() data = [] From a5709f8cf2eede8194859abc0886916db8a49463 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=BC=BA?= <1206709430@qq.com> Date: Wed, 31 Mar 2021 12:23:30 +0800 Subject: [PATCH 15/21] =?UTF-8?q?=E4=BF=AE=E5=A4=8DBUG(=E4=B8=AA=E4=BA=BA?= =?UTF-8?q?=E4=BF=A1=E6=81=AF):=20=E4=B8=AA=E4=BA=BA=E4=BF=A1=E6=81=AF?= =?UTF-8?q?=E4=B8=AD=E6=9C=AA=E8=AF=BB=E6=B6=88=E6=81=AF=E6=98=BE=E7=A4=BA?= =?UTF-8?q?=E6=95=B0=E9=87=8F=E9=94=99=E8=AF=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dvadmin-backend/apps/vadmin/system/views.py | 2 +- dvadmin-ui/src/layout/components/Navbar.vue | 6 +++--- dvadmin-ui/src/store/modules/user.js | 3 ++- dvadmin-ui/src/views/vadmin/system/message/Mymessage.vue | 8 +++++--- 4 files changed, 11 insertions(+), 8 deletions(-) diff --git a/dvadmin-backend/apps/vadmin/system/views.py b/dvadmin-backend/apps/vadmin/system/views.py index a35338f..e2beb55 100644 --- a/dvadmin-backend/apps/vadmin/system/views.py +++ b/dvadmin-backend/apps/vadmin/system/views.py @@ -200,7 +200,7 @@ class MessagePushModelViewSet(CustomModelViewSet): serializer_class = MessagePushSerializer create_serializer_class = MessagePushCreateUpdateSerializer update_serializer_class = MessagePushCreateUpdateSerializer - extra_filter_backends = [DataLevelPermissionsFilter] + # extra_filter_backends = [DataLevelPermissionsFilter] update_extra_permission_classes = (CommonPermission,) destroy_extra_permission_classes = (CommonPermission,) create_extra_permission_classes = (CommonPermission,) diff --git a/dvadmin-ui/src/layout/components/Navbar.vue b/dvadmin-ui/src/layout/components/Navbar.vue index c300c63..76e7800 100755 --- a/dvadmin-ui/src/layout/components/Navbar.vue +++ b/dvadmin-ui/src/layout/components/Navbar.vue @@ -14,7 +14,7 @@
- +
@@ -81,11 +81,11 @@ export default { }, data() { return { - count: store.getters.unread_msg_count, + count: store.unread_msg_count, }; }, computed: { - ...mapGetters(["sidebar", "avatar", "device"]), + ...mapGetters(["sidebar", "avatar", "device", "unread_msg_count"]), setting: { get() { return this.$store.state.settings.showSettings; diff --git a/dvadmin-ui/src/store/modules/user.js b/dvadmin-ui/src/store/modules/user.js index 895a689..9e4b5a5 100755 --- a/dvadmin-ui/src/store/modules/user.js +++ b/dvadmin-ui/src/store/modules/user.js @@ -7,7 +7,8 @@ const user = { name: '', avatar: '', roles: [], - permissions: [] + permissions: [], + unread_msg_count: 0 }, mutations: { diff --git a/dvadmin-ui/src/views/vadmin/system/message/Mymessage.vue b/dvadmin-ui/src/views/vadmin/system/message/Mymessage.vue index 1bbcd87..43a2581 100644 --- a/dvadmin-ui/src/views/vadmin/system/message/Mymessage.vue +++ b/dvadmin-ui/src/views/vadmin/system/message/Mymessage.vue @@ -103,9 +103,11 @@ // 修改通知查询状态 if (this.badgeType === "danger") { updateIsRead(this.showingMsgItem).then(response => { - store.getters.unread_msg_count - this.open = false; - this.getList(); + if(response.code === 200){ + store.commit('SET_UNREAD_MSG_COUNT', store.getters.unread_msg_count - 1); + this.open = false; + this.getList(); + } }); } } From a3e463decccdc3b91b24cf26a0683586133e0393 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=BC=BA?= <1206709430@qq.com> Date: Wed, 31 Mar 2021 12:37:06 +0800 Subject: [PATCH 16/21] =?UTF-8?q?=E4=BF=AE=E5=A4=8DBUG(=E9=80=9A=E7=9F=A5?= =?UTF-8?q?=E6=B6=88=E6=81=AF):=20=E6=B7=BB=E5=8A=A0=E9=80=9A=E7=9F=A5?= =?UTF-8?q?=E6=B6=88=E6=81=AF=E6=9C=AA=E5=8F=91=E5=B8=83=E7=8A=B6=E6=80=81?= =?UTF-8?q?=E8=BF=87=E6=BB=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dvadmin-backend/apps/vadmin/system/views.py | 1 + 1 file changed, 1 insertion(+) diff --git a/dvadmin-backend/apps/vadmin/system/views.py b/dvadmin-backend/apps/vadmin/system/views.py index e2beb55..ec4a38a 100644 --- a/dvadmin-backend/apps/vadmin/system/views.py +++ b/dvadmin-backend/apps/vadmin/system/views.py @@ -215,6 +215,7 @@ class MessagePushModelViewSet(CustomModelViewSet): 获取用户自己消息列表 """ queryset = self.filter_queryset(self.get_queryset()) + queryset = queryset.filter(status=2) is_read = request.query_params.get('is_read', None) if is_read: if is_read == 'False': From 9741d3a073f42e833a325ade1c1a45be12a116a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=BC=BA?= <1206709430@qq.com> Date: Wed, 31 Mar 2021 23:46:30 +0800 Subject: [PATCH 17/21] =?UTF-8?q?=E4=BF=AE=E5=A4=8DBUG(=E6=B7=BB=E5=8A=A0?= =?UTF-8?q?=E4=BE=9D=E8=B5=96):=20=E6=B7=BB=E5=8A=A0=E4=BE=9D=E8=B5=96=20p?= =?UTF-8?q?sutil=3D=3D5.8.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dvadmin-backend/requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/dvadmin-backend/requirements.txt b/dvadmin-backend/requirements.txt index 5e06ebc..2ea4f69 100644 --- a/dvadmin-backend/requirements.txt +++ b/dvadmin-backend/requirements.txt @@ -26,3 +26,4 @@ xlrd==2.0.1 coreapi==2.3.3 user-agents==2.2.0 eventlet==0.30.2 +psutil==5.8.0 From 1dd96c80bc86549153d55d413dcd6c568b7c7830 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=BC=BA?= <1206709430@qq.com> Date: Wed, 31 Mar 2021 23:59:55 +0800 Subject: [PATCH 18/21] =?UTF-8?q?=E6=96=87=E6=A1=A3(=E6=96=87=E6=A1=A3?= =?UTF-8?q?=E4=BF=AE=E6=94=B9):=20README.md=20=E6=96=87=E6=A1=A3=E4=BF=AE?= =?UTF-8?q?=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 9 ++++----- dvadmin-ui/README.md | 12 ++++++------ 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index ea9949d..a54d0af 100644 --- a/README.md +++ b/README.md @@ -12,26 +12,25 @@ Django-Vue-Admin 是一套全部开源的快速开发平台,毫无保留给个 * 后端采用Python语言Django框架。 * 权限认证使用Jwt,支持多终端认证系统。 * 支持加载动态权限菜单,多方式轻松权限控制。 -* ~~高效率开发,使用代码生成器可以一键生成前后端代码。~~ -* 特别鸣谢:[RuoYi](https://gitee.com/y_project/RuoYi-Vue) ,[Vue-Element-Admin](https://github.com/PanJiaChen/vue-element-admin),[eladmin-web](https://gitee.com/elunez/eladmin-web?_from=gitee_search),[Gin-Vue-Admin](https://www.gin-vue-admin.com/)。 +* 特别鸣谢:[Gin-Vue-Admin](https://www.gin-vue-admin.com/),[RuoYi](https://gitee.com/y_project/RuoYi-Vue) ,[Vue-Element-Admin](https://github.com/PanJiaChen/vue-element-admin),[eladmin-web](https://gitee.com/elunez/eladmin-web?_from=gitee_search)。 ## QQ群 - QQ群号:812482043 -- 由于项目正在启步阶段,第一版预计3月底发,后序会慢慢维护其他版本,有什么不到位的请大家担待~ +- 二维码 ## 源码地址 -gitee地址:[https://gitee.com/liqianglog/django-vue-admin](https://gitee.com/liqianglog/django-vue-admin) +gitee地址(主推):[https://gitee.com/liqianglog/django-vue-admin](https://gitee.com/liqianglog/django-vue-admin) github地址:[https://github.com/liqianglog/django-vue-admin](https://github.com/liqianglog/django-vue-admin) ## 内置功能 -##### 预计3月底发布v1.0正式版本,个别功能开发中 [版本功能说明](https://gitee.com/liqianglog/django-vue-admin/wikis/releaseNote?sort_id=3615540) +##### 后期版本 [版本功能说明](https://gitee.com/liqianglog/django-vue-admin/wikis/releaseNote?sort_id=3615540) 1. 用户管理:用户是系统操作者,该功能主要完成系统用户配置。 2. 部门管理:配置系统组织机构(公司、部门、小组),树结构展现支持数据权限。 diff --git a/dvadmin-ui/README.md b/dvadmin-ui/README.md index a857617..b0823d8 100755 --- a/dvadmin-ui/README.md +++ b/dvadmin-ui/README.md @@ -2,22 +2,22 @@ ```bash # 克隆项目 -git clone https://gitee.com/y_project/RuoYi-Vue +git clone https://gitee.com/liqianglog/django-vue-admin.git # 进入项目目录 -cd ruoyi-ui +cd dvadmin-ui # 安装依赖 -npm install - -# 建议不要直接使用 cnpm 安装依赖,会有各种诡异的 bug。可以通过如下操作解决 npm 下载速度慢的问题 npm install --registry=https://registry.npm.taobao.org # 启动服务 npm run dev + +# 浏览器访问 http://localhost:8080 +# .env.development 文件中可配置启动端口等参数 ``` -浏览器访问 http://localhost:80 +浏览器访问 http://localhost:8080 ## 发布 From b32183fc28aaddba5404bd8b970599a6b36c9862 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=BC=BA?= <1206709430@qq.com> Date: Thu, 1 Apr 2021 00:08:21 +0800 Subject: [PATCH 19/21] =?UTF-8?q?=E6=96=87=E6=A1=A3(=E6=96=87=E6=A1=A3?= =?UTF-8?q?=E6=8F=90=E4=BA=A4):=20README.md=20=E6=96=87=E6=A1=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/README.md b/README.md index a54d0af..139daa8 100644 --- a/README.md +++ b/README.md @@ -118,6 +118,21 @@ npm run build:prod 后端接口文档地址:http://127.0.0.1:8000/docs/ ~~~ +### docker-compose 运行 + +~~~shell +# 先安装docker-compose (自行百度安装),执行此命令等待安装 +docker-compose up +# 初始化后端数据(第一次执行即可) +docker exec -ti dvadmin-django bash +python manage.py init -y +exit + +前端地址:http://127.0.0.1:8080 +后端地址:http://127.0.0.1:8000 +账号:admin 密码:123456 +~~~ + ## 演示图 From 1fe784a644904b6d73db61c3c69a10c7bd873f27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=BC=BA?= <1206709430@qq.com> Date: Thu, 1 Apr 2021 00:08:53 +0800 Subject: [PATCH 20/21] =?UTF-8?q?=E4=BF=AE=E5=A4=8DBUG(docker=20=E9=83=A8?= =?UTF-8?q?=E7=BD=B2):=20docker-compose.yml=20=E6=8F=90=E4=BA=A4=E4=BF=AE?= =?UTF-8?q?=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose.yml b/docker-compose.yml index fb3d0fd..a61dab7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -23,6 +23,7 @@ services: npm install --registry=https://registry.npm.taobao.org rm -rf /dvadmin-ui/dist npm run build:prod + npm run dev dvadmin-redis: From 6591b7f48e489e04f83517ffccfcf16e4654e3b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=BC=BA?= <1206709430@qq.com> Date: Thu, 1 Apr 2021 00:17:28 +0800 Subject: [PATCH 21/21] =?UTF-8?q?=E6=96=87=E6=A1=A3(=E6=96=87=E6=A1=A3?= =?UTF-8?q?=E6=8F=90=E4=BA=A4):=20README.md=20=E6=96=87=E6=A1=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 139daa8..ae3166f 100644 --- a/README.md +++ b/README.md @@ -43,11 +43,10 @@ github地址:[https://github.com/liqianglog/django-vue-admin](https://github.c 9. 通知公告:发布通知公告给所有人,进行消息的通知。 10. 操作日志:系统正常操作日志记录和查询;系统异常信息日志记录和查询。 11. 登录日志:系统登录日志记录查询包含登录异常。 -12. 在线用户:当前系统中活跃用户状态监控、用户强退功能。 -13. 定时任务:在线(添加、修改、删除)任务调度包含执行结果日志。 -14. 用户注册:新用户注册页面。 -15. 服务监控:监视当前系统CPU、内存、磁盘、堆栈、celery 当前状态等相关信息。 -16. 在线构建器:拖动表单元素生成相应的HTML代码。 +12. 定时日志:celery定时任务执行日志记录。 +13. 在线用户:当前系统中活跃用户状态监控、用户强退功能。 +14. 定时任务:在线(添加、修改、删除)任务调度包含执行结果日志。 +15. 在线构建器:拖动表单元素生成相应的HTML代码。 ## 在线体验