fix: 拆分角色权限树router

2022-03-04 17:43:57 +08:00 · 2022-03-04 17:43:57 +08:00 · eb6bddc599
parent 8a8ed90eef
commit eb6bddc599
2 changed files with 35 additions and 15 deletions
--- a/apps/rbac/api/role.py
+++ b/apps/rbac/api/role.py
@ -9,8 +9,8 @@ from ..models import Role, SystemRole, OrgRole
 from .permission import PermissionViewSet

 __all__ = [
-    'RoleViewSet', 'RolePermissionsViewSet',
-    'SystemRoleViewSet', 'OrgRoleViewSet'
+    'RoleViewSet', 'SystemRoleViewSet', 'OrgRoleViewSet',
+    'SystemRolePermissionsViewSet', 'OrgRolePermissionsViewSet',
 ]


@ -40,7 +40,7 @@ class RoleViewSet(JMSModelViewSet):
        return super().perform_update(serializer)

    def get_queryset(self):
-        queryset = super().get_queryset()\
+        queryset = super().get_queryset() \
            .annotate(permissions_amount=Count('permissions'))
        return queryset

@ -59,23 +59,40 @@ class OrgRoleViewSet(RoleViewSet):
    queryset = OrgRole.objects.all()


-# Sub view set
-class RolePermissionsViewSet(PermissionViewSet):
+class BaseRolePermissionsViewSet(PermissionViewSet):
+    model = None
+    role_pk = None
    filterset_fields = []
-    rbac_perms = (
-        ('get_tree', 'role.view_role'),
-    )
    http_method_names = ['get', 'option']
    check_disabled = False

    def get_queryset(self):
-        role_id = self.kwargs.get('role_pk')
+        role_id = self.kwargs.get(self.role_pk)
        if not role_id:
-            return Role.objects.none()
+            return self.model.objects.none()

-        role = Role.objects.get(id=role_id)
+        role = self.model.objects.get(id=role_id)
        self.scope = role.scope
        self.check_disabled = role.builtin
-        queryset = role.get_permissions()\
+        queryset = role.get_permissions() \
            .prefetch_related('content_type')
        return queryset
+
+
+# Sub view set
+class SystemRolePermissionsViewSet(BaseRolePermissionsViewSet):
+    role_pk = 'system_role_pk'
+    model = SystemRole
+    rbac_perms = (
+        ('get_tree', 'rbac.view_systemrole'),
+    )
+
+
+# Sub view set
+class OrgRolePermissionsViewSet(BaseRolePermissionsViewSet):
+    role_pk = 'org_role_pk'
+    model = OrgRole
+    rbac_perms = (
+        ('get_tree', 'rbac.view_orgrole'),
+    )
+
--- a/apps/rbac/urls/api_urls.py
+++ b/apps/rbac/urls/api_urls.py
@ -16,9 +16,12 @@ router.register(r'system-role-bindings', api.SystemRoleBindingViewSet, 'system-r
 router.register(r'org-role-bindings', api.OrgRoleBindingViewSet, 'org-role-binding')
 router.register(r'permissions', api.PermissionViewSet, 'permission')

-role_router = routers.NestedDefaultRouter(router, r'roles', lookup='role')
-role_router.register(r'permissions', api.RolePermissionsViewSet, 'role-permission')
+system_role_router = routers.NestedDefaultRouter(router, r'system-roles', lookup='system_role')
+system_role_router.register(r'permissions', api.SystemRolePermissionsViewSet, 'system-role-permission')
+
+org_role_router = routers.NestedDefaultRouter(router, r'org-roles', lookup='org_role')
+org_role_router.register(r'permissions', api.OrgRolePermissionsViewSet, 'org-role-permission')

 urlpatterns = []

-urlpatterns += router.urls + role_router.urls
+urlpatterns += router.urls + system_role_router.urls + org_role_router.urls