From a5cc87eb556c8f04635bcff7f92134acbd24ab0c Mon Sep 17 00:00:00 2001
From: lxy <46486798@qq.com>
Date: Thu, 20 Mar 2025 06:47:21 +0000
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E5=AD=97=E6=AE=B5=E6=9D=83?=
 =?UTF-8?q?=E9=99=90=E7=AD=9B=E9=80=89=E9=94=99=E8=AF=AF=EF=BC=8Cupdate=20?=
 =?UTF-8?q?backend/dvadmin/utils/viewset.py.=20=E8=A7=A3=E5=86=B3=E4=B8=8D?=
 =?UTF-8?q?=E6=98=AF=E8=B6=85=E7=BA=A7=E7=AE=A1=E7=90=86=E5=91=98=E7=94=A8?=
 =?UTF-8?q?=E6=88=B7=E5=8A=A0=E8=BD=BD=E6=8A=A5=E9=94=99=EF=BC=8C=E5=8C=BF?=
 =?UTF-8?q?=E5=90=8D=E7=94=A8=E6=88=B7=E6=B2=A1=E6=9C=89=E8=A7=92=E8=89=B2?=
 =?UTF-8?q?=E6=8A=A5=E9=94=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: lxy <46486798@qq.com>
---
 backend/dvadmin/utils/viewset.py | 33 ++++++++++++++++----------------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/backend/dvadmin/utils/viewset.py b/backend/dvadmin/utils/viewset.py
index 6b5cfcbdef..42948b1afb 100644
--- a/backend/dvadmin/utils/viewset.py
+++ b/backend/dvadmin/utils/viewset.py
@@ -70,13 +70,13 @@ class CustomModelViewSet(ModelViewSet, ImportSerializerMixin, ExportSerializerMi
         # 全部以可见字段为准
         can_see = self.get_menu_field(serializer_class)
         # 排除掉序列化器级的字段(排除字段权限中未授权的字段)
-        if not self.request.user.is_superuser:
-            exclude_set = set(serializer_class._declared_fields.keys()) - set(can_see)
-            for field in exclude_set:
-                serializer_class._declared_fields.pop(field)
-            meta = copy.deepcopy(serializer_class.Meta)
-            meta.fields = list(can_see)
-            serializer_class.Meta = meta
+        # if not self.request.user.is_superuser:
+        #     exclude_set = set(serializer_class._declared_fields.keys()) - set(can_see)
+        #     for field in exclude_set:
+        #         serializer_class._declared_fields.pop(field)
+        #     meta = copy.deepcopy(serializer_class.Meta)
+        #     meta.fields = list(can_see)
+        #     serializer_class.Meta = meta
         # 在分页器中使用
         self.request.permission_fields = can_see
         if isinstance(self.request.data, list):
@@ -87,16 +87,17 @@ class CustomModelViewSet(ModelViewSet, ImportSerializerMixin, ExportSerializerMi
 
     def get_menu_field(self, serializer_class):
         """获取字段权限"""
-        finded = False
-        for model in get_custom_app_models():
-            if model['object'] is serializer_class.Meta.model:
-                finded = True
-                break
-        if finded is False:
+
+        if not any(model['object'] is serializer_class.Meta.model for model in get_custom_app_models()):
             return []
-        roles = self.request.user.role.values_list('id', flat=True)
-        return FieldPermission.objects.filter(is_query=True, role__in=roles, field__model=model['model']).values_list(
-            'field__field_name', flat=True)
+
+        # 匿名用户没有角色
+        ret = FieldPermission.objects.filter(field__model=serializer_class.Meta.model.__name__)
+        if hasattr(self.request.user, 'role'):
+            roles = self.request.user.role.values_list('id', flat=True)
+            ret = ret.filter(is_query=True, role__in=roles)
+
+        return ret.values_list('field__field_name', flat=True)
 
     def create(self, request, *args, **kwargs):
         serializer = self.get_serializer(data=request.data, request=request)
-- 
Gitee