通知

apps/tenant/notices/views.py

@@ -4,7 +4,7 @@ from django.db import transaction
 from utils import response_ok
 from utils.custom_modelviewset import CustomModelViewSet
 from utils.exceptions import CustomError
-from utils.permission import IsTenantUser, permission_required
+from utils.permission import IsTenantUser
 from apps.tenant import tenant_log
 from apps.log.models import BizLog
 from .serializers import NoticesSerializer
@@ -13,17 +13,15 @@ from .filters import NoticesFilter
 
 
 class NoticesViewSet(CustomModelViewSet):
+    permission_classes = [IsTenantUser, ]
     serializer_class = NoticesSerializer
     queryset = Notices.objects.filter()
-    permission_classes = [IsTenantUser, ]
 
-    @permission_required('notices.browse_notices')
     def filter_queryset(self, queryset):
         queryset = queryset.filter(tenant=self.request.user.employee.tenant)
         f = NoticesFilter(self.request.GET, queryset=queryset)
         return f.qs
 
-    @permission_required('notices.add_notices')
     def perform_create(self, serializer):
         super(NoticesViewSet, self).perform_create(serializer)
         instance = serializer.instance
@@ -31,7 +29,6 @@ class NoticesViewSet(CustomModelViewSet):
         tenant_log(self.request.user.employee, BizLog.INSERT, u'添加通知[%s]，id=%d' % (instance.title, instance.id),
                    validated_data)
 
-    @permission_required('notices.add_notices')
     def perform_update(self, serializer):
         super(NoticesViewSet, self).perform_update(serializer)
         instance = serializer.instance
@@ -39,7 +36,6 @@ class NoticesViewSet(CustomModelViewSet):
         tenant_log(self.request.user.employee, BizLog.UPDATE, u'修改通知[%s]，id=%d' % (instance.title, instance.id),
                    validated_data)
 
-    @permission_required('notices.delete_notices')
     def destroy(self, request, *args, **kwargs):
         with transaction.atomic():
             instance = self.get_object()

apps/tenant/repair_order/models.py

@@ -105,6 +105,10 @@ class RepairOrder(models.Model):
         if not self.status == settings.DISPATCH:
             raise CustomError('当前报修工单不允许挂起！')
 
+        user_ids = self.repair_users.all()
+        if user not in user_ids:
+            raise CustomError('非主修人员操作，禁止操作！')
+
         self.status = settings.HANG_UP
         self.save()
         RepairOrderRecord.objects.create(repair_order=self, status=settings.HANG_UP, user=user, notes=reason)
@@ -115,6 +119,9 @@ class RepairOrder(models.Model):
         if not self.status == settings.HANG_UP:
             raise CustomError('当前报修工单非挂起状态！')
 
+        user_ids = self.repair_users.all()
+        if user not in user_ids:
+            raise CustomError('非主修人员操作，禁止操作！')
         self.status = settings.DISPATCH
         self.save()
         RepairOrderRecord.objects.create(repair_order=self, status=settings.CANCEL_HANG_UP, user=user)

apps/wxapp/views.py

@@ -155,21 +155,21 @@ class NoticesView(generics.ListAPIView):
     serializer_class = NoticesWXSerializer
 
     def filter_queryset(self, queryset):
-        appid = self.request.GET.get('appid')
-        app = WechatApplet.getByAppid(appid)
-        queryset = queryset.filter(tenant=app.tenant)
+        if self.request.user and self.request.user.is_authenticated:
+            queryset = queryset.filter(tenant=self.request.user.employee.tenant)
+        else:
+            queryset = queryset.filter(tenant=0)
         f = NoticesFilter(self.request.GET, queryset=queryset)
         return f.qs
 
 
 class NoticesDetailView(generics.RetrieveAPIView):
+    permission_classes = [isLogin, ]
     queryset = Notices.objects.filter()
     serializer_class = NoticesWXSerializer
 
     def get_queryset(self):
-        appid = self.request.GET.get('appid')
-        app = WechatApplet.getByAppid(appid)
-        queryset = self.queryset.filter(tenant=app.tenant)
+        queryset = self.queryset.filter(tenant=self.request.user.employee.tenant)
         return queryset
 
     def retrieve(self, request, *args, **kwargs):

uis/tenant/notices/index.html

@@ -58,7 +58,7 @@
                 <div class="layui-col-md12">
                     <div class="LAY-btns" style="margin-bottom: 10px;">
                         <div class="layui-col-xs2">
-                            <button class="layui-btn" id="notices_add" data-permission="notices.add_notices"><i
+                            <button class="layui-btn" id="notices_add" ><i
                                     class="layui-icon layui-icon-add-circle"></i>添加
                             </button>
                         </div>
@@ -80,11 +80,11 @@
                     <script type="text/html" id="notices-operate-bar">
                         <div class="layui-btn-group">
                             <a class="layui-btn layui-btn-xs" lay-event="notices_edit"
-                               data-permission="notices.add_notices">修改</a>
+                               >修改</a>
                         </div>
                         <div class="layui-btn-group">
                             <a class="layui-btn layui-btn-danger layui-btn-xs" lay-event="notices_del"
-                               data-permission="notices.delete_notices">删除</a>
+                               >删除</a>
                         </div>
                     </script>
                 </div>