Merge pull request #1288 from longguikeji/feature-750

fix: 🐛 修复通过审批请求时，重新执行接口函数没有执行的问题，审批请求增加tenant过滤

api/v1/views/approve_request.py

@@ -31,7 +31,7 @@ def approve_request_list(
     request, tenant_id: str, package: str = "", is_approved: str = ""
 ):
     tenant = request.tenant
-    requests = ApproveRequest.valid_objects.filter(user__tenant=tenant)
+    requests = ApproveRequest.valid_objects.filter(tenant=tenant)
     if package:
         requests = requests.filter(action__extension__package=package)
     if is_approved == "true":

api/v1/views/mine.py

@@ -147,7 +147,7 @@ def get_mine_approve_requests(
 ):
     """我的审批列表"""
     tenant = request.tenant
-    requests = ApproveRequest.valid_objects.filter(user=request.user)
+    requests = ApproveRequest.valid_objects.filter(user=request.user, tenant=tenant)
     if package:
         requests = requests.filter(action__extension__package=package)
     if is_approved == "true":

arkid/core/api.py

@@ -108,6 +108,16 @@ def authenticate(self, request, token, app_id, app_secret):
                 if not token:
                     token = ExpiringToken.objects.create(user=request.user, token=generate_token())
                 tenant = request.tenant
+                # 获取操作id查询用户权限
+                operation_id = request.operation_id
+                if operation_id:
+                    from arkid.core.perm.permission_data import PermissionData
+                    permissiondata = PermissionData()
+                    if token.user and tenant:
+                        result = permissiondata.api_system_permission_check(request.tenant, token.user, operation_id)
+                        if result is False:
+                            raise HttpError(403, _('You do not have api permission','你没有这个接口的权限'))
+                return token
             else:
                 if token:
                     # 使用传统的token访问

arkid/core/approve.py

@@ -30,6 +30,7 @@ def restore_approve_request(approve_request):
 def create_approve_request(http_request, user, approve_action):
 
     environ = http_request.environ
+    tenant = http_request.tenant
     environ.pop("wsgi.input")
     environ.pop("wsgi.errors")
     environ.pop("wsgi.file_wrapper")
@@ -44,6 +45,7 @@ def create_approve_request(http_request, user, approve_action):
 
     approve_request = ApproveRequest.valid_objects.create(
         action=approve_action,
+        tenant=tenant,
         user=user,
         environ=environ,
         body=http_request.body,

arkid/core/migrations/0028_approverequest_tenant.py

@@ -0,0 +1,19 @@
+# Generated by Django 4.0.6 on 2022-09-16 03:42
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0027_app_arkstore_category_id'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='approverequest',
+            name='tenant',
+            field=models.ForeignKey(default=None, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='approve_request_set', related_query_name='requests', to='core.tenant', verbose_name='Tenant'),
+        ),
+    ]

arkid/core/models.py

@@ -609,6 +609,16 @@ class Meta(object):
         related_query_name="requests",
     )
 
+    tenant = models.ForeignKey(
+        'Tenant',
+        default=None,
+        null=True,
+        on_delete=models.CASCADE,
+        verbose_name=_('Tenant', '租户'),
+        related_name="approve_request_set",
+        related_query_name="requests",
+    )
+
     action = models.ForeignKey(
         'ApproveAction',
         default=None,

extension_root/com_longgui_approve_system_arkid/__init__.py

@@ -54,7 +54,7 @@ def list_tenant_approve_requests(
     ):
         package = 'com.longgui.approve.system.arkid'
         requests = ApproveRequest.valid_objects.filter(
-            user__tenant=request.tenant, action__extension__package=package
+            tenant=request.tenant, action__extension__package=package
         )
         if is_approved == 'true':
             requests = requests.exclude(status="wait")