From 2224249ae36887c5570b12b06a54c91ab4d2dab5 Mon Sep 17 00:00:00 2001
From: chuanwei <463266963@qq.com>
Date: Mon, 30 May 2022 14:34:00 +0000
Subject: [PATCH] =?UTF-8?q?update=20backend/dvadmin/utils/permission.py.?=
 =?UTF-8?q?=201=EF=BC=89=E5=88=A0=E9=99=A4=E6=9D=83=E9=99=90=E5=88=A4?=
 =?UTF-8?q?=E6=96=AD=E6=97=A0=E6=95=88=E4=BB=A3=E7=A0=81=202=EF=BC=89url?=
 =?UTF-8?q?=E6=9D=83=E9=99=90=E6=AD=A3=E5=88=99=E4=BC=98=E5=8C=96=EF=BC=8C?=
 =?UTF-8?q?=E9=98=B2=E6=AD=A2=E6=9D=83=E9=99=90=E6=89=A9=E5=A4=A7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 backend/dvadmin/utils/permission.py | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/backend/dvadmin/utils/permission.py b/backend/dvadmin/utils/permission.py
index 8d1f8f6..1e9b80f 100644
--- a/backend/dvadmin/utils/permission.py
+++ b/backend/dvadmin/utils/permission.py
@@ -67,13 +67,13 @@ class CustomPermission(BasePermission):
             return False
         # 对ViewSet下的def方法进行权限判断
         # 当权限为空时,则可以访问
-        is_head = getattr(view, 'head', None)
-        if is_head:
-            head_kwargs = getattr(view.head, 'kwargs', None)
-            if head_kwargs:
-                _permission_classes = getattr(head_kwargs, 'permission_classes', None)
-                if _permission_classes is None:
-                    return True
+        # is_head = getattr(view, 'head', None)
+        # if is_head:
+        #    head_kwargs = getattr(view.head, 'kwargs', None)
+        #    if head_kwargs:
+        #        _permission_classes = getattr(head_kwargs, 'permission_classes', None)
+        #        if _permission_classes is None:
+        #            return True
         # 判断是否是超级管理员
         if request.user.is_superuser:
             return True
@@ -85,14 +85,14 @@ class CustomPermission(BasePermission):
             # ***接口白名单***
             api_white_list = ApiWhiteList.objects.values(permission__api=F('url'), permission__method=F('method'))
             api_white_list = [
-                str(item.get('permission__api').replace('{id}', '.*?')) + ":" + str(item.get('permission__method')) for
+                str(item.get('permission__api').replace('{id}', '\d+')) + ":" + str(item.get('permission__method')) for
                 item in api_white_list if item.get('permission__api')]
             # ********#
             if not hasattr(request.user, "role"):
                 return False
             userApiList = request.user.role.values('permission__api', 'permission__method')  # 获取当前用户的角色拥有的所有接口
             ApiList = [
-                str(item.get('permission__api').replace('{id}', '.*?')) + ":" + str(item.get('permission__method')) for
+                str(item.get('permission__api').replace('{id}', '\d+')) + ":" + str(item.get('permission__method')) for
                 item in
                        userApiList if item.get('permission__api')]
             new_api_ist =  api_white_list + ApiList