gitee
/
django-vue-admin
mirror of https://gitee.com/liqianglog/django-vue-admin
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

修复BUG: permission.py中权限判断bug修复 fix:https://gitee.com/liqianglog/django-vue-admin/issues/I59YV4

pull/60/head
李强 2022-05-31 00:52:50 +08:00
parent bc0f848cf0
commit 6546efed52
1 changed files with 10 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
backend/dvadmin/utils/permission.py
View File

@ -69,10 +69,10 @@ class CustomPermission(BasePermission):
# 当权限为空时,则可以访问 # 当权限为空时,则可以访问
is_head = getattr(view, 'head', None) is_head = getattr(view, 'head', None)
if is_head: if is_head:
head_kwargs = getattr(view.head, 'kwargs', None) head_kwargs = getattr(view.head, 'kwargs', {})
if head_kwargs:
_permission_classes = getattr(head_kwargs, 'permission_classes', None) _permission_classes = getattr(head_kwargs, 'permission_classes', None)
if _permission_classes is None: _permission_classes = head_kwargs.get('permission_classes', None)
if _permission_classes == []:
return True return True
# 判断是否是超级管理员 # 判断是否是超级管理员
if request.user.is_superuser: if request.user.is_superuser:
@ -85,16 +85,15 @@ class CustomPermission(BasePermission):
# ***接口白名单*** # ***接口白名单***
api_white_list = ApiWhiteList.objects.values(permission__api=F('url'), permission__method=F('method')) api_white_list = ApiWhiteList.objects.values(permission__api=F('url'), permission__method=F('method'))
api_white_list = [ api_white_list = [
str(item.get('permission__api').replace('{id}', '.*?')) + ":" + str(item.get('permission__method')) for str(item.get('permission__api').replace('{id}', '([a-zA-Z0-9-]+)')) + ":" + str(
item in api_white_list if item.get('permission__api')] item.get('permission__method')) + '$' for item in api_white_list if item.get('permission__api')]
# ********# # ********#
if not hasattr(request.user, "role"): if not hasattr(request.user, "role"):
return False return False
userApiList = request.user.role.values('permission__api', 'permission__method') # 获取当前用户的角色拥有的所有接口 userApiList = request.user.role.values('permission__api', 'permission__method') # 获取当前用户的角色拥有的所有接口
ApiList = [ ApiList = [
str(item.get('permission__api').replace('{id}', '.*?')) + ":" + str(item.get('permission__method')) for str(item.get('permission__api').replace('{id}', '([a-zA-Z0-9-]+)')) + ":" + str(
item in item.get('permission__method')) + '$' for item in userApiList if item.get('permission__api')]
userApiList if item.get('permission__api')]
new_api_ist = api_white_list + ApiList new_api_ist = api_white_list + ApiList
new_api = api + ":" + str(method) new_api = api + ":" + str(method)
for item in new_api_ist: for item in new_api_ist: