From 2224249ae36887c5570b12b06a54c91ab4d2dab5 Mon Sep 17 00:00:00 2001 From: chuanwei <463266963@qq.com> Date: Mon, 30 May 2022 14:34:00 +0000 Subject: [PATCH 1/3] =?UTF-8?q?update=20backend/dvadmin/utils/permission.p?= =?UTF-8?q?y.=201=EF=BC=89=E5=88=A0=E9=99=A4=E6=9D=83=E9=99=90=E5=88=A4?= =?UTF-8?q?=E6=96=AD=E6=97=A0=E6=95=88=E4=BB=A3=E7=A0=81=202=EF=BC=89url?= =?UTF-8?q?=E6=9D=83=E9=99=90=E6=AD=A3=E5=88=99=E4=BC=98=E5=8C=96=EF=BC=8C?= =?UTF-8?q?=E9=98=B2=E6=AD=A2=E6=9D=83=E9=99=90=E6=89=A9=E5=A4=A7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/dvadmin/utils/permission.py | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/backend/dvadmin/utils/permission.py b/backend/dvadmin/utils/permission.py index 8d1f8f6..1e9b80f 100644 --- a/backend/dvadmin/utils/permission.py +++ b/backend/dvadmin/utils/permission.py @@ -67,13 +67,13 @@ class CustomPermission(BasePermission): return False # 对ViewSet下的def方法进行权限判断 # 当权限为空时,则可以访问 - is_head = getattr(view, 'head', None) - if is_head: - head_kwargs = getattr(view.head, 'kwargs', None) - if head_kwargs: - _permission_classes = getattr(head_kwargs, 'permission_classes', None) - if _permission_classes is None: - return True + # is_head = getattr(view, 'head', None) + # if is_head: + # head_kwargs = getattr(view.head, 'kwargs', None) + # if head_kwargs: + # _permission_classes = getattr(head_kwargs, 'permission_classes', None) + # if _permission_classes is None: + # return True # 判断是否是超级管理员 if request.user.is_superuser: return True @@ -85,14 +85,14 @@ class CustomPermission(BasePermission): # ***接口白名单*** api_white_list = ApiWhiteList.objects.values(permission__api=F('url'), permission__method=F('method')) api_white_list = [ - str(item.get('permission__api').replace('{id}', '.*?')) + ":" + str(item.get('permission__method')) for + str(item.get('permission__api').replace('{id}', '\d+')) + ":" + str(item.get('permission__method')) for item in api_white_list if item.get('permission__api')] # ********# if not hasattr(request.user, "role"): return False userApiList = request.user.role.values('permission__api', 'permission__method') # 获取当前用户的角色拥有的所有接口 ApiList = [ - str(item.get('permission__api').replace('{id}', '.*?')) + ":" + str(item.get('permission__method')) for + str(item.get('permission__api').replace('{id}', '\d+')) + ":" + str(item.get('permission__method')) for item in userApiList if item.get('permission__api')] new_api_ist = api_white_list + ApiList From 279b9e9b3b19ed3cd2145fce8753fb576d7a27ad Mon Sep 17 00:00:00 2001 From: chuanwei <463266963@qq.com> Date: Mon, 30 May 2022 16:17:37 +0000 Subject: [PATCH 2/3] =?UTF-8?q?update=20backend/dvadmin/system/views/menu.?= =?UTF-8?q?py.=20=E6=AD=A4=E5=A4=84=E9=85=8D=E7=BD=AE=E5=92=8Curls?= =?UTF-8?q?=E4=B8=AD=E7=9A=84menu/web=5Frouter=E8=B7=AF=E7=94=B1=E9=85=8D?= =?UTF-8?q?=E7=BD=AE=E5=86=B2=E7=AA=81=EF=BC=8C=E9=85=8D=E7=BD=AE=E4=BA=86?= =?UTF-8?q?Action=EF=BC=8C=E5=B9=B6=E4=B8=94detail=3DFalse=EF=BC=8C=20drf?= =?UTF-8?q?=E9=BB=98=E8=AE=A4=E4=BC=9A=E7=94=9F=E6=88=90=E8=B7=AF=E7=94=B1?= =?UTF-8?q?=EF=BC=9Amenu/web=5Frouter=EF=BC=8C=E4=B8=8D=E9=9C=80=E8=A6=81?= =?UTF-8?q?=E5=9C=A8url=E4=B8=AD=E9=85=8D=E7=BD=AE=E4=BA=86=EF=BC=8C?= =?UTF-8?q?=E5=A6=82=E6=9E=9C=E9=85=8D=E7=BD=AE=E9=87=8D=E5=A4=8D=E4=BC=9A?= =?UTF-8?q?=E5=AF=BC=E8=87=B4=E6=9D=83=E9=99=90=E9=AA=8C=E8=AF=81=E9=94=99?= =?UTF-8?q?=E8=AF=AF=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/dvadmin/system/views/menu.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/dvadmin/system/views/menu.py b/backend/dvadmin/system/views/menu.py index b791b28..c7f7d2f 100644 --- a/backend/dvadmin/system/views/menu.py +++ b/backend/dvadmin/system/views/menu.py @@ -157,7 +157,7 @@ class MenuViewSet(CustomModelViewSet): filter_fields = ['parent', 'name', 'status', 'is_link', 'visible', 'cache', 'is_catalog'] extra_filter_backends = [] - @action(methods=['GET'], detail=True, permission_classes=[]) + @action(methods=['GET'], detail=False, permission_classes=[]) def web_router(self, request): """用于前端获取当前角色的路由""" user = request.user From c8a2f9b5ddf07d68783e149ffad9a6961fa7c131 Mon Sep 17 00:00:00 2001 From: chuanwei <463266963@qq.com> Date: Mon, 30 May 2022 16:18:22 +0000 Subject: [PATCH 3/3] =?UTF-8?q?update=20backend/dvadmin/system/urls.py.=20?= =?UTF-8?q?=E6=AD=A4=E5=A4=84=E9=85=8D=E7=BD=AE=E5=92=8Cmenu.py=E4=B8=AD?= =?UTF-8?q?=E7=9A=84=E9=85=8D=E7=BD=AE=E5=86=B2=E7=AA=81=EF=BC=8C=E5=BA=94?= =?UTF-8?q?=E5=88=A0=E9=99=A4=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/dvadmin/system/urls.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/dvadmin/system/urls.py b/backend/dvadmin/system/urls.py index 9d6c89f..7ad2ca9 100644 --- a/backend/dvadmin/system/urls.py +++ b/backend/dvadmin/system/urls.py @@ -29,7 +29,7 @@ system_url.register(r'system_config', SystemConfigViewSet) urlpatterns = [ path('role/roleId_get_menu//', RoleViewSet.as_view({'get': 'roleId_get_menu'})), - path('menu/web_router/', MenuViewSet.as_view({'get': 'web_router'})), + #path('menu/web_router/', MenuViewSet.as_view({'get': 'web_router'})), path('user/user_info/', UserViewSet.as_view({'get': 'user_info', 'put': 'update_user_info'})), path('user/change_password//', UserViewSet.as_view({'put': 'change_password'})), path('user/reset_to_default_password//', UserViewSet.as_view({'put': 'reset_to_default_password'})),