Pre Merge pull request !59 from chuanwei/main

2022-05-30 16:22:29 +00:00 · 2022-05-30 16:22:29 +00:00 · e2d4365761
parent 3d1f5225c2 c8a2f9b5dd
commit e2d4365761
3 changed files with 11 additions and 11 deletions
--- a/backend/dvadmin/system/urls.py
+++ b/backend/dvadmin/system/urls.py
@ -29,7 +29,7 @@ system_url.register(r'system_config', SystemConfigViewSet)
 urlpatterns = [
    path('role/roleId_get_menu/<int:pk>/', RoleViewSet.as_view({'get': 'roleId_get_menu'})),
-    path('menu/web_router/', MenuViewSet.as_view({'get': 'web_router'})),
+    #path('menu/web_router/', MenuViewSet.as_view({'get': 'web_router'})),
    path('user/user_info/', UserViewSet.as_view({'get': 'user_info', 'put': 'update_user_info'})),
    path('user/change_password/<int:pk>/', UserViewSet.as_view({'put': 'change_password'})),
    path('user/reset_to_default_password/<int:pk>/', UserViewSet.as_view({'put': 'reset_to_default_password'})),
--- a/backend/dvadmin/system/views/menu.py
+++ b/backend/dvadmin/system/views/menu.py
@ -157,7 +157,7 @@ class MenuViewSet(CustomModelViewSet):
    filter_fields = ['parent', 'name', 'status', 'is_link', 'visible', 'cache', 'is_catalog']
    extra_filter_backends = []
-    @action(methods=['GET'], detail=True, permission_classes=[])
+    @action(methods=['GET'], detail=False, permission_classes=[])
    def web_router(self, request):
        """用于前端获取当前角色的路由"""
        user = request.user
--- a/backend/dvadmin/utils/permission.py
+++ b/backend/dvadmin/utils/permission.py
@ -67,13 +67,13 @@ class CustomPermission(BasePermission):
            return False
        # 对ViewSet下的def方法进行权限判断
        # 当权限为空时,则可以访问
-        is_head = getattr(view, 'head', None)
+        # is_head = getattr(view, 'head', None)
-        if is_head:
+        # if is_head:
-            head_kwargs = getattr(view.head, 'kwargs', None)
+        #    head_kwargs = getattr(view.head, 'kwargs', None)
-            if head_kwargs:
+        #    if head_kwargs:
-                _permission_classes = getattr(head_kwargs, 'permission_classes', None)
+        #        _permission_classes = getattr(head_kwargs, 'permission_classes', None)
-                if _permission_classes is None:
+        #        if _permission_classes is None:
-                    return True
+        #            return True
        # 判断是否是超级管理员
        if request.user.is_superuser:
            return True
@ -85,14 +85,14 @@ class CustomPermission(BasePermission):
            # ***接口白名单***
            api_white_list = ApiWhiteList.objects.values(permission__api=F('url'), permission__method=F('method'))
            api_white_list = [
-                str(item.get('permission__api').replace('{id}', '.*?')) + ":" + str(item.get('permission__method')) for
+                str(item.get('permission__api').replace('{id}', '\d+')) + ":" + str(item.get('permission__method')) for
                item in api_white_list if item.get('permission__api')]
            # ********#
            if not hasattr(request.user, "role"):
                return False
            userApiList = request.user.role.values('permission__api', 'permission__method')  # 获取当前用户的角色拥有的所有接口
            ApiList = [
-                str(item.get('permission__api').replace('{id}', '.*?')) + ":" + str(item.get('permission__method')) for
+                str(item.get('permission__api').replace('{id}', '\d+')) + ":" + str(item.get('permission__method')) for
                item in
                       userApiList if item.get('permission__api')]
            new_api_ist =  api_white_list + ApiList