Pre Merge pull request !59 from chuanwei/main

backend/dvadmin/system/urls.py

@@ -29,7 +29,7 @@ system_url.register(r'system_config', SystemConfigViewSet)
 
 urlpatterns = [
     path('role/roleId_get_menu/<int:pk>/', RoleViewSet.as_view({'get': 'roleId_get_menu'})),
-    path('menu/web_router/', MenuViewSet.as_view({'get': 'web_router'})),
+    #path('menu/web_router/', MenuViewSet.as_view({'get': 'web_router'})),
     path('user/user_info/', UserViewSet.as_view({'get': 'user_info', 'put': 'update_user_info'})),
     path('user/change_password/<int:pk>/', UserViewSet.as_view({'put': 'change_password'})),
     path('user/reset_to_default_password/<int:pk>/', UserViewSet.as_view({'put': 'reset_to_default_password'})),

backend/dvadmin/system/views/menu.py

@@ -157,7 +157,7 @@ class MenuViewSet(CustomModelViewSet):
     filter_fields = ['parent', 'name', 'status', 'is_link', 'visible', 'cache', 'is_catalog']
     extra_filter_backends = []
 
-    @action(methods=['GET'], detail=True, permission_classes=[])
+    @action(methods=['GET'], detail=False, permission_classes=[])
     def web_router(self, request):
         """用于前端获取当前角色的路由"""
         user = request.user

backend/dvadmin/utils/permission.py

@@ -67,13 +67,13 @@ class CustomPermission(BasePermission):
             return False
         # 对ViewSet下的def方法进行权限判断
         # 当权限为空时,则可以访问
-        is_head = getattr(view, 'head', None)
-        if is_head:
-            head_kwargs = getattr(view.head, 'kwargs', None)
-            if head_kwargs:
-                _permission_classes = getattr(head_kwargs, 'permission_classes', None)
-                if _permission_classes is None:
-                    return True
+        # is_head = getattr(view, 'head', None)
+        # if is_head:
+        #    head_kwargs = getattr(view.head, 'kwargs', None)
+        #    if head_kwargs:
+        #        _permission_classes = getattr(head_kwargs, 'permission_classes', None)
+        #        if _permission_classes is None:
+        #            return True
         # 判断是否是超级管理员
         if request.user.is_superuser:
             return True
@@ -85,14 +85,14 @@ class CustomPermission(BasePermission):
             # ***接口白名单***
             api_white_list = ApiWhiteList.objects.values(permission__api=F('url'), permission__method=F('method'))
             api_white_list = [
-                str(item.get('permission__api').replace('{id}', '.*?')) + ":" + str(item.get('permission__method')) for
+                str(item.get('permission__api').replace('{id}', '\d+')) + ":" + str(item.get('permission__method')) for
                 item in api_white_list if item.get('permission__api')]
             # ********#
             if not hasattr(request.user, "role"):
                 return False
             userApiList = request.user.role.values('permission__api', 'permission__method')  # 获取当前用户的角色拥有的所有接口
             ApiList = [
-                str(item.get('permission__api').replace('{id}', '.*?')) + ":" + str(item.get('permission__method')) for
+                str(item.get('permission__api').replace('{id}', '\d+')) + ":" + str(item.get('permission__method')) for
                 item in
                        userApiList if item.get('permission__api')]
             new_api_ist =  api_white_list + ApiList