gitee
/
django-vue-admin
mirror of https://gitee.com/liqianglog/django-vue-admin
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

!61 修复可能导致权限验证失效的问题 

!61 修复可能导致权限验证失效的问题
pull/62/MERGE
dvadmin 2022-05-31 02:12:13 +00:00 committed by Gitee
parent 5b53331f80 61904e3248
commit eded552582
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
7 changed files with 7 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
backend/dvadmin/system/urls.py
View File

@ -28,12 +28,6 @@ system_url.register(r'api_white_list', ApiWhiteListViewSet)
system_url.register(r'system_config', SystemConfigViewSet) system_url.register(r'system_config', SystemConfigViewSet)
urlpatterns = [ urlpatterns = [
path('role/roleId_get_menu/<int:pk>/', RoleViewSet.as_view({'get': 'roleId_get_menu'})),
path('menu/web_router/', MenuViewSet.as_view({'get': 'web_router'})),
path('user/user_info/', UserViewSet.as_view({'get': 'user_info', 'put': 'update_user_info'})),
path('user/change_password/<int:pk>/', UserViewSet.as_view({'put': 'change_password'})),
path('user/reset_to_default_password/<int:pk>/', UserViewSet.as_view({'put': 'reset_to_default_password'})),
path('user/reset_password/<int:pk>/', UserViewSet.as_view({'put': 'reset_password'})),
path('user/export/', UserViewSet.as_view({'post': 'export_data', })), path('user/export/', UserViewSet.as_view({'post': 'export_data', })),
path('user/import/', UserViewSet.as_view({'get': 'import_data', 'post': 'import_data'})), path('user/import/', UserViewSet.as_view({'get': 'import_data', 'post': 'import_data'})),
path('system_config/save_content/', SystemConfigViewSet.as_view({'put': 'save_content'})), path('system_config/save_content/', SystemConfigViewSet.as_view({'put': 'save_content'})),

2
backend/dvadmin/system/views/menu.py
View File

@ -157,7 +157,7 @@ class MenuViewSet(CustomModelViewSet):
filter_fields = ['parent', 'name', 'status', 'is_link', 'visible', 'cache', 'is_catalog'] filter_fields = ['parent', 'name', 'status', 'is_link', 'visible', 'cache', 'is_catalog']
extra_filter_backends = [] extra_filter_backends = []
@action(methods=['GET'], detail=True, permission_classes=[]) @action(methods=['GET'], detail=False, permission_classes=[])
def web_router(self, request): def web_router(self, request):
"""用于前端获取当前角色的路由""" """用于前端获取当前角色的路由"""
user = request.user user = request.user

4
backend/dvadmin/system/views/user.py
View File

@ -229,7 +229,7 @@ class UserViewSet(CustomModelViewSet):
"role": "角色ID", "role": "角色ID",
} }
@action(methods=["GET"], detail=True, permission_classes=[IsAuthenticated]) @action(methods=["GET"], detail=False, permission_classes=[IsAuthenticated])
def user_info(self, request): def user_info(self, request):
"""获取当前用户信息""" """获取当前用户信息"""
user = request.user user = request.user
@ -242,7 +242,7 @@ class UserViewSet(CustomModelViewSet):
} }
return DetailResponse(data=result, msg="获取成功") return DetailResponse(data=result, msg="获取成功")
@action(methods=["PUT"], detail=True, permission_classes=[IsAuthenticated]) @action(methods=["PUT"], detail=False, permission_classes=[IsAuthenticated])
def update_user_info(self, request): def update_user_info(self, request):
"""修改当前用户信息""" """修改当前用户信息"""
user = request.user user = request.user

8
backend/dvadmin/utils/permission.py
View File

@ -65,14 +65,6 @@ class CustomPermission(BasePermission):
def has_permission(self, request, view): def has_permission(self, request, view):
if isinstance(request.user, AnonymousUser): if isinstance(request.user, AnonymousUser):
return False return False
# 对ViewSet下的def方法进行权限判断
# 当权限为空时,则可以访问
is_head = getattr(view, 'head', None)
if is_head:
head_kwargs = getattr(view.head, 'kwargs', {})
_permission_classes = head_kwargs.get('permission_classes', None)
if _permission_classes == []:
return True
# 判断是否是超级管理员 # 判断是否是超级管理员
if request.user.is_superuser: if request.user.is_superuser:
return True return True

4
web/src/layout/header-aside/components/header-user/userinfo.vue
View File

@ -218,7 +218,7 @@ export default {
_self.$refs.userInfoForm.validate((valid) => { _self.$refs.userInfoForm.validate((valid) => {
if (valid) { if (valid) {
request({ request({
url: '/api/system/user/user_info/', url: '/api/system/user/update_user_info/',
method: 'put', method: 'put',
data: _self.userInfo data: _self.userInfo
}).then((res) => { }).then((res) => {
@ -266,7 +266,7 @@ export default {
params.newPassword = _self.$md5(params.newPassword) params.newPassword = _self.$md5(params.newPassword)
params.newPassword2 = _self.$md5(params.newPassword2) params.newPassword2 = _self.$md5(params.newPassword2)
request({ request({
url: '/api/system/user/change_password/' + userId + '/', url: '/api/system/user/' + userId + '/change_password/',
method: 'put', method: 'put',
data: params data: params
}).then((res) => { }).then((res) => {

2
web/src/views/system/rolePermission/api.js
View File

@ -47,7 +47,7 @@ export function DelObj (id) {
// 通过角色id,获取菜单数据 // 通过角色id,获取菜单数据
export function GetMenuData (obj) { export function GetMenuData (obj) {
return request({ return request({
url: '/api/system/role/roleId_get_menu/' + obj.id + '/', url: '/api/system/role/' + obj.id + '/roleId_get_menu/',
method: 'get', method: 'get',
params: {} params: {}
}).then(res => { }).then(res => {

2
web/src/views/system/user/api.js
View File

@ -50,7 +50,7 @@ export function DelObj (id) {
*/ */
export function ResetPwd (obj) { export function ResetPwd (obj) {
return request({ return request({
url: urlPrefix + 'reset_password/' + obj.id + '/', url: urlPrefix + obj.id + '/reset_password/',
method: 'put', method: 'put',
data: obj data: obj
}) })