mirror of https://github.com/jumpserver/jumpserver
Test permmision
ibuler
parent
bb76f6c652
commit
d95ffdfbf7
|
|
@ -173,12 +173,12 @@ REST_FRAMEWORK = {
|
||||||
# Use Django's standard `django.contrib.auth` permissions,
|
# Use Django's standard `django.contrib.auth` permissions,
|
||||||
# or allow read-only access for unauthenticated users.
|
# or allow read-only access for unauthenticated users.
|
||||||
'DEFAULT_PERMISSION_CLASSES': (
|
'DEFAULT_PERMISSION_CLASSES': (
|
||||||
'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly',
|
'rest_framework.permissions.IsAdminUser',
|
||||||
|
),
|
||||||
|
'DEFAULT_AUTHENTICATION_CLASSES': (
|
||||||
|
'rest_framework.authentication.BasicAuthentication',
|
||||||
|
'rest_framework.authentication.SessionAuthentication',
|
||||||
),
|
),
|
||||||
# 'DEFAULT_AUTHENTICATION_CLASSES': (
|
|
||||||
# 'rest_framework.authentication.BasicAuthentication',
|
|
||||||
# 'rest_framework.authentication.SessionAuthentication',
|
|
||||||
# ),
|
|
||||||
}
|
}
|
||||||
# This setting is required to override the Django's main loop, when running in
|
# This setting is required to override the Django's main loop, when running in
|
||||||
# development mode, such as ./manage runserver
|
# development mode, such as ./manage runserver
|
||||||
|
|
|
||||||
|
|
@ -35,7 +35,9 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
var csrftoken = getCookie('csrftoken');
|
var csrftoken = getCookie('csrftoken');
|
||||||
console.log(csrftoken)
|
var sessionid = getCookie('sessionid');
|
||||||
|
console.log(csrftoken);
|
||||||
|
console.log(sessionid);
|
||||||
|
|
||||||
function csrfSafeMethod(method) {
|
function csrfSafeMethod(method) {
|
||||||
// these HTTP methods do not require CSRF protection
|
// these HTTP methods do not require CSRF protection
|
||||||
|
|
@ -46,6 +48,7 @@
|
||||||
beforeSend: function(xhr, settings) {
|
beforeSend: function(xhr, settings) {
|
||||||
if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
|
if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
|
||||||
xhr.setRequestHeader("X-CSRFToken", csrftoken);
|
xhr.setRequestHeader("X-CSRFToken", csrftoken);
|
||||||
|
{# xhr.setRequestHeader("sessionid", sessionid);#}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
|
||||||
|
|
@ -13,11 +13,24 @@ class UserListAddApi(generics.ListCreateAPIView):
|
||||||
queryset = User.objects.all()
|
queryset = User.objects.all()
|
||||||
serializer_class = UserSerializer
|
serializer_class = UserSerializer
|
||||||
|
|
||||||
|
# permission_classes = (
|
||||||
|
# permissions.DenyAll,
|
||||||
|
# )
|
||||||
|
|
||||||
|
|
||||||
class UserDetailDeleteUpdateApi(generics.RetrieveUpdateDestroyAPIView):
|
class UserDetailDeleteUpdateApi(generics.RetrieveUpdateDestroyAPIView):
|
||||||
queryset = User.objects.all()
|
queryset = User.objects.all()
|
||||||
serializer_class = UserSerializer
|
serializer_class = UserSerializer
|
||||||
|
|
||||||
|
def put(self, request, *args, **kwargs):
|
||||||
|
print(request.META)
|
||||||
|
return super(UserDetailDeleteUpdateApi, self).put(request, *args, **kwargs)
|
||||||
|
|
||||||
|
# def get(self, request, *args, **kwargs):
|
||||||
|
# print("hello world")
|
||||||
|
# print(request.user)
|
||||||
|
# return super(UserDetailDeleteUpdateApi, self).get(request, *args, **kwargs)
|
||||||
|
|
||||||
|
|
||||||
class UserGroupListAddApi(generics.ListCreateAPIView):
|
class UserGroupListAddApi(generics.ListCreateAPIView):
|
||||||
queryset = UserGroup.objects.all()
|
queryset = UserGroup.objects.all()
|
||||||
|
|
|
||||||
|
|
@ -148,7 +148,7 @@ class User(AbstractUser):
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def is_staff(self):
|
def is_staff(self):
|
||||||
if self.is_authenticated and self.is_active and not self.is_expired:
|
if self.is_authenticated and self.is_active and not self.is_expired and self.is_superuser:
|
||||||
return True
|
return True
|
||||||
else:
|
else:
|
||||||
return False
|
return False
|
||||||
|
|
|
||||||
|
|
@ -231,13 +231,19 @@
|
||||||
var status = $(obj).prop('checked');
|
var status = $(obj).prop('checked');
|
||||||
|
|
||||||
$.ajax({
|
$.ajax({
|
||||||
{# url: "{% url 'users:user-detail-api' pk=user.id %}",#}
|
url: "{% url 'users:user-detail-api' pk=user.id %}",
|
||||||
url: "{% url 'users:login' %}",
|
{# url: "{% url 'users:login' %}",#}
|
||||||
type: "POST",
|
type: "PUT",
|
||||||
data: {
|
data: {
|
||||||
'username': "{{ user.username }}",
|
'username': "{{ user.username }}",
|
||||||
'email': "{{ user.email }}",
|
'email': "{{ user.email }}",
|
||||||
'is_active': status
|
'is_active': status
|
||||||
|
},
|
||||||
|
success: function (data, status) {
|
||||||
|
console.log(data)
|
||||||
|
},
|
||||||
|
error: function () {
|
||||||
|
console.log('error')
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -28,9 +28,11 @@ class UserLoginView(FormView):
|
||||||
return HttpResponseRedirect(reverse('users:user-list'))
|
return HttpResponseRedirect(reverse('users:user-list'))
|
||||||
return super(UserLoginView, self).get(request, *args, **kwargs)
|
return super(UserLoginView, self).get(request, *args, **kwargs)
|
||||||
|
|
||||||
# def post(self, request, *args, **kwargs):
|
def post(self, request, *args, **kwargs):
|
||||||
# print(self.request.user)
|
print(self.request.user)
|
||||||
# return HttpResponseRedirect('/')
|
print(request.POST)
|
||||||
|
print(request.session.session_key)
|
||||||
|
return HttpResponseRedirect('/')
|
||||||
|
|
||||||
def form_valid(self, form):
|
def form_valid(self, form):
|
||||||
username = form.cleaned_data.get('username', '')
|
username = form.cleaned_data.get('username', '')
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue