zcdsj
/
examtest
mirror of https://e.coding.net/ctcdevteam/examtest.git
5
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: 调整权限控制

This commit is contained in:
caoqianming 2024-09-23 03:34:44 +00:00
parent ab94dc48c4
commit 0b31dad59b
4 changed files with 18 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
test_server/crm/permission.py
View File

@ -5,6 +5,8 @@ from rest_framework.permissions import IsAuthenticated
from django.core.cache import cache
from django.utils import timezone
from datetime import datetime, timedelta
from django.core.cache import cache
from rbac.permission import get_permission_list
# 学员接口列表
ConsumerPerms = [
'paper_view',
@ -54,10 +56,9 @@ class MyPermission(RbacPermission):
"""
perms = []
if isinstance(request.user, UserProfile): # 如果是管理员表
if request.user.is_superuser:
return True
if 'perms' in request.session:
perms = request.session['perms']
perms = cache.get(f'{request.user.id}_perms', None)
if perms is None:
perms = get_permission_list(request.user)
perms.extend(ConsumerPerms)
elif isinstance(request.user, Consumer): # 如果是客户
perms = cache.get('cperms_'+str(request.user.id), None)

4
test_server/question/views.py
View File

@ -29,7 +29,7 @@ class SubjectViewSet(ModelViewSet):
学科分类增删改查
"""
perms_map = (
{'get': 'subject_view'}, {'post': 'subject_create'},
{'get': '*'}, {'post': 'subject_create'},
{'put': 'subject_update'}, {'delete': 'subject_delete'})
queryset = Questioncat.objects.filter(is_subject=True,is_delete=0).all().order_by("id")
serializer_class = SubjectSerializer
@ -44,7 +44,7 @@ class QuestioncatViewSet(ModelViewSet):
题库分类增删改查
"""
perms_map = (
{'get': 'questioncat_view'}, {'post': 'questioncat_create'},
{'get': '*'}, {'post': 'questioncat_create'},
{'put': 'questioncat_update'}, {'delete': 'questioncat_delete'})
queryset = Questioncat.objects.filter(is_delete=0,is_subject=False).all()
serializer_class = QuestioncatSerializerDefault

18
test_server/rbac/permission.py
View File

@ -1,5 +1,6 @@
from rest_framework.permissions import BasePermission
from .models import Menu
from django.core.cache import cache
def get_all_menu_queryset(user):
@ -19,11 +20,13 @@ def get_permission_list(user):
menus = get_all_menu_queryset(user)
perms_list = menus.values_list('method',flat=True)
perms_list = list(perms_list)
# if user.is_superuser:
# perms_list.append('admin')
perms_l = []
if perms_list:
return list(perms_list)
return ['basic']
perms_l = perms_list
else:
perms_l = ['basic']
cache.set(f'{user.id}_perms', perms_l, timeout=None)
return perms_l
class RbacPermission(BasePermission):
"""
@ -38,11 +41,8 @@ class RbacPermission(BasePermission):
:return:
"""
perms = []
if request.user.is_superuser:
return True
if 'perms' in request.session:
perms = request.session['perms']
else:
perms = cache.get(f'{request.user.id}_perms', None)
if perms is None:
perms = get_permission_list(request.user)
if perms:
if request.user.is_superuser:

4
test_server/rbac/views/user.py
View File

@ -30,6 +30,7 @@ from ..serializers.user_serializer import (UserCreateSerializer,
from server.conf import *
from rest_framework_jwt.serializers import jwt_encode_handler
from crm.views import my_payload_handler
from django.core.cache import cache
class UserLogoutView(APIView):
authentication_classes = ()
@ -46,7 +47,6 @@ class UserInfoView(APIView):
if request.user.id is not None:
user = request.user
perms = get_permission_list(user)
request.session['perms'] = perms # 存到session表中
data = {
'id': user.id,
'username': user.username,
@ -73,7 +73,7 @@ class UserViewSet(PageOrNot, ModelViewSet):
"""
用户管理增删改查
"""
perms_map = ({'get': 'user_list'}, {'post': 'user_create'}, {'put': 'user_update'},
perms_map = ({'get': 'user_view'}, {'post': 'user_create'}, {'put': 'user_update'},
{'delete': 'user_delete'})
queryset = UserProfile.objects.filter(is_delete=0).all()
serializer_class = UserListSerializer