diff --git a/test_client/src/api/user.js b/test_client/src/api/user.js index a72fe94..e27ac2e 100644 --- a/test_client/src/api/user.js +++ b/test_client/src/api/user.js @@ -64,4 +64,12 @@ export function deleteUser(id, data) { }) } +export function changePassword(data) { + return request({ + url: '/rbac/user/password/', + method: 'put', + data + }) +} + diff --git a/test_client/src/layout/components/Navbar.vue b/test_client/src/layout/components/Navbar.vue index e8a4fac..7ec580c 100644 --- a/test_client/src/layout/components/Navbar.vue +++ b/test_client/src/layout/components/Navbar.vue @@ -16,6 +16,11 @@ 首页 + + + 修改密码 + + @@ -32,7 +32,7 @@ - 证书查询 + 成绩报告单查询 diff --git a/test_mini/project.config.json b/test_mini/project.config.json index 3f8eef0..631541b 100644 --- a/test_mini/project.config.json +++ b/test_mini/project.config.json @@ -18,15 +18,15 @@ "checkInvalidKey": true, "checkSiteMap": true, "uploadWithSourceMap": true, - "compileHotReLoad": false, "babelSetting": { "ignore": [], "disablePlugins": [], "outputPath": "" }, - "useIsolateContext": true, - "useCompilerModule": true, - "userConfirmedUseCompilerModuleSwitch": false + "useCompilerModule": false, + "userConfirmedUseCompilerModuleSwitch": false, + "compileHotReLoad": false, + "useIsolateContext": true }, "compileType": "miniprogram", "libVersion": "2.10.3", diff --git a/test_server/crm/migrations/0020_consumer_create_admin.py b/test_server/crm/migrations/0020_consumer_create_admin.py new file mode 100644 index 0000000..d8694d9 --- /dev/null +++ b/test_server/crm/migrations/0020_consumer_create_admin.py @@ -0,0 +1,21 @@ +# Generated by Django 3.0.4 on 2020-08-10 03:51 + +from django.conf import settings +from django.db import migrations, models +import django.db.models.deletion + + +class Migration(migrations.Migration): + + dependencies = [ + migrations.swappable_dependency(settings.AUTH_USER_MODEL), + ('crm', '0019_auto_20200802_0931'), + ] + + operations = [ + migrations.AddField( + model_name='consumer', + name='create_admin', + field=models.ForeignKey(default=1, on_delete=django.db.models.deletion.DO_NOTHING, to=settings.AUTH_USER_MODEL), + ), + ] diff --git a/test_server/crm/models.py b/test_server/crm/models.py index 0027b2c..f95a7a4 100644 --- a/test_server/crm/models.py +++ b/test_server/crm/models.py @@ -1,6 +1,6 @@ from django.db import models import django.utils.timezone as timezone -from rbac.models import SoftCommonModel, CommonModel +from rbac.models import SoftCommonModel, CommonModel, UserProfile from question.models import Questioncat, Question from examtest.models_paper import WorkScope from django.contrib.postgres.fields import JSONField @@ -71,6 +71,8 @@ class Consumer(CommonModel): ID_number = models.CharField('身份证号', max_length=100, null=True, blank=True) realname = models.CharField('真实姓名', max_length=100, null=True, blank=True) + create_admin = models.ForeignKey(UserProfile, default=1, on_delete=models.DO_NOTHING) + class Meta: verbose_name = '客户' diff --git a/test_server/crm/views.py b/test_server/crm/views.py index a634e80..d93136b 100644 --- a/test_server/crm/views.py +++ b/test_server/crm/views.py @@ -123,7 +123,9 @@ class ConsumerViewSet(ModelViewSet): def get_queryset(self): queryset = self.queryset - queryset = self.get_serializer_class().setup_eager_loading(queryset) + queryset = self.get_serializer_class().setup_eager_loading(queryset) + if not self.request.user.is_superuser: + queryset = queryset.filter(create_admin = self.request.user) return queryset def create(self, request, *args, **kwargs): diff --git a/test_server/examtest/views.py b/test_server/examtest/views.py index 94fb73a..dc1236d 100644 --- a/test_server/examtest/views.py +++ b/test_server/examtest/views.py @@ -219,7 +219,7 @@ class ExamTestViewSet(ModelViewSet): """ 考试记录列表和详情 """ - perms_map = [{'get': 'examtest_list'},{'post': '*'}] + perms_map = [{'get': 'examtest_view'},{'post': '*'}] pagination_class = CommonPagination queryset = ExamTest.objects.filter(is_delete=0).all() serializer_class = ExamTestListSerializer @@ -244,6 +244,8 @@ class ExamTestViewSet(ModelViewSet): queryset = queryset.filter(start_time__gte=self.request.query_params['start'] ) if self.request.query_params.get('end'): queryset = queryset.filter(start_time__lte=self.request.query_params['end']) + if not self.request.user.is_superuser: + queryset = queryset.filter(consumer__create_admin = self.request.user) return queryset @action(methods=['get'], detail=False,url_path='self', url_name='selftest', perms_map = [{'*':'my_examtest'}]) def selftest(self, request, pk=None): diff --git a/test_server/rbac/views/user.py b/test_server/rbac/views/user.py index afc334b..8955510 100644 --- a/test_server/rbac/views/user.py +++ b/test_server/rbac/views/user.py @@ -65,13 +65,13 @@ class UserViewSet(ModelViewSet): """ perms_map = ({'get': 'user_list'}, {'post': 'user_create'}, {'put': 'user_update'}, {'delete': 'user_delete'}) - queryset = UserProfile.objects.filter(is_delete=0).all().order_by('-id') + queryset = UserProfile.objects.filter(is_delete=0).all() serializer_class = UserListSerializer pagination_class = CommonPagination # filter_backends = (DjangoFilterBackend, SearchFilter, OrderingFilter) filter_fields = ('is_active',) # search_fields = ('username', 'name', 'mobile', 'email') - ordering_fields = ('-id',) + ordering_fields = ('id',) # authentication_classes = (JSONWebTokenAuthentication,) # permission_classes = (RbacPermission,IsAuthenticated) @@ -107,38 +107,30 @@ class UserViewSet(ModelViewSet): if password: request.data['password'] = make_password(password) else: - request.data['password'] = make_password('0000') + request.data['password'] = make_password('fs0000') serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) self.perform_create(serializer) headers = self.get_success_headers(serializer.data) return Response(serializer.data, headers=headers) - @action(methods=['post'], detail=True, permission_classes=[IsAuthenticated], - url_path='change_passwd', url_name='change_passwd') - def set_password(self, request, pk=None): - perms = UserInfoView.get_permission_from_role(request) - user = UserProfile.objects.get(id=pk) - if 'admin' in perms or 'user_all' in perms or request.user.is_superuser: + @action(methods=['put'], detail=False, permission_classes=[IsAuthenticated], # perms_map={'put':'change_password'} + url_name='change_password') + def password(self, request, pk=None): + """ + 修改密码 + """ + user = request.user + old_password = request.data['old_password'] + if check_password(old_password, user.password): new_password1 = request.data['new_password1'] new_password2 = request.data['new_password2'] if new_password1 == new_password2: user.set_password(new_password2) user.save() - return Response({"detail": '密码修改成功!'}) + return Response('密码修改成功!') else: - return Response({"error": '新密码两次输入不一致!'}) + return Response({'error': '新密码两次输入不一致!'}) else: - old_password = request.data['old_password'] - if check_password(old_password, user.password): - new_password1 = request.data['new_password1'] - new_password2 = request.data['new_password2'] - if new_password1 == new_password2: - user.set_password(new_password2) - user.save() - return Response({"error": '密码修改成功!'}) - else: - return Response({"error": '新密码两次输入不一致!'}) - else: - return Response({"error": '旧密码错误!'}) + return Response({'error':'旧密码错误!'}) diff --git a/test_server/utils/response.py b/test_server/utils/response.py index 9fdac67..13f8553 100644 --- a/test_server/utils/response.py +++ b/test_server/utils/response.py @@ -45,7 +45,7 @@ class FitJSONRenderer(JSONRenderer): response = renderer_context.get("response") response_body.code = response.status_code if response_body.code >= 400: # drf异常 - response_body.msg = response.data + response_body.msg = data['detail'] if 'detail' in data else data elif data and 'error' in data and data['error']:# 自传异常,key为error response_body.code = data.get("code",400) response_body.msg = data.get("error", "")