from rbac.permission import RbacPermission from rbac.models import UserProfile from crm.models import Consumer from rest_framework.permissions import IsAuthenticated from django.core.cache import cache from django.utils import timezone from datetime import datetime # 学员接口列表 ConsumerPerms = [ 'paper_view', 'gen_monitest', 'questioncat_view', 'my_collects', 'my_subjects', 'my_examtest', 'exercise', 'down_material' ] VistorPerms = [ 'gen_monitest', 'questioncat_view', 'my_examtest', ] def get_consumerperm_list(consumer): perms = list(consumer.role.perms.values_list('code', flat=True)) if consumer.exceed_date and (consumer.exceed_date < datetime.date(timezone.now())): perms.append('account_exceed') cache.get_or_set('cperms_'+str(consumer.id), perms) return perms class MyPermission(RbacPermission): def has_permission(self, request, view): """ 权限校验逻辑 :param request: :param view: :return: """ perms = [] if 'perms' in request.session: perms = request.session['perms'] elif isinstance(request.user,UserProfile): # 如果是管理员表 # perms = get_permission_list(request.user) return True elif isinstance(request.user,Consumer): if cache.get('cperms_'+str(request.user.id)): perms = cache.get('cperms_'+str(request.user.id)) else: perms = get_consumerperm_list(request.user) if perms: if not hasattr(view, 'perms_map'): return True elif 'account_exceed' in perms: #账户过期 return False else: perms_map = view.perms_map _method = request._request.method.lower() for i in perms_map: for method, alias in i.items(): if ((_method == method or method == '*') and alias in perms)or alias == '*': return True return False