表达式流转安全构建

hb_server/apps/pm/views.py

@@ -122,6 +122,7 @@ class SubProductionPlanViewSet(CreateUpdateModelAMixin, ListModelMixin, UpdateMo
             obj.save()
             return Response()
         raise APIException('计划状态有误')
+        
 class ResourceViewSet(GenericViewSet):
     
     perms_map = {'*': '*'}

hb_server/apps/wf/services.py

@@ -7,6 +7,7 @@ from rest_framework.exceptions import APIException
 from django.utils import timezone
 from datetime import timedelta
 import random
+from ast import literal_eval
 class WfService(object):
     @staticmethod
     def get_worlflow_states(workflow:Workflow):
@@ -115,7 +116,7 @@ class WfService(object):
             for i in transition.condition_expression:
                 expression = i['expression'].format(**ticket_all_value)
                 import datetime, time  # 用于支持条件表达式中对时间的操作
-                if eval(expression):
+                if literal_eval(expression):
                     destination_state = State.objects.get(pk=i['target_state'])
         return destination_state
     

hb_server/apps/wpm/admin.py

@@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.

hb_server/apps/wpm/apps.py

@@ -0,0 +1,7 @@
+from django.apps import AppConfig
+
+class WpmConfig(AppConfig):
+    name = 'apps.wpm'
+    verbose_name = '车间生产'
+
+

hb_server/apps/wpm/models.py

@@ -0,0 +1,27 @@
+from django.db import models
+from django.db.models.base import Model
+import django.utils.timezone as timezone
+from django.db.models.query import QuerySet
+from apps.system.models import CommonAModel, CommonBModel, Organization, User, Dict, File
+from utils.model import SoftModel, BaseModel
+from simple_history.models import HistoricalRecords
+
+
+
+class Vendor(CommonAModel):
+    """
+    供应商信息
+    """
+    
+    name = models.CharField('供应商名称', max_length=50, unique=True)
+    contact = models.CharField('联系人', max_length=20)
+    contact_phone = models.CharField('联系电话', max_length=11, unique=True)
+    address = models.CharField('地址', max_length=200, null=True, blank=True)
+    description = models.CharField('描述', max_length=200, blank=True, null=True)
+    material = models.CharField('供应的物料', max_length=200, blank=True, null=True)
+    class Meta:
+        verbose_name = '供应商信息'
+        verbose_name_plural = verbose_name
+
+    def __str__(self):
+        return self.name

hb_server/apps/wpm/serializers.py

@@ -0,0 +1,9 @@
+from rest_framework.serializers import ModelSerializer
+
+from .models import Vendor
+
+
+class VendorSerializer(ModelSerializer):
+    class Meta:
+        model = Vendor
+        fields = '__all__'

hb_server/apps/wpm/tests.py

@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.

hb_server/apps/wpm/urls.py

@@ -0,0 +1,12 @@
+from django.db.models import base
+from rest_framework import urlpatterns
+from apps.pum.views import VendorViewSet
+from django.urls import path, include
+from rest_framework.routers import DefaultRouter
+
+router = DefaultRouter()
+router.register('vendor', VendorViewSet, basename='vendor')
+urlpatterns = [
+    path('', include(router.urls)),
+]
+

hb_server/apps/wpm/views.py

@@ -0,0 +1,21 @@
+from django.shortcuts import render
+from rest_framework.viewsets import ModelViewSet
+
+from apps.pum.models import Vendor
+from apps.pum.serializers import VendorSerializer
+from apps.system.mixins import CreateUpdateModelAMixin, OptimizationMixin
+
+
+# Create your views here.
+class VendorViewSet(CreateUpdateModelAMixin, ModelViewSet):
+    """
+    供应商-增删改查
+    """
+    perms_map = {'get': '*', 'post': 'vendor_create',
+                 'put': 'vendor_update', 'delete': 'vendor_delete'}
+    queryset = Vendor.objects.all()
+    serializer_class = VendorSerializer
+    search_fields = ['name', 'contact']
+    filterset_fields = []
+    ordering_fields = ['create_time']
+    ordering = ['-create_time']