eval 安全性处理
This commit is contained in:
parent
c63a636efe
commit
29612764ae
|
@ -39,6 +39,7 @@ class State(CommonAModel):
|
||||||
PARTICIPANT_TYPE_ROBOT = 6
|
PARTICIPANT_TYPE_ROBOT = 6
|
||||||
PARTICIPANT_TYPE_FIELD = 7
|
PARTICIPANT_TYPE_FIELD = 7
|
||||||
PARTICIPANT_TYPE_PARENT_FIELD = 8
|
PARTICIPANT_TYPE_PARENT_FIELD = 8
|
||||||
|
PARTICIPANT_TYPE_FORMCODE = 9
|
||||||
state_participanttype_choices = (
|
state_participanttype_choices = (
|
||||||
(0, '无处理人'),
|
(0, '无处理人'),
|
||||||
(PARTICIPANT_TYPE_PERSONAL, '个人'),
|
(PARTICIPANT_TYPE_PERSONAL, '个人'),
|
||||||
|
@ -48,7 +49,8 @@ class State(CommonAModel):
|
||||||
(PARTICIPANT_TYPE_VARIABLE, '变量'),
|
(PARTICIPANT_TYPE_VARIABLE, '变量'),
|
||||||
(PARTICIPANT_TYPE_ROBOT, '脚本'),
|
(PARTICIPANT_TYPE_ROBOT, '脚本'),
|
||||||
(PARTICIPANT_TYPE_FIELD, '工单的字段'),
|
(PARTICIPANT_TYPE_FIELD, '工单的字段'),
|
||||||
(PARTICIPANT_TYPE_PARENT_FIELD, '父工单的字段')
|
(PARTICIPANT_TYPE_PARENT_FIELD, '父工单的字段'),
|
||||||
|
(PARTICIPANT_TYPE_FORMCODE, '代码获取')
|
||||||
)
|
)
|
||||||
STATE_DISTRIBUTE_TYPE_ACTIVE = 1 # 主动接单
|
STATE_DISTRIBUTE_TYPE_ACTIVE = 1 # 主动接单
|
||||||
STATE_DISTRIBUTE_TYPE_DIRECT = 2 # 直接处理(当前为多人的情况,都可以处理,而不需要先接单)
|
STATE_DISTRIBUTE_TYPE_DIRECT = 2 # 直接处理(当前为多人的情况,都可以处理,而不需要先接单)
|
||||||
|
|
|
@ -119,7 +119,7 @@ class WfService(object):
|
||||||
for i in transition.condition_expression:
|
for i in transition.condition_expression:
|
||||||
expression = i['expression'].format(**ticket_all_value)
|
expression = i['expression'].format(**ticket_all_value)
|
||||||
import datetime, time # 用于支持条件表达式中对时间的操作
|
import datetime, time # 用于支持条件表达式中对时间的操作
|
||||||
if eval(expression):
|
if eval(expression, {"__builtins__":None}, {'datetime':datetime, 'time':time}):
|
||||||
destination_state = State.objects.get(pk=i['target_state'])
|
destination_state = State.objects.get(pk=i['target_state'])
|
||||||
return destination_state
|
return destination_state
|
||||||
|
|
||||||
|
|
|
@ -15,6 +15,7 @@ from apps.wf.services import WfService
|
||||||
from rest_framework.exceptions import APIException, PermissionDenied
|
from rest_framework.exceptions import APIException, PermissionDenied
|
||||||
from rest_framework import status
|
from rest_framework import status
|
||||||
from django.db.models import Count
|
from django.db.models import Count
|
||||||
|
|
||||||
# Create your views here.
|
# Create your views here.
|
||||||
class WorkflowViewSet(CreateUpdateModelAMixin, ModelViewSet):
|
class WorkflowViewSet(CreateUpdateModelAMixin, ModelViewSet):
|
||||||
perms_map = {'get': '*', 'post': 'workflow_create',
|
perms_map = {'get': '*', 'post': 'workflow_create',
|
||||||
|
|
Loading…
Reference in New Issue