权限校验逻辑

2022-02-25 17:00:35 +08:00 · 2022-02-25 17:00:35 +08:00 · e44a3d7e4b
parent bd904eaa73
commit e44a3d7e4b
1 changed files with 13 additions and 14 deletions
--- a/hb_server/apps/system/permission.py
+++ b/hb_server/apps/system/permission.py
@ -8,6 +8,7 @@ def get_permission_list(user):
    """
    获取权限列表,可用redis存取
    """
+    perms_list = ['visitor']
    if user.is_superuser:
        perms_list = ['admin']
    else:
@ -43,21 +44,19 @@ class RbacPermission(BasePermission):
            perms = cache.get(request.user.username + '__perms')
        if not perms:
            perms = get_permission_list(request.user)
-        if perms:
-            if 'admin' in perms:
-                return True
-            elif not hasattr(view, 'perms_map'):
-                return True
-            else:
-                perms_map = view.perms_map
-                _method = request._request.method.lower()
-                if perms_map:
-                    for key in perms_map:
-                        if key == _method or key == '*':
-                            if perms_map[key] in perms or perms_map[key] == '*':
-                                return True
-                return False
+
+        if 'admin' in perms:
+            return True
+        elif not hasattr(view, 'perms_map'):
+            return True
        else:
+            perms_map = view.perms_map
+            _method = request._request.method.lower()
+            if perms_map:
+                for key in perms_map:
+                    if key == _method or key == '*':
+                        if perms_map[key] in perms or perms_map[key] == '*':
+                            return True
            return False
    
    def has_object_permission(self, request, view, obj):