zcdsj
/
hberp
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

权限校验逻辑

This commit is contained in:
caoqianming 2022-02-25 17:00:35 +08:00
parent bd904eaa73
commit e44a3d7e4b
1 changed files with 13 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
hb_server/apps/system/permission.py
View File

@ -8,6 +8,7 @@ def get_permission_list(user):
""" """
获取权限列表,可用redis存取 获取权限列表,可用redis存取
""" """
perms_list = ['visitor']
if user.is_superuser: if user.is_superuser:
perms_list = ['admin'] perms_list = ['admin']
else: else:
@ -43,21 +44,19 @@ class RbacPermission(BasePermission):
perms = cache.get(request.user.username + '__perms') perms = cache.get(request.user.username + '__perms')
if not perms: if not perms:
perms = get_permission_list(request.user) perms = get_permission_list(request.user)
if perms:
if 'admin' in perms: if 'admin' in perms:
return True return True
elif not hasattr(view, 'perms_map'): elif not hasattr(view, 'perms_map'):
return True return True
else:
perms_map = view.perms_map
_method = request._request.method.lower()
if perms_map:
for key in perms_map:
if key == _method or key == '*':
if perms_map[key] in perms or perms_map[key] == '*':
return True
return False
else: else:
perms_map = view.perms_map
_method = request._request.method.lower()
if perms_map:
for key in perms_map:
if key == _method or key == '*':
if perms_map[key] in perms or perms_map[key] == '*':
return True
return False return False
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):