1.完成新版接口授权

2023-10-29 00:33:07 +08:00
parent b7b589176a
commit 10b159aa15
16 changed files with 402 additions and 312 deletions
--- a/backend/dvadmin/utils/permission.py
+++ b/backend/dvadmin/utils/permission.py
@@ -12,7 +12,7 @@ from django.contrib.auth.models import AnonymousUser
 from django.db.models import F
 from rest_framework.permissions import BasePermission

-from dvadmin.system.models import ApiWhiteList, RoleMenuButtonPermission
+from dvadmin.system.models import ApiWhiteList, RoleApiPermission


 def ValidationApi(reqApi, validApi):
@@ -74,18 +74,18 @@ class CustomPermission(BasePermission):
            methodList = ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'PATCH']
            method = methodList.index(method)
            # ***接口白名单***
-            api_white_list = ApiWhiteList.objects.values(permission__api=F('url'), permission__method=F('method'))
+            api_white_list = ApiWhiteList.objects.values('method',api=F('url'))
            api_white_list = [
-                str(item.get('permission__api').replace('{id}', '([a-zA-Z0-9-]+)')) + ":" + str(
-                    item.get('permission__method')) + '$' for item in api_white_list if item.get('permission__api')]
+                str(item.get('api').replace('{id}', '([a-zA-Z0-9-]+)')) + ":" + str(
+                    item.get('method')) + '$' for item in api_white_list if item.get('api')]
            # ********#
            if not hasattr(request.user, "role"):
                return False
            role_id_list = request.user.role.values_list('id',flat=True)
-            userApiList = RoleMenuButtonPermission.objects.filter(role__in=role_id_list).values(permission__api=F('menu_button__api'), permission__method=F('menu_button__method'))  # 获取当前用户的角色拥有的所有接口
+            userApiList = RoleApiPermission.objects.filter(role__in=role_id_list).values('api','method')  # 获取当前用户的角色拥有的所有接口
            ApiList = [
-                str(item.get('permission__api').replace('{id}', '([a-zA-Z0-9-]+)')) + ":" + str(
-                    item.get('permission__method')) + '$' for item in userApiList if item.get('permission__api')]
+                str(item.get('api').replace('{id}', '([a-zA-Z0-9-]+)')) + ":" + str(
+                    item.get('method')) + '$' for item in userApiList if item.get('api')]
            new_api_ist = api_white_list + ApiList
            new_api = api + ":" + str(method)
            for item in new_api_ist: