def Del(self):
# 验证
token = self.Post('token')
msg = AdminToken.Verify(token, request.path)
if msg != '': return self.GetJSON({'code': 4001, 'msg': msg})
# 参数
data = self.Post('data')
if not data:
return self.GetJSON({'code': 4000, 'msg': '参数错误!'})
param = Util.JsonDecode(data)
ids = Util.Implode(',', param)
# 执行
m = ApiMenu()
m.Where('id in(' + ids + ')')
if m.Delete():
return self.GetJSON({'code': 0, 'msg': '成功'})
else:
return self.GetJSON({'code': 5000, 'msg': '删除失败!'})
def Verify(token: str, urlPerm: str):
# Token
if token == '': return 'Token不能为空!'
tData = Safety.Decode(token)
if not tData: return 'Token验证失败!'
# 是否过期
uid = str(tData['uid'])
redis = Redis()
time = redis.Ttl(Env.api_token_prefix + '_token_' + uid)
redis.Close()
if time < 1: return 'Token已过期!'
# 续期
if Env.api_token_auto:
redis = Redis()
redis.Expire(Env.api_token_prefix + '_token_' + uid,
Env.api_token_time)
redis.Expire(Env.api_token_prefix + '_perm_' + uid,
Env.api_token_time)
redis.Close()
# URL权限
if urlPerm == '': return ''
arr = Util.Explode('/', urlPerm)
action = arr[-1:][0]
controller = Util.Implode('/', arr[:-1])
# 菜单
menu = ApiMenu()
menu.Columns('id', 'action')
menu.Where('controller=%s', controller)
menuData = menu.FindFirst()
if not menuData: return '菜单验证无效!'
# 验证-菜单
id = str(menuData['id'])
permData = ApiToken.Perm(token)
if id not in permData.keys(): return '无权访问菜单!'
# 验证-动作
actionVal = permData[id]
permArr = Util.JsonDecode(menuData['action'])
permVal = 0
for val in permArr:
if action == val['action']:
permVal = int(val['perm'])
break
if actionVal & permVal == 0: return '无权访问动作!'
return ''