def PermList(self): # 验证 token = self.Post('token') msg = AdminToken.Verify(token, '') if msg != '': return self.GetJSON({'code': 4001, 'msg': msg}) # 参数 perm = self.Post('perm') # 全部菜单 self.__menus = {} model = SysMenu() model.Columns('id', 'fid', 'title', 'url', 'ico', 'controller', 'action') model.Order('sort DESC, id') data = model.Find() for val in data: fid = str(val['fid']) if fid in self.__menus: self.__menus[fid] += [val] else: self.__menus[fid] = [val] # 用户权限 self.__permAll = self.__permArr(perm) # 返回 return self.GetJSON({ 'code': 0, 'msg': '成功', 'list': self._getMenu('0') })
def Perm(self): # 验证 token = self.Post('token') msg = AdminToken.Verify(token, request.path) if msg != '': return self.GetJSON({'code': 4001, 'msg': msg}) # 参数 id = self.Post('id') data = self.Post('data') if not id or not data: return self.GetJSON({'code': 4000, 'msg': '参数错误!'}) # 执行 m = SysMenu() m.Set({'action': data}) m.Where('id=%s', id) if m.Update(): return self.GetJSON({'code': 0, 'msg': '成功'}) else: return self.GetJSON({'code': 5000, 'msg': '更新失败!'})
def Del(self): # 验证 token = self.Post('token') msg = AdminToken.Verify(token, request.path) if msg != '': return self.GetJSON({'code': 4001, 'msg': msg}) # 参数 data = self.Post('data') if not data: return self.GetJSON({'code': 4000, 'msg': '参数错误!'}) param = Util.JsonDecode(data) ids = Util.Implode(',', param) # 执行 m = SysMenu() m.Where('id in(' + ids + ')') if m.Delete(): return self.GetJSON({'code': 0, 'msg': '成功'}) else: return self.GetJSON({'code': 5000, 'msg': '删除失败!'})
def List(self): # 验证 token = self.Post('token') msg = AdminToken.Verify(token, request.path) if msg != '': return self.GetJSON({'code': 4001, 'msg': msg}) # 参数 data = self.Post('data') page = self.Post('page') limit = self.Post('limit') if not data or not page or not limit: return self.GetJSON({'code': 4000, 'msg': '参数错误!'}) param = Util.JsonDecode(data) fid = Util.Trim(param['fid']) if 'fid' in param.keys() else '' title = Util.Trim(param['title']) if 'title' in param.keys() else '' url = Util.Trim(param['url']) if 'url' in param.keys() else '' # 统计 m = SysMenu() m.Columns('count(*) AS num') m.Where('fid like %s AND title like %s AND url like %s', '%' + fid + '%', '%' + title + '%', '%' + url + '%') total = m.FindFirst() # 查询 m.Columns('id', 'fid', 'title', 'ico', 'FROM_UNIXTIME(ctime, %s) as ctime', 'FROM_UNIXTIME(utime, %s) as utime', 'sort', 'url', 'controller', 'action') m.Where('fid like %s AND title like %s AND url like %s', '%Y-%m-%d %H:%i:%s', '%Y-%m-%d %H:%i:%s', '%' + fid + '%', '%' + title + '%', '%' + url + '%') m.Order('sort DESC', 'fid') m.Page(int(page), int(limit)) list = m.Find() # 数据 for val in list: val['action'] = Util.JsonDecode( val['action']) if str(val['action']) != '' else '' # 返回 return self.GetJSON({ 'code': 0, 'msg': '成功', 'list': list, 'total': total['num'] })
def Verify(token: str, urlPerm: str): # Token if token=='' : return 'Token不能为空!' tData = Safety.Decode(token) if not tData : return 'Token验证失败!' # 是否过期 uid = str(tData['uid']) redis = Redis() time = redis.Ttl(Env.admin_token_prefix+'_token_'+uid) redis.Close() if time <1 : return 'Token已过期!' # 续期 if Env.admin_token_auto : redis = Redis() redis.Expire(Env.admin_token_prefix+'_token_'+uid, Env.admin_token_time) redis.Expire(Env.admin_token_prefix+'_perm_'+uid, Env.admin_token_time) redis.Close() # URL权限 if urlPerm=='' : return '' arr = Util.Explode('/', urlPerm) action = arr[-1:][0] controller = Util.Implode('/', arr[:-1]) # 菜单 menu = SysMenu() menu.Columns('id', 'action') menu.Where('controller=%s', controller) menuData = menu.FindFirst() if not menuData : return '菜单验证无效!' # 验证-菜单 id = str(menuData['id']) permData = AdminToken.Perm(token) if id not in permData.keys() : return '无权访问菜单!' # 验证-动作 actionVal = permData[id] permArr = Util.JsonDecode(menuData['action']) permVal = 0 for val in permArr : if action==val['action'] : permVal = int(val['perm']) break if actionVal&permVal==0 : return '无权访问动作!' return ''
def Edit(self): # 验证 token = self.Post('token') msg = AdminToken.Verify(token, request.path) if msg != '': return self.GetJSON({'code': 4001, 'msg': msg}) # 参数 id = self.Post('id') data = self.Post('data') if not id or not data: return self.GetJSON({'code': 4000, 'msg': '参数错误!'}) param = Util.JsonDecode(data) title = Util.Trim(param['title']) if 'title' in param.keys() else '' if title == '': return self.GetJSON({'code': 4000, 'msg': '名称不能为空!'}) # 数据 m = SysMenu() m.Set({ 'fid': Util.Trim(param['fid']) if 'fid' in param.keys() else 0, 'title': title, 'url': Util.Trim(param['url']) if 'url' in param.keys() else '', 'ico': Util.Trim(param['ico']) if 'ico' in param.keys() else '', 'sort': Util.Trim(param['sort']) if 'sort' in param.keys() else 0, 'controller': Util.Trim(param['controller']) if 'controller' in param.keys() else '', 'utime': Util.Time(), }) m.Where('id=%s', id) if m.Update(): return self.GetJSON({'code': 0, 'msg': '成功'}) else: return self.GetJSON({'code': 5000, 'msg': '更新失败!'})
def Add(self): # 验证 token = self.Post('token') msg = AdminToken.Verify(token, request.path) if msg != '': return self.GetJSON({'code': 4001, 'msg': msg}) # 参数 data = self.Post('data') if not data: return self.GetJSON({'code': 4000, 'msg': '参数错误!'}) param = Util.JsonDecode(data) title = Util.Trim(param['title']) if 'title' in param.keys() else '' if title == '': return self.GetJSON({'code': 4000, 'msg': '名称不能为空!'}) # 数据 m = SysMenu() m.Values({ 'fid': Util.Trim(param['fid']) if 'fid' in param.keys() else 0, 'title': title, 'url': Util.Trim(param['url']) if 'url' in param.keys() else '', 'ico': Util.Trim(param['ico']) if 'ico' in param.keys() else '', 'sort': Util.Trim(param['sort']) if 'sort' in param.keys() else 0, 'controller': Util.Trim(param['controller']) if 'controller' in param.keys() else '', 'ctime': Util.Time(), }) if m.Insert(): return self.GetJSON({'code': 0, 'msg': '成功'}) else: return self.GetJSON({'code': 5000, 'msg': '添加失败!'})