def is_user_root(user_id): """ 查看一个user是否root用户 :param user_id: :return: """ user = UserModelDao.find_by_user_id(user_id) if not (user and user.group_id == 3): return False return True
def get_user_name_from_id(user_id): """ 由id得name :param user_id: :return: """ user = UserModelDao.find_by_user_id(user_id) if not (user and user.user_name): return None return user.user_name
def _handle(*k, **v): token = request.headers.get('token') user_id = dao.get_user_id_from_token(token) user = UserModelDao.find_by_user_id(user_id) if not (user and user.group_id): # 不存在 return json.dumps(response[20201]) url = request.path print(url) if not GroupPowerModelDao.check_group_permission(user.group_id, url): return json.dumps(response[20203]) # 无权限 return func(*k, **v)
def check_user_able_access_url(user_id, url): """ 判断用户是否可以访问某url :param user_id: 用户id :param url: api地址 :return: """ # 检查用户所属用户组 user = UserModelDao.find_by_user_id(user_id) if not (user and user.group_id): return False # # 检查用户组是否存在 # if not UserGroupModelDao.find_by_id(user.group_id): # return False # 检查权限 return GroupPowerModelDao.check_group_permission(user.group_id, url)