def get(self, request, *args, **kwargs):
"""Return the list of roles / permissions available to the current user"""
user = request.user
roles = {}
for ruleset in RuleSet.RULESET_CHOICES:
role, text = ruleset
permissions = []
for permission in RuleSet.RULESET_PERMISSIONS:
if check_user_role(user, role, permission):
permissions.append(permission)
if len(permissions) > 0:
roles[role] = permissions
else:
roles[role] = None # pragma: no cover
data = {
'user': user.pk,
'username': user.username,
'roles': roles,
'is_staff': user.is_staff,
'is_superuser': user.is_superuser,
}
return Response(data)
def get(self, request, *args, **kwargs):
user = request.user
roles = {}
for ruleset in RuleSet.RULESET_CHOICES:
role, text = ruleset
permissions = []
for permission in RuleSet.RULESET_PERMISSIONS:
if check_user_role(user, role, permission):
permissions.append(permission)
if len(permissions) > 0:
roles[role] = permissions
else:
roles[role] = None
data = {
'user': user.pk,
'username': user.username,
'roles': roles,
'is_staff': user.is_staff,
'is_superuser': user.is_superuser,
}
return Response(data)
def update(self, request, *args, **kwargs):
'''
修改用户权限点
:param request.data:
[
"users.add_user",
"users.change_user",
"users.delete_user"
]
'''
permissions = []
user = self.get_object()
# 设置权限范围不能大于自己所拥有的权限
# 设置权限对象不能是自己
if (not user.is_superuser and not \
set(request.data).issubset(request.user.get_all_permissions())) \
or user == request.user:
return Response({'detail': '权限拒绝'},
status=status.HTTP_403_FORBIDDEN)
try:
for permission_node in request.data:
permission_node = permission_node.split('.', 1)
permission = Permission.objects.get(
content_type__app_label=permission_node[0],
codename=permission_node[1])
permissions.append(permission)
user.user_permissions.set(permissions)
except Exception as e:
logger.error(e)
return Response({'detail': str(e)},
status=status.HTTP_400_BAD_REQUEST)
return Response({'detail': '设置权限成功'},
status=status.HTTP_204_NO_CONTENT)
def get(self, request, *args, **kwargs):
token = {"token": ""}
token["token"] = request.META.get('HTTP_AUTHENTICATION').split("Token ")[1]
valid_data = VerifyJSONWebTokenSerializer().validate(token)
user = valid_data['user']
if not user:
return APIResponse(http_status=400, status=status.HTTP_400_BAD_REQUEST)
user_role = repr(user.role)
if user_role == 'customer_admin':
roles = ['org_user', 'org_admin']
users = User.objects.filter(creator__id=user.id)
elif user_role == 'org_admin':
roles = ['org_user']
users = User.objects.filter(role__uid__in=roles)
else:
roles = []
users = []
permissions = []
for user in users:
permissions.append(user.get_permission_list())
# info = {"data": USER_MANAGE_ROLES}
info = {"data": permissions}
pprint.pprint(info['data'])
return Response({"code": 200, "result": info, "pageSize": 50,
"pageNo": 0,
"totalPage": 1,
"totalCount": len(permissions)})
def update(self, request, *args, **kwargs):
'''
:param request.data:
[
"users.add_user",
"users.change_user",
"users.delete_user"
]
'''
group = self.get_object()
permissions = []
try:
for permission_node in request.data:
permission_node = permission_node.split('.', 1)
permission = Permission.objects.get(
content_type__app_label=permission_node[0],
codename=permission_node[1])
permissions.append(permission)
group.permissions.set(permissions)
except Exception as e:
logger.error(e)
return Response({'detail': str(e)},
status=status.HTTP_400_BAD_REQUEST)
return Response({'detail': '设置权限成功'},
status=status.HTTP_204_NO_CONTENT)
def get_permissions(self):
permissions = []
if self.action == ['update', 'create', 'destroy']:
permissions.append(IsActiveAndAdmin)
return permissions
def has_permission(self, request, view):
permission = self.get_permissions(view.layer, request.user)
permissions = []
if permission['view']:
permissions.append('get')
permissions.append('options')
if permission['add']:
permissions.append('post')
if permission['update']:
permissions.append('put')
permissions.append('patch')
if permission['delete']:
permissions.append('delete')
if request.method.lower() in permissions:
return True
else:
return False