| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758 |
- # coding=utf-8
- from rest_framework import permissions
- from utils.exceptions import CustomError
- class isLogin(permissions.BasePermission):
- def has_permission(self, request, view):
- if not request.user or not request.user.is_authenticated:
- return False
- return True
- def check_permission(request, perm):
- if not request.user or not request.user.is_authenticated:
- raise CustomError(u"身份认证失败,请重新登录!")
- from django.contrib.auth.models import Permission
- ps = perm.split('.')
- if request.user.has_perm(perm):
- return True
- else:
- try:
- p = Permission.objects.get(codename=ps[1], content_type__app_label=ps[0])
- except:
- raise CustomError(u"权限配置错误!")
- raise CustomError(u"您没有[%s--%s]权限,无法执行该操作,请联系管理员分配权限!" % (p.content_type.name, p.name))
- decorator_with_arguments = lambda decorator: lambda *args, **kwargs: lambda func: decorator(func, *args, **kwargs)
- @decorator_with_arguments
- def permission_required(function, perm):
- def _function(viewset, *args, **kwargs):
- # user_id = viewset.request.META.get('HTTP_USER_ID')
- # token = viewset.request.META.get('HTTP_Authorization')
- # if user_id and token:
- # try:
- # user = User.objects.get(pk=user_id)
- # except:
- # return ForbiddenJSONResponse()
- # valid = token_generator.check_token(user, token)
- # if valid:
- # request.user = user
- # viewset.request.user = user
- # else:
- # return ForbiddenJSONResponse()
- if viewset.request.user.has_perm(perm):
- return function(viewset, *args, **kwargs)
- else:
- from django.contrib.auth.models import Permission
- ps = perm.split('.')
- try:
- p = Permission.objects.get(codename=ps[1], content_type__app_label=ps[0])
- except:
- raise CustomError(u"权限配置错误!")
- raise CustomError(u"您没有[%s-%s]权限,无法执行该操作,请联系管理员分配权限!" % (p.content_type.name, p.name))
- return _function
|
