权限

apps/account/models.py

@@ -81,6 +81,8 @@ class User(AbstractBaseUser, PermissionsMixin):
         ordering = ['-id']
         default_permissions = ()
         permissions = [
+            ('browse_user', u'查看'),
+            ('add_user', u'添加'),
         ]
 
     def __unicode__(self):

apps/account/views.py

@@ -74,6 +74,7 @@ class EmployeeViewSet(CustomModelViewSet):
     queryset = User.objects.filter(type__lte=User.AGENT)
     serializer_class = EmployeeSerializer
 
+    @permission_required('account.browse_user')
     def filter_queryset(self, queryset):
         queryset = queryset.filter()
         user = self.request.user
@@ -85,6 +86,7 @@ class EmployeeViewSet(CustomModelViewSet):
         f = UserFilter(self.request.GET, queryset=queryset)
         return f.qs
 
+    @permission_required('account.add_user')
     def perform_create(self, serializer):
         super(EmployeeViewSet, self).perform_create(serializer)
         instance = serializer.instance
@@ -92,6 +94,7 @@ class EmployeeViewSet(CustomModelViewSet):
         BizLog.objects.addnew(self.request.user, BizLog.INSERT,
                               u'添加用户[%s]，id=%d' % (instance.name, instance.id), validated_data)
 
+    @permission_required('account.add_user')
     def perform_update(self, serializer):
         super(EmployeeViewSet, self).perform_update(serializer)
         instance = serializer.instance

apps/commodity/models.py

@@ -38,6 +38,8 @@ class Commodity(models.Model):
         ordering = ['-id']
         default_permissions = ()
         permissions = [
+            ('view_commodity', u'查看'),
+            ('add_commodity', u'添加修改'),
         ]
 
 class CommodityImages(models.Model):

apps/commodity/views.py

@@ -25,11 +25,13 @@ class CommodityViewSet(CustomModelViewSet):
     queryset = Commodity.objects.filter()
     serializer_class = CommoditySerializer
 
+    @permission_required('commodity.view_commodity')
     def filter_queryset(self, queryset):
         queryset = queryset.filter(create_user=self.request.user)
         f = CommodityFilter(self.request.GET, queryset=queryset)
         return f.qs
 
+    @permission_required('commodity.add_commodity')
     def perform_create(self, serializer):
         super(CommodityViewSet, self).perform_create(serializer)
         instance = serializer.instance
@@ -37,6 +39,7 @@ class CommodityViewSet(CustomModelViewSet):
         BizLog.objects.addnew(self.request.user, BizLog.INSERT,
                               u'添加商品[%s]，id=%d' % (instance.name, instance.id), validated_data)
 
+    @permission_required('commodity.add_commodity')
     def perform_update(self, serializer):
         super(CommodityViewSet, self).perform_update(serializer)
         instance = serializer.instance
@@ -44,6 +47,7 @@ class CommodityViewSet(CustomModelViewSet):
         BizLog.objects.addnew(self.request.user, BizLog.UPDATE,
                               u'修改商品[%s]，id=%d' % (instance.name, instance.id), validated_data)
 
+    @permission_required('commodity.add_commodity')
     @action(methods=['post'], detail=True)
     def upload_image(self, request, pk):
         type = request.POST.get('type')
@@ -72,6 +76,7 @@ class CommodityViewSet(CustomModelViewSet):
         except Exception as e:
             return response_error(str(e))
 
+    @permission_required('commodity.add_commodity')
     @action(methods=['post'], detail=True)
     def upload_detail_img(self, request, pk):
         # 上传详情、参数图片
@@ -99,6 +104,7 @@ class CommodityViewSet(CustomModelViewSet):
             return response_error(str(e))
         return response_ok()
 
+    @permission_required('commodity.add_commodity')
     @action(methods=['post'], detail=True)
     def query_detail_img(self, request, pk):
         #查看 详情、参数图片

apps/option/models.py

@@ -60,6 +60,11 @@ class School(models.Model):
         verbose_name = u"学校"
         db_table = "school"
         ordering = ['-id']
+        default_permissions = ()
+        permissions = [
+            ('browse_school', u'查看'),
+            ('add_school', u'添加学校、班级'),
+        ]
 
 class Grade(models.Model):
     school = models.ForeignKey(School, verbose_name=u'学校', related_name='grade_school', on_delete=models.PROTECT)
@@ -98,6 +103,10 @@ class Student(models.Model):
         verbose_name = u"学生"
         db_table = "student"
         ordering = ['-id']
+        default_permissions = ()
+        permissions = [
+            ('browse_student', u'查看'),
+        ]
 
 class CommodityLevel(models.Model):
     ONE = 1
@@ -120,6 +129,10 @@ class CommodityLevel(models.Model):
         verbose_name = u"商品级别"
         db_table = "commodiey_level"
         ordering = ['-id']
+        default_permissions = ()
+        permissions = [
+            ('browse_commodiey_level', u'管理'),
+        ]
 
 class CommodityCategory(models.Model):
     commodiey_level = models.ForeignKey(CommodityLevel, verbose_name=u'商品级别', related_name='commodiey_level', on_delete=models.PROTECT)

apps/option/views.py

@@ -9,7 +9,7 @@ from rest_framework.views import APIView
 from apps.log.models import BizLog
 from utils import response_ok, response_error
 from utils.exceptions import CustomError
-from utils.permission import isLogin
+from utils.permission import isLogin, permission_required
 from apps.upload.models import Upload
 from django.contrib.auth import get_user_model
 
@@ -212,11 +212,13 @@ class SchoolViewSet(CustomModelViewSet):
     queryset = School.objects.filter()
     serializer_class = SchoolSerializer
 
+    @permission_required('option.browse_school')
     def filter_queryset(self, queryset):
         queryset = queryset.filter(id__in=self.request.user.get_manager_school())
         f = SchoolFilter(self.request.GET, queryset=queryset)
         return f.qs
 
+    @permission_required('option.add_school')
     def perform_create(self, serializer):
         super(SchoolViewSet, self).perform_create(serializer)
         instance = serializer.instance
@@ -224,6 +226,7 @@ class SchoolViewSet(CustomModelViewSet):
         BizLog.objects.addnew(self.request.user, BizLog.INSERT,
                               u'添加学校[%s]，id=%d' % (instance.name, instance.id), validated_data)
 
+    @permission_required('option.add_school')
     def perform_update(self, serializer):
         super(SchoolViewSet, self).perform_update(serializer)
         instance = serializer.instance
@@ -231,6 +234,7 @@ class SchoolViewSet(CustomModelViewSet):
         BizLog.objects.addnew(self.request.user, BizLog.UPDATE,
                               u'修改学校[%s]，id=%d' % (instance.name, instance.id), validated_data)
 
+    @permission_required('option.add_school')
     def destroy(self, request, *args, **kwargs):
         instance = self.get_object()
         BizLog.objects.addnew(self.request.user, BizLog.DELETE,
@@ -251,11 +255,13 @@ class GradeViewSet(CustomModelViewSet):
     queryset = Grade.objects.filter()
     serializer_class = GradeSerializer
 
+    @permission_required('option.browse_school')
     def filter_queryset(self, queryset):
         queryset = queryset.filter(school_id__in=self.request.user.get_manager_school())
         f = GradeFilter(self.request.GET, queryset=queryset)
         return f.qs
 
+    @permission_required('option.add_school')
     def perform_create(self, serializer):
         super(GradeViewSet, self).perform_create(serializer)
         instance = serializer.instance
@@ -263,6 +269,7 @@ class GradeViewSet(CustomModelViewSet):
         BizLog.objects.addnew(self.request.user, BizLog.INSERT,
                               u'添加年级[%s]，id=%d' % (instance.name, instance.id), validated_data)
 
+    @permission_required('option.add_school')
     def perform_update(self, serializer):
         super(GradeViewSet, self).perform_update(serializer)
         instance = serializer.instance
@@ -270,6 +277,7 @@ class GradeViewSet(CustomModelViewSet):
         BizLog.objects.addnew(self.request.user, BizLog.UPDATE,
                               u'修改年级[%s]，id=%d' % (instance.name, instance.id), validated_data)
 
+    @permission_required('option.add_school')
     def destroy(self, request, *args, **kwargs):
         instance = self.get_object()
         BizLog.objects.addnew(self.request.user, BizLog.DELETE,
@@ -325,11 +333,13 @@ class CategoryViewSet(CustomModelViewSet):
     queryset = CommodityLevel.objects.filter()
     serializer_class = CommodityLevelSerializer
 
+    @permission_required('option.browse_commodiey_level')
     def filter_queryset(self, queryset):
         queryset = queryset.filter()
         f = CommodityLevelFilter(self.request.GET, queryset=queryset)
         return f.qs
 
+    @permission_required('option.browse_commodiey_level')
     def perform_create(self, serializer):
         super(CategoryViewSet, self).perform_create(serializer)
         instance = serializer.instance
@@ -337,10 +347,10 @@ class CategoryViewSet(CustomModelViewSet):
         BizLog.objects.addnew(self.request.user, BizLog.INSERT,
                               u'添加商品分类[%s]，id=%d' % (instance.name, instance.id), validated_data)
 
+    @permission_required('option.browse_commodiey_level')
     def perform_update(self, serializer):
         super(CategoryViewSet, self).perform_update(serializer)
         instance = serializer.instance
         validated_data = serializer.validated_data
         BizLog.objects.addnew(self.request.user, BizLog.UPDATE,
                               u'修改商品分类[%s]，id=%d' % (instance.name, instance.id), validated_data)
-

apps/order/models.py

@@ -29,9 +29,13 @@ class Coupon(models.Model):
 
     class Meta:
         db_table = "coupon"
-        verbose_name = u"支付信息"
+        verbose_name = u"优惠券"
         ordering = ('-id',)
         default_permissions = ()
+        permissions = [
+            ('view_coupon', u'查看'),
+            ('add_coupon', u'添加修改'),
+        ]
 
 class Pay(models.Model):
     WAIT = 0
@@ -154,13 +158,11 @@ class Order(models.Model):
         default_permissions = ()
         permissions = [
             ('view_order', u'查看'),
-            ('confirm_order', u'确认订单'),
-            ('logistics_order', u'发货'),
         ]
 
     def get_no(self):
         now = timezone.now()
-        no = '%s%s%s' % ('A', self.create_user.id, now.strftime('%Y%m%d%H%M%S%f'))
+        no = '%s%s%s' % ('C', self.create_user.id, now.strftime('%Y%m%d%H%M%S%f'))
         return no
 
     @staticmethod

apps/order/views.py

@@ -13,7 +13,7 @@ from .resources import *
 from apps.log.models import BizLog
 from apps.base import Formater
 from utils import response_ok, response_error
-from utils.permission import isLogin
+from utils.permission import isLogin, permission_required
 from apps.order.models import Order
 from apps.WeChatResponse import WechatAppletPay, WeChatResponse
 from django.contrib.auth import get_user_model
@@ -202,6 +202,7 @@ class CouponViewSet(CustomModelViewSet):
     queryset = Coupon.objects.filter()
     serializer_class = CouponSerializer
 
+    @permission_required('order.view_coupon')
     def filter_queryset(self, queryset):
         queryset = queryset.filter(create_user=self.request.user)
         return queryset

uis/views/commodity/index.html

@@ -66,7 +66,7 @@
                     <!--商品-->
                     <div class="LAY-btns" style="margin-bottom: 10px;">
                         <div style="float: left">
-                            <button class="layui-btn" id="commodity_add"                                    ><i
+                            <button class="layui-btn" id="commodity_add" data-permission="commodity.add_commodity"><i
                                     class="layui-icon layui-icon-add-circle"></i>添加
                             </button>
                         </div>
@@ -87,7 +87,7 @@
 
                     <script type="text/html" id="commodity-operate-bar">
                         <div class="layui-btn-group">
-                            <a class="layui-btn layui-btn-xs" lay-event="commodity_edit"
+                            <a class="layui-btn layui-btn-xs" lay-event="commodity_edit" data-permission="commodity.add_commodity"
                             >修改</a>
                         </div>
                     </script>

uis/views/employee/index.html

@@ -27,7 +27,7 @@
                 <div class="layui-col-md12">
                     <div class="LAY-btns" style="margin-bottom: 10px;">
                         <div style="float:left; margin-right: 5px; margin-top: 5px;">
-                            <button class="layui-btn" id="btn_add">
+                            <button class="layui-btn" id="btn_add" data-permission="account.add_user">
                                 <i class="layui-icon layui-icon-add-circle"></i>添加
                             </button>
                         </div>

uis/views/index.html

@@ -76,22 +76,22 @@
                             <cite>基础数据</cite>
                         </a>
                         <dl class="layui-nav-child">
-                            <dd data-name="nav">
+                            <dd data-name="nav" data-permission="account.browse_user">
                                 <a lay-href="employee/index.html">人员管理</a>
                             </dd>
-                            <dd data-name="nav">
+                            <!--dd data-name="nav">
                                 <a lay-href="option/config.html">综合设置</a>
-                            </dd>
-                            <dd data-name="nav">
+                            </dd-->
+                            <dd data-name="nav" data-permission="option.browse_school">
                                 <a lay-href="option/school.html">学校管理</a>
                             </dd>
-                            <dd data-name="nav">
+                            <dd data-name="nav" data-permission="option.browse_student">
                                 <a lay-href="option/student.html">学生信息</a>
                             </dd>
-                            <dd data-name="nav">
+                            <dd data-name="nav" data-permission="option.browse_commodiey_level">
                                 <a lay-href="commodity/category.html">商品分类</a>
                             </dd>
-                            <dd data-name="nav">
+                            <dd data-name="nav" data-permission="commodity.view_commodity">
                                 <a lay-href="commodity/index.html">商品管理</a>
                             </dd>
                         </dl>
@@ -102,10 +102,10 @@
                             <cite>订单管理</cite>
                         </a>
                         <dl class="layui-nav-child">
-                            <dd data-name="nav">
+                            <dd data-name="nav"  data-permission="order.view_coupon">
                                 <a lay-href="order/coupon.html">优惠券管理</a>
                             </dd>
-                            <dd data-name="nav">
+                            <dd data-name="nav"  data-permission="order.view_order">
                                 <a lay-href="order/index.html">用户订单</a>
                             </dd>
                         </dl>

uis/views/option/school.html

@@ -26,7 +26,7 @@
                 <div class="layui-col-md5">
                     <div class="LAY-btns" style="margin-bottom: 10px;">
                         <div class="layui-col-xs2">
-                            <button class="layui-btn" id="school_add"><i
+                            <button class="layui-btn" id="school_add" data-permission="option.add_school"><i
                                     class="layui-icon layui-icon-add-circle"></i>添加学校
                             </button>
                         </div>
@@ -47,7 +47,7 @@
 
                     <script type="text/html" id="school-operate-bar">
                         <div class="layui-btn-group">
-                            <a class="layui-btn layui-btn-xs" lay-event="school_edit"
+                            <a class="layui-btn layui-btn-xs" lay-event="school_edit" data-permission="option.add_school"
                             >修改</a>
                         </div>
                     </script>
@@ -56,7 +56,7 @@
                 <div class="layui-col-md7">
                     <div class="LAY-btns" style="margin-bottom: 10px;">
                         <div class="layui-col-xs2">
-                            <button class="layui-btn" id="grade_add"><i
+                            <button class="layui-btn" id="grade_add" data-permission="option.add_school"><i
                                     class="layui-icon layui-icon-add-circle"></i>添加年级
                             </button>
                         </div>
@@ -83,7 +83,7 @@
 
                     <script type="text/html" id="grade-operate-bar">
                         <div class="layui-btn-group">
-                            <a class="layui-btn layui-btn-xs" lay-event="grade_edit"
+                            <a class="layui-btn layui-btn-xs" lay-event="grade_edit" data-permission="option.add_school"
                             >修改</a>
                         </div>
                     </script>

uis/views/option/student.html

@@ -57,12 +57,6 @@
             <div class="layui-row layui-col-space15">
                 <div class="layui-col-md12">
                     <table class="layui-hide" id="datagrid" lay-filter="datagrid-operate"></table>
-                    <script type="text/html" id="student-operate-bar">
-                        <div class="layui-btn-group">
-                            <a class="layui-btn layui-btn-xs" lay-event="student_edit"
-                            >修改</a>
-                        </div>
-                    </script>
                 </div>
             </div>
         </div>

uis/views/order/coupon.html

@@ -27,7 +27,7 @@
                 <div class="layui-col-md12">
                     <div class="LAY-btns" style="margin-bottom: 10px;">
                         <div style="float:left; margin-right: 5px; margin-top: 5px;">
-                            <button class="layui-btn" id="btn_add">
+                            <button class="layui-btn" id="btn_add"  data-permission="order.add_coupon">
                                 <i class="layui-icon layui-icon-add-circle"></i>添加
                             </button>
                         </div>
@@ -38,8 +38,8 @@
 
                     <script type="text/html" id="datagrid-operate-bar">
                         <div class="layui-btn-group">
-                            <a class="layui-btn layui-btn-xs" lay-event="edit"
-                               data-permission="account.add_user">修改</a>
+                            <a class="layui-btn layui-btn-xs" lay-event="edit"  data-permission="order.add_coupon"
+                               >修改</a>
                         </div>
                     </script>
                 </div>