权限

apps/account/views.py

@@ -6,7 +6,7 @@ from rest_framework.decorators import action
 from django.db import transaction
 from rest_framework.views import APIView
 from rest_framework.serializers import ValidationError
-from utils.permission import permission_required, isLogin
+from utils.permission import permission_required, isLogin, check_permission
 from django.contrib.auth.models import Group, Permission
 from rest_framework_jwt.views import ObtainJSONWebToken,VerifyJSONWebToken,RefreshJSONWebToken
 from utils import response_error, response_ok
@@ -83,9 +83,9 @@ class EmployeeViewSet(CustomModelViewSet):
                               u'删除账号[%s]，id=%d' % (instance.username, instance.id))
         super(EmployeeViewSet, self).perform_destroy(instance)
 
-    # @permission_required('account.check_user')
     @action(methods=['post'], detail=True)
     def join(self, request, pk):
+        check_permission(request, 'account.check_user')
         try:
             with transaction.atomic():
                 instance = self.get_object()

apps/customer/serializers.py

@@ -27,7 +27,7 @@ class ReportCustomerSerializer(serializers.ModelSerializer):
         store = self.context['request'].user.store
         if not store:
             raise CustomError('当前账号未绑定门店，禁止报备客户！')
-
+        validated_data['store'] = store
         instance = super(ReportCustomerSerializer, self).create(validated_data)
         projects = self.initial_data['project']
         if projects:

apps/customer/views.py

@@ -3,7 +3,7 @@ from rest_framework.views import APIView
 from django.db.models import Q
 from django.utils import timezone
 from rest_framework.decorators import action
-from utils.permission import isLogin, permission_required
+from utils.permission import isLogin, permission_required, check_permission
 from utils.custom_modelviewset import CustomModelViewSet
 from utils import response_ok, response_error
 from utils.exceptions import CustomError
@@ -51,9 +51,9 @@ class ReportCustomerViewSet(CustomModelViewSet):
                               u'删除客户报备[%s]，id=%d' % (instance.name, instance.id))
         super(ReportCustomerViewSet, self).perform_destroy(instance)
 
-    # @permission_required('customer.check_report_customer')
     @action(methods=['post'], detail=True)
     def dispatch_customer(self, request, pk):
+        check_permission(request, 'customer.check_report_customer')
         # 审核
         # TODO 创建潜客跟踪表
         user = request.POST.get('user')

uis/views/new_customer/edit.html

@@ -41,7 +41,7 @@
                         <div>
                             <label class="layui-form-label"><font color='red' size="4">*</font>性别：</label>
                             <div class="layui-input-block">
-                                <input type="radio" name="gender" value="2" title="男">
+                                <input type="radio" name="gender" value="2" title="男" checked>
                                 <input type="radio" name="gender" value="1" title="女">
                             </div>
                         </div>

utils/permission.py

@@ -11,6 +11,20 @@ class isLogin(permissions.BasePermission):
             return False
         return True
 
+def check_permission(request, perm):
+    if not request.user or not request.user.is_authenticated:
+        raise CustomError(u"身份认证失败，请重新登录！")
+    from django.contrib.auth.models import Permission
+    ps = perm.split('.')
+    if request.user.has_perm(perm):
+        return True
+    else:
+        try:
+            p = Permission.objects.get(codename=ps[1], content_type__app_label=ps[0])
+        except:
+            raise CustomError(u"权限配置错误！")
+        raise CustomError(u"您没有[%s--%s]权限，无法执行该操作，请联系管理员分配权限！" % (p.content_type.name, p.name))
+
 decorator_with_arguments = lambda decorator: lambda *args, **kwargs: lambda func: decorator(func, *args, **kwargs)
 
 @decorator_with_arguments