update code

1 year ago · ce596c8c3f
parent 311eb3243f
commit ce596c8c3f
4 changed files with 19 additions and 62 deletions
--- a/EduSystemServer/API/utils.py
+++ b/EduSystemServer/API/utils.py
@ -1,16 +0,0 @@
-
-
-def jwt_response_payload_handler(token, user=None, request=None, role=None):
-
-    if user.username:
-        name = user.username
-    else:
-        name = user.username
-    return {
-        "authenticated": True,
-        'id': user.id,
-        "role": role,
-        'name': name,
-        'username': user.username,
-        'token': token,
-    }
--- a/EduSystemServer/EduSystemServer/utils.py
+++ b/EduSystemServer/EduSystemServer/utils.py
@ -2,41 +2,19 @@ from functools import wraps
 from django.http import HttpResponseForbidden, JsonResponse


-def student_required(view_func):
+def permission(allowed_roles):
    """
-    装饰器：用于权限控制
+    装饰器：权限控制
    """
-    @wraps(view_func)
-    def _wrapped_view(request, *args, **kwargs):
-        if request.jwt_payload.get("type") == 'student':
-            return view_func(request, *args, **kwargs)
-        else:
-            return JsonResponse(ResponseUtil.error("你没有该权限进行操作！"))
-    return _wrapped_view
-
-def teacher_required(view_func):
-    """
-    装饰器：用于权限控制
-    """
-    @wraps(view_func)
-    def _wrapped_view(request, *args, **kwargs):
-        if request.jwt_payload.get("type") ==  'teacher':
-            return view_func(request, *args, **kwargs)
-        else:
-            return JsonResponse(ResponseUtil.error("你没有该权限进行操作！"))
-    return _wrapped_view
-
-def admin_required(view_func):
-    """
-    装饰器：用于权限控制
-    """
-    @wraps(view_func)
-    def _wrapped_view(request, *args, **kwargs):
-        if request.jwt_payload.get("type") == 'admin':
-            return view_func(request, *args, **kwargs)
-        else:
-            return JsonResponse(ResponseUtil.error("你没有该权限进行操作！"))
-    return _wrapped_view
+    def decorator(view_func):
+        @wraps(view_func)
+        def _wrapped_view(request, *args, **kwargs):
+            if request.jwt_payload.get("type") in allowed_roles:
+                return view_func(request, *args, **kwargs)
+            else:
+                return JsonResponse(ResponseUtil.error("你没有权限访问该接口！"))
+        return _wrapped_view
+    return decorator

 class ResponseUtil:
    @staticmethod
--- a/EduSystemServer/Student/views.py
+++ b/EduSystemServer/Student/views.py
@ -120,8 +120,7 @@ def studnets(request):


@csrf_exempt
-@teacher_required
-@admin_required
+@permission(allowed_roles=["admin", "teacher"])
 def add_student(request):
    if not request.method == "POST":
        return JsonResponse(ResponseUtil.error("request method error!"))
@ -142,8 +141,7 @@ def add_student(request):
    return JsonResponse(result)

@csrf_exempt
-@teacher_required
-@admin_required
+@permission(allowed_roles=["admin", "teacher"])
 def search_student(request):
    currentPage = request.GET.get("currentPage")
    pageSize = request.GET.get("pageSize")
@ -173,8 +171,7 @@ def search_student(request):


@csrf_exempt
-@teacher_required
-@admin_required
+@permission(allowed_roles=["admin", "teacher"])
 def del_student(request):
    if not request.method == "GET":
        return JsonResponse(ResponseUtil.error("request method error!"))
@ -189,7 +186,7 @@ def del_student(request):


@csrf_exempt
-@student_required
+@permission(allowed_roles=["admin", "student", "teacher"])
 def select_course(request):
    if not request.method == "POST":
        return JsonResponse(ResponseUtil.error("request method error!"))
@ -212,7 +209,7 @@ def select_course(request):
        return JsonResponse(ResponseUtil.error(str(E)))


-@student_required
+@permission(allowed_roles=["student"])
 def get_grade(request):
    """
    获取学生成绩
--- a/EduSystemServer/course/views.py
+++ b/EduSystemServer/course/views.py
@ -107,7 +107,7 @@ def search_course(request):
    result["pageNum"] = paginator.num_pages
    return JsonResponse(result)

-
+@permission(allowed_roles=["student"])
 def get_course_by_student_id(request):
    """
    通过学生ID获取学生的选课
@ -141,8 +141,7 @@ def delete_select_course(request):
        return JsonResponse(ResponseUtil.error(E))

@csrf_exempt
-@teacher_required
-@admin_required
+@permission(allowed_roles=["teacher", "admin"])
 def get_student_select_course(request):
    """
    获取所有学生的所有选课
@ -185,8 +184,7 @@ def get_student_select_course(request):
    result["pageNum"] = paginator.num_pages
    return JsonResponse(result)

-@teacher_required
-@admin_required
+@permission(allowed_roles=["teacher", "admin"])
@csrf_exempt
 def edit_grade(request):
    """