diff --git a/EduSystemServer/API/utils.py b/EduSystemServer/API/utils.py deleted file mode 100644 index 2f6a929..0000000 --- a/EduSystemServer/API/utils.py +++ /dev/null @@ -1,16 +0,0 @@ - - -def jwt_response_payload_handler(token, user=None, request=None, role=None): - - if user.username: - name = user.username - else: - name = user.username - return { - "authenticated": True, - 'id': user.id, - "role": role, - 'name': name, - 'username': user.username, - 'token': token, - } \ No newline at end of file diff --git a/EduSystemServer/EduSystemServer/utils.py b/EduSystemServer/EduSystemServer/utils.py index ac1584e..558caa6 100644 --- a/EduSystemServer/EduSystemServer/utils.py +++ b/EduSystemServer/EduSystemServer/utils.py @@ -2,41 +2,19 @@ from functools import wraps from django.http import HttpResponseForbidden, JsonResponse -def student_required(view_func): +def permission(allowed_roles): """ - 装饰器:用于权限控制 + 装饰器:权限控制 """ - @wraps(view_func) - def _wrapped_view(request, *args, **kwargs): - if request.jwt_payload.get("type") == 'student': - return view_func(request, *args, **kwargs) - else: - return JsonResponse(ResponseUtil.error("你没有该权限进行操作!")) - return _wrapped_view - -def teacher_required(view_func): - """ - 装饰器:用于权限控制 - """ - @wraps(view_func) - def _wrapped_view(request, *args, **kwargs): - if request.jwt_payload.get("type") == 'teacher': - return view_func(request, *args, **kwargs) - else: - return JsonResponse(ResponseUtil.error("你没有该权限进行操作!")) - return _wrapped_view - -def admin_required(view_func): - """ - 装饰器:用于权限控制 - """ - @wraps(view_func) - def _wrapped_view(request, *args, **kwargs): - if request.jwt_payload.get("type") == 'admin': - return view_func(request, *args, **kwargs) - else: - return JsonResponse(ResponseUtil.error("你没有该权限进行操作!")) - return _wrapped_view + def decorator(view_func): + @wraps(view_func) + def _wrapped_view(request, *args, **kwargs): + if request.jwt_payload.get("type") in allowed_roles: + return view_func(request, *args, **kwargs) + else: + return JsonResponse(ResponseUtil.error("你没有权限访问该接口!")) + return _wrapped_view + return decorator class ResponseUtil: @staticmethod diff --git a/EduSystemServer/Student/views.py b/EduSystemServer/Student/views.py index 41704cc..f955e9f 100644 --- a/EduSystemServer/Student/views.py +++ b/EduSystemServer/Student/views.py @@ -120,8 +120,7 @@ def studnets(request): @csrf_exempt -@teacher_required -@admin_required +@permission(allowed_roles=["admin", "teacher"]) def add_student(request): if not request.method == "POST": return JsonResponse(ResponseUtil.error("request method error!")) @@ -142,8 +141,7 @@ def add_student(request): return JsonResponse(result) @csrf_exempt -@teacher_required -@admin_required +@permission(allowed_roles=["admin", "teacher"]) def search_student(request): currentPage = request.GET.get("currentPage") pageSize = request.GET.get("pageSize") @@ -173,8 +171,7 @@ def search_student(request): @csrf_exempt -@teacher_required -@admin_required +@permission(allowed_roles=["admin", "teacher"]) def del_student(request): if not request.method == "GET": return JsonResponse(ResponseUtil.error("request method error!")) @@ -189,7 +186,7 @@ def del_student(request): @csrf_exempt -@student_required +@permission(allowed_roles=["admin", "student", "teacher"]) def select_course(request): if not request.method == "POST": return JsonResponse(ResponseUtil.error("request method error!")) @@ -212,7 +209,7 @@ def select_course(request): return JsonResponse(ResponseUtil.error(str(E))) -@student_required +@permission(allowed_roles=["student"]) def get_grade(request): """ 获取学生成绩 diff --git a/EduSystemServer/course/views.py b/EduSystemServer/course/views.py index 9200258..d0c0d62 100644 --- a/EduSystemServer/course/views.py +++ b/EduSystemServer/course/views.py @@ -107,7 +107,7 @@ def search_course(request): result["pageNum"] = paginator.num_pages return JsonResponse(result) - +@permission(allowed_roles=["student"]) def get_course_by_student_id(request): """ 通过学生ID获取学生的选课 @@ -141,8 +141,7 @@ def delete_select_course(request): return JsonResponse(ResponseUtil.error(E)) @csrf_exempt -@teacher_required -@admin_required +@permission(allowed_roles=["teacher", "admin"]) def get_student_select_course(request): """ 获取所有学生的所有选课 @@ -185,8 +184,7 @@ def get_student_select_course(request): result["pageNum"] = paginator.num_pages return JsonResponse(result) -@teacher_required -@admin_required +@permission(allowed_roles=["teacher", "admin"]) @csrf_exempt def edit_grade(request): """