update code

master
bettleChen 1 year ago
parent 311eb3243f
commit ce596c8c3f

@ -1,16 +0,0 @@
def jwt_response_payload_handler(token, user=None, request=None, role=None):
if user.username:
name = user.username
else:
name = user.username
return {
"authenticated": True,
'id': user.id,
"role": role,
'name': name,
'username': user.username,
'token': token,
}

@ -2,41 +2,19 @@ from functools import wraps
from django.http import HttpResponseForbidden, JsonResponse from django.http import HttpResponseForbidden, JsonResponse
def student_required(view_func): def permission(allowed_roles):
""" """
装饰器用于权限控制 装饰器权限控制
""" """
def decorator(view_func):
@wraps(view_func) @wraps(view_func)
def _wrapped_view(request, *args, **kwargs): def _wrapped_view(request, *args, **kwargs):
if request.jwt_payload.get("type") == 'student': if request.jwt_payload.get("type") in allowed_roles:
return view_func(request, *args, **kwargs) return view_func(request, *args, **kwargs)
else: else:
return JsonResponse(ResponseUtil.error("你没有该权限进行操作!")) return JsonResponse(ResponseUtil.error("你没有权限访问该接口!"))
return _wrapped_view
def teacher_required(view_func):
"""
装饰器用于权限控制
"""
@wraps(view_func)
def _wrapped_view(request, *args, **kwargs):
if request.jwt_payload.get("type") == 'teacher':
return view_func(request, *args, **kwargs)
else:
return JsonResponse(ResponseUtil.error("你没有该权限进行操作!"))
return _wrapped_view
def admin_required(view_func):
"""
装饰器用于权限控制
"""
@wraps(view_func)
def _wrapped_view(request, *args, **kwargs):
if request.jwt_payload.get("type") == 'admin':
return view_func(request, *args, **kwargs)
else:
return JsonResponse(ResponseUtil.error("你没有该权限进行操作!"))
return _wrapped_view return _wrapped_view
return decorator
class ResponseUtil: class ResponseUtil:
@staticmethod @staticmethod

@ -120,8 +120,7 @@ def studnets(request):
@csrf_exempt @csrf_exempt
@teacher_required @permission(allowed_roles=["admin", "teacher"])
@admin_required
def add_student(request): def add_student(request):
if not request.method == "POST": if not request.method == "POST":
return JsonResponse(ResponseUtil.error("request method error!")) return JsonResponse(ResponseUtil.error("request method error!"))
@ -142,8 +141,7 @@ def add_student(request):
return JsonResponse(result) return JsonResponse(result)
@csrf_exempt @csrf_exempt
@teacher_required @permission(allowed_roles=["admin", "teacher"])
@admin_required
def search_student(request): def search_student(request):
currentPage = request.GET.get("currentPage") currentPage = request.GET.get("currentPage")
pageSize = request.GET.get("pageSize") pageSize = request.GET.get("pageSize")
@ -173,8 +171,7 @@ def search_student(request):
@csrf_exempt @csrf_exempt
@teacher_required @permission(allowed_roles=["admin", "teacher"])
@admin_required
def del_student(request): def del_student(request):
if not request.method == "GET": if not request.method == "GET":
return JsonResponse(ResponseUtil.error("request method error!")) return JsonResponse(ResponseUtil.error("request method error!"))
@ -189,7 +186,7 @@ def del_student(request):
@csrf_exempt @csrf_exempt
@student_required @permission(allowed_roles=["admin", "student", "teacher"])
def select_course(request): def select_course(request):
if not request.method == "POST": if not request.method == "POST":
return JsonResponse(ResponseUtil.error("request method error!")) return JsonResponse(ResponseUtil.error("request method error!"))
@ -212,7 +209,7 @@ def select_course(request):
return JsonResponse(ResponseUtil.error(str(E))) return JsonResponse(ResponseUtil.error(str(E)))
@student_required @permission(allowed_roles=["student"])
def get_grade(request): def get_grade(request):
""" """
获取学生成绩 获取学生成绩

@ -107,7 +107,7 @@ def search_course(request):
result["pageNum"] = paginator.num_pages result["pageNum"] = paginator.num_pages
return JsonResponse(result) return JsonResponse(result)
@permission(allowed_roles=["student"])
def get_course_by_student_id(request): def get_course_by_student_id(request):
""" """
通过学生ID获取学生的选课 通过学生ID获取学生的选课
@ -141,8 +141,7 @@ def delete_select_course(request):
return JsonResponse(ResponseUtil.error(E)) return JsonResponse(ResponseUtil.error(E))
@csrf_exempt @csrf_exempt
@teacher_required @permission(allowed_roles=["teacher", "admin"])
@admin_required
def get_student_select_course(request): def get_student_select_course(request):
""" """
获取所有学生的所有选课 获取所有学生的所有选课
@ -185,8 +184,7 @@ def get_student_select_course(request):
result["pageNum"] = paginator.num_pages result["pageNum"] = paginator.num_pages
return JsonResponse(result) return JsonResponse(result)
@teacher_required @permission(allowed_roles=["teacher", "admin"])
@admin_required
@csrf_exempt @csrf_exempt
def edit_grade(request): def edit_grade(request):
""" """

Loading…
Cancel
Save