MOD:权限判断条件

冯轩
Showing 2 changed files with 20 additions and 18 deletions
src-20240711-2.zip
src/apps/doc/views.py
--- a/src-20240711-2.zip 0 → 100644
View file @15c08f7
+++ b/src-20240711-2.zip 0 → 100644
View file @15c08f7
--- a/src/apps/doc/views.py
View file @15c08f7
+++ b/src/apps/doc/views.py
View file @15c08f7
@@ -1070,13 +1070,14 @@ class DocView(DocGenericView, DocHandler):
        token = request.META.get("HTTP_AUTHORIZATION")
        user_role = rh.get_token(token[-11:])
        self.running_log.info('[api doc] [user_role={0} business_type={1}] '.format(user_role, business_type))
-        if user_role or user_role == '-1' or (user_role == '1' and business_type == 'HIL') or (user_role == '2' and business_type == 'AFC'):
-            pagination = {'current': page, 'total': 0, 'page_size': page_size}
-            res = {
-            'pagination': pagination,
-            'doc_list': []
-            }
-            return response.ok(data=res)
+        if user_role is None or user_role == '-1' or (user_role == '1' and business_type == 'HIL') or (user_role == '2' and business_type == 'AFC'):
+            # pagination = {'current': page, 'total': 0, 'page_size': page_size}
+            # res = {
+            # 'pagination': pagination,
+            # 'doc_list': []
+            # }
+            # return response.ok(data=res)
+            raise NoPermissionException('no permission')

        status_query = Q(status=status) if status is not None else Q()
        application_id_query = Q(application_id__contains=application_id) if application_id is not None else Q()
@@ -1248,7 +1249,7 @@ class CompareResultView(GenericView):
        token = request.META.get("HTTP_AUTHORIZATION")
        user_role = rh.get_token(token[-11:])
        self.running_log.info('[CompareResultView] [user_role={0}] '.format(user_role))
-        if user_role or user_role == '-1' or (user_role == '1' and entity == 'HIL') or (user_role == '2' and entity == 'AFC'):
+        if user_role is None or user_role == '-1' or (user_role == '1' and entity == 'HIL') or (user_role == '2' and entity == 'AFC'):
            raise NoPermissionException('no permission')

        if is_auto == 1:
@@ -1645,13 +1646,14 @@ class AutoSettlementView(GenericView):
        token = request.META.get("HTTP_AUTHORIZATION")
        user_role = rh.get_token(token[-11:])
        self.running_log.info('[AutoSettlementView] [user_role={0}] '.format(user_role))
-        if user_role or user_role == '-1' or (user_role == '1' and business_type == 'HIL') or (user_role == '2' and business_type == 'AFC'):
-            pagination = {'current': page, 'total': 0, 'page_size': page_size}
-            res = {
-            'pagination': pagination,
-            'doc_list': []
-            }
-            return response.ok(data=res)
+        if user_role is None or user_role == '-1' or (user_role == '1' and business_type == 'HIL') or (user_role == '2' and business_type == 'AFC'):
+            # pagination = {'current': page, 'total': 0, 'page_size': page_size}
+            # res = {
+            # 'pagination': pagination,
+            # 'doc_list': []
+            # }
+            # return response.ok(data=res)
+            raise NoPermissionException('no permission')

        if isinstance(auto_result, int):
            auto_result = consts.RESULT_MAP.get(auto_result)
@@ -1741,7 +1743,7 @@ class AutoSettlementExcelView(GenericView):
        token = request.META.get("HTTP_AUTHORIZATION")
        user_role = rh.get_token(token[-11:])
        self.running_log.info('[AutoSettlementExcelView] [user_role={0}] '.format(user_role))
-        if user_role or user_role == '-1' or (user_role == '1' and business_type == 'HIL') or (user_role == '2' and business_type == 'AFC'):
+        if user_role is None or user_role == '-1' or (user_role == '1' and business_type == 'HIL') or (user_role == '2' and business_type == 'AFC'):
            raise NoPermissionException('no permission')

        if isinstance(auto_result, int):
@@ -1906,7 +1908,7 @@ class InvoiceExcelView(GenericView):
        token = request.META.get("HTTP_AUTHORIZATION")
        user_role = rh.get_token(token[-11:])
        self.running_log.info('[InvoiceExcelView] [user_role={0}] '.format(user_role))
-        if user_role or user_role == '-1' or (user_role == '1' and application_entity == 'HIL') or (user_role == '2' and application_entity == 'AFC'):
+        if user_role is None or user_role == '-1' or (user_role == '1' and application_entity == 'HIL') or (user_role == '2' and application_entity == 'AFC'):
            raise NoPermissionException('no permission')

        url = 'http://127.0.0.1:8088/napi/invoice/downloadExcelOri'
@@ -1950,7 +1952,7 @@ class InvoiceQueryInfoView(GenericView):
        token = request.META.get("HTTP_AUTHORIZATION")
        user_role = rh.get_token(token[-11:])
        self.running_log.info('[InvoiceQueryInfoView] [user_role={0}] '.format(user_role))
-        if user_role or user_role == '-1' or (user_role == '1' and application_entity == 'HIL') or (user_role == '2' and application_entity == 'AFC'):
+        if user_role is None or user_role == '-1' or (user_role == '1' and application_entity == 'HIL') or (user_role == '2' and application_entity == 'AFC'):
            raise NoPermissionException('no permission')

        url = 'http://127.0.0.1:8088/napi/invoice/queryInfoOri'