:MOD

冯轩
Showing 1 changed file with 14 additions and 3 deletions
src/apps/doc/views.py
--- a/src/apps/doc/views.py
View file @3b8a690
+++ b/src/apps/doc/views.py
View file @3b8a690
@@ -1084,6 +1084,14 @@ class DocView(DocGenericView, DocHandler):
            # }
            # return response.ok(data=res)
            raise NoPermissionException('no permission')
+        if user_role is None or user_role == '-1' or (user_role == '1' and business_type == 'HIL') or (user_role == '2' and business_type == 'AFC'):
+            # pagination = {'current': page, 'total': 0, 'page_size': page_size}
+            # res = {
+            # 'pagination': pagination,
+            # 'doc_list': []
+            # }
+            # return response.ok(data=res)
+            raise NoPermissionException('no permission')
        status_query = Q(status=status) if status is not None else Q()
        application_id_query = Q(application_id__contains=application_id) if application_id is not None else Q()
@@ -1917,12 +1925,13 @@ class InvoiceExcelView(GenericView):
    def post(self, request, args):
        application_ids = args.get('application_ids')
        application_entity = args.get('application_entity')
+        self.running_log.info('[InvoiceExcelView] [user_role={0}] '.format('111222333'))
        # 角色权限不符，返回异常
        token = request.META.get("HTTP_AUTHORIZATION")
        user_role = rh.get_token(token[-11:])
        self.running_log.info('[InvoiceExcelView] [user_role={0}] '.format(user_role))
-        if user_role is None or user_role == '-1' or (user_role == '1' and application_entity == 'HIL') or (user_role == '2' and application_entity == 'AFC'):
+        if user_role is None or user_role == '-1' or (user_role == '1' and application_entity == '2') or (user_role == '2' and application_entity == '1'):
+            self.running_log.info('[InvoiceExcelView no permission] [user_role={0}] [application_entity={1}]'.format(user_role, application_entity))
            raise NoPermissionException('no permission')
        url = 'http://127.0.0.1:8088/napi/invoice/downloadExcelOri'
@@ -1961,12 +1970,14 @@ class InvoiceQueryInfoView(GenericView):
    def post(self, request, args):
        application_ids = args.get('application_ids')
        application_entity = args.get('application_entity')
+        self.running_log.info('[InvoiceExcelView] [user_role={0}] '.format('111222333'))
        # 角色权限不符，返回异常
        token = request.META.get("HTTP_AUTHORIZATION")
        user_role = rh.get_token(token[-11:])
        self.running_log.info('[InvoiceQueryInfoView] [user_role={0}] '.format(user_role))
-        if user_role is None or user_role == '-1' or (user_role == '1' and application_entity == 'HIL') or (user_role == '2' and application_entity == 'AFC'):
+        if user_role is None or user_role == '-1' or (user_role == '1' and application_entity == '2') or (user_role == '2' and application_entity == '1'):
+            self.running_log.info('[InvoiceExcelView no permission] [user_role={0}] [application_entity={1}]'.format(user_role, application_entity))
            raise NoPermissionException('no permission')
        url = 'http://127.0.0.1:8088/napi/invoice/queryInfoOri'