MOD:

冯轩
Showing 2 changed files with 6 additions and 1 deletions
src/apps/account/views.py
src/apps/doc/views.py
--- a/src/apps/account/views.py
View file @c64af44
+++ b/src/apps/account/views.py
View file @c64af44
@@ -55,6 +55,7 @@ class LoginView(ObtainJSONWebToken, GenericView):
            'role':  user_role.role if user_role else -1
        }
        rh.set_token(res.data.get('token')[-10:], user.username)
+        rh.set_token(res.data.get('token')[-11:], user_role.role if user_role else -1)
        return response.ok(data=data)
@@ -85,9 +86,10 @@ class IWALoginView(IWABaseView, GenericView):
        is_valid, data = self.validate(q_number)
        if is_valid:
-            rh.set_token(data.get('token')[-10:], data.get('user_name'))
            user_role = UserRole.objects.filter(auth_user_id=data.get('user_id')).first()
            data['role'] = user_role.role if user_role else -1
+            rh.set_token(data.get('token')[-10:], data.get('user_name'))
+            rh.set_token(data.get('token')[-11:], user_role.role if user_role else -1)
            return response.ok(data=data)
        else:
            self.no_permission(data)
--- a/src/apps/doc/views.py
View file @c64af44
+++ b/src/apps/doc/views.py
View file @c64af44
@@ -1065,6 +1065,9 @@ class DocView(DocGenericView, DocHandler):
        create_time_start = args.get('create_time_start')
        create_time_end = args.get('create_time_end')
+        token = request.META.get("HTTP_AUTHORIZATION")
+        user_role = rh.get_token(token[-11:])
        status_query = Q(status=status) if status is not None else Q()
        application_id_query = Q(application_id__contains=application_id) if application_id is not None else Q()
        data_source_query = Q(data_source=data_source) if data_source is not None else Q()