增加 is_admin 校验
2 changed files with 10 additions and 4 deletions
+ 5
- 3
api/maintenance_views.py
@@ -8,7 +8,7 @@ from django_response import response |
||
| 8 | 8 |
from paginator import pagination |
| 9 | 9 |
|
| 10 | 10 |
from maintenance.models import MaintenaceInfo |
| 11 |
-from utils.admin_utils import is_maintenanceman |
|
| 11 |
+from utils.admin_utils import is_maintenanceman, is_admin |
|
| 12 | 12 |
from utils.error.errno_utils import MaintenaceStatusCode |
| 13 | 13 |
|
| 14 | 14 |
|
@@ -73,6 +73,7 @@ def maintenance_delete(request): |
||
| 73 | 73 |
def maintenance_update(request): |
| 74 | 74 |
brand_id = request.POST.get('brand_id', settings.KODO_DEFAULT_BRAND_ID)
|
| 75 | 75 |
maintenace_id = request.POST.get('maintenace_id', '')
|
| 76 |
+ admin_id = request.POST.get('admin_id', '')
|
|
| 76 | 77 |
user_id = request.POST.get('user_id', '')
|
| 77 | 78 |
name = request.POST.get('name', '')
|
| 78 | 79 |
phone = request.POST.get('phone', '')
|
@@ -92,7 +93,7 @@ def maintenance_update(request): |
||
| 92 | 93 |
except MaintenaceInfo.DoesNotExist: |
| 93 | 94 |
return response(MaintenaceStatusCode.MAINTENACE_NOT_FOUND) |
| 94 | 95 |
|
| 95 |
- if user_id != maintenace.user_id and not is_maintenanceman(brand_id, user_id): |
|
| 96 |
+ if user_id != maintenace.user_id and not is_admin(brand_id, admin_id): |
|
| 96 | 97 |
return response(MaintenaceStatusCode.MAINTENACE_PERMISSION_DENIED) |
| 97 | 98 |
|
| 98 | 99 |
if name: |
@@ -127,12 +128,13 @@ def maintenance_update(request): |
||
| 127 | 128 |
@logit |
| 128 | 129 |
def maintenance_list(request): |
| 129 | 130 |
brand_id = request.POST.get('brand_id', settings.KODO_DEFAULT_BRAND_ID)
|
| 131 |
+ admin_id = request.POST.get('admin_id', '')
|
|
| 130 | 132 |
user_id = request.POST.get('user_id', '')
|
| 131 | 133 |
page = request.POST.get('page', 1)
|
| 132 | 134 |
num = request.POST.get('num', 20)
|
| 133 | 135 |
|
| 134 | 136 |
maintenaces = MaintenaceInfo.objects.filter(status=True) |
| 135 |
- if not is_maintenanceman(brand_id, user_id): |
|
| 137 |
+ if not is_admin(brand_id, admin_id): |
|
| 136 | 138 |
maintenaces = maintenaces.filter(user_id=user_id) |
| 137 | 139 |
maintenaces = [maintenace.data for maintenace in maintenaces] |
| 138 | 140 |
maintenaces, left = pagination(maintenaces, page, num) |
+ 5
- 1
utils/admin_utils.py
@@ -1,7 +1,11 @@ |
||
| 1 | 1 |
# -*- coding: utf-8 -*- |
| 2 | 2 |
|
| 3 |
-from mch.models import MaintenancemanInfo |
|
| 3 |
+from mch.models import MaintenancemanInfo, AdministratorInfo |
|
| 4 | 4 |
|
| 5 | 5 |
|
| 6 | 6 |
def is_maintenanceman(brand_id, user_id): |
| 7 | 7 |
return MaintenancemanInfo.objects.filter(brand_id=brand_id, user_id=user_id, status=True).exists() |
| 8 |
+ |
|
| 9 |
+ |
|
| 10 |
+def is_admin(brand_id, admin_id): |
|
| 11 |
+ return MaintenancemanInfo.objects.filter(brand_id=brand_id, admin_id=admin_id, status=True).exists() |