完善权限体系
This commit is contained in:
parent
7efa258a28
commit
b6a0abd9ee
0
accounts/api/__init__.py
Normal file
0
accounts/api/__init__.py
Normal file
@ -1,36 +1,31 @@
|
||||
from ninja import Router, Form
|
||||
from django.contrib.auth import get_user_model
|
||||
from rest_framework_simplejwt.tokens import RefreshToken
|
||||
from django.contrib.auth import authenticate
|
||||
from django.http import HttpRequest
|
||||
from django.db.models import Q
|
||||
from django.contrib.auth.hashers import check_password
|
||||
|
||||
|
||||
|
||||
auth_router = Router(tags=["认证"])
|
||||
User = get_user_model()
|
||||
router = Router(tags=["用户注册 + JWT"])
|
||||
|
||||
|
||||
@router.post("/register")
|
||||
@auth_router.post("/register")
|
||||
def register(
|
||||
request,
|
||||
username: str = Form(...),
|
||||
password: str = Form(...),
|
||||
email: str = Form(...),
|
||||
role: str = Form("user") # 也可写死 "user"
|
||||
role: str = Form("user") # 可选:默认 user
|
||||
):
|
||||
if User.objects.filter(username=username).exists():
|
||||
return {"success": False, "message": "用户名已存在"}
|
||||
|
||||
if role != "user":
|
||||
return {"success": False, "message": "不能注册管理员或分管理账号"}
|
||||
|
||||
user = User(username=username, email=email, role=role)
|
||||
user.set_password(password)
|
||||
user.save()
|
||||
|
||||
# 生成 JWT token
|
||||
refresh = RefreshToken.for_user(user)
|
||||
|
||||
return {
|
||||
"success": True,
|
||||
"message": "注册成功",
|
||||
@ -46,10 +41,10 @@ def register(
|
||||
}
|
||||
|
||||
|
||||
@router.post("/login")
|
||||
@auth_router.post("/login")
|
||||
def login(
|
||||
request: HttpRequest,
|
||||
username: str = Form(...), # 可以是用户名或邮箱
|
||||
request,
|
||||
username: str = Form(...),
|
||||
password: str = Form(...),
|
||||
):
|
||||
user = User.objects.filter(Q(username=username) | Q(email=username)).first()
|
||||
@ -61,7 +56,6 @@ def login(
|
||||
return {"success": False, "message": "账号未激活"}
|
||||
|
||||
refresh = RefreshToken.for_user(user)
|
||||
|
||||
return {
|
||||
"success": True,
|
||||
"message": "登录成功",
|
||||
18
accounts/api/user.py
Normal file
18
accounts/api/user.py
Normal file
@ -0,0 +1,18 @@
|
||||
from ninja import Router
|
||||
from utils.permissions import login_required
|
||||
from utils.auth import jwt_auth
|
||||
|
||||
user_router = Router(tags=["用户信息"])
|
||||
|
||||
@user_router.get("/me", auth=jwt_auth)
|
||||
@login_required
|
||||
def get_user_info(request):
|
||||
user = request.user
|
||||
return {
|
||||
"id": user.id,
|
||||
"username": user.username,
|
||||
"email": user.email,
|
||||
"role": user.role,
|
||||
"is_active": user.is_active,
|
||||
"is_staff": user.is_staff,
|
||||
}
|
||||
4
api.py
4
api.py
@ -1,5 +1,9 @@
|
||||
from ninja import NinjaAPI
|
||||
from resumes.api.views import router as resume_router
|
||||
from accounts.api.auth import auth_router
|
||||
from accounts.api.user import user_router
|
||||
|
||||
api = NinjaAPI(title="简历管理 API")
|
||||
api.add_router("/resumes/", resume_router)
|
||||
api.add_router("/auth", auth_router)
|
||||
api.add_router("/users", user_router)
|
||||
|
||||
0
utils/__init__.py
Normal file
0
utils/__init__.py
Normal file
16
utils/auth.py
Normal file
16
utils/auth.py
Normal file
@ -0,0 +1,16 @@
|
||||
from ninja.security import HttpBearer
|
||||
from rest_framework_simplejwt.authentication import JWTAuthentication
|
||||
|
||||
|
||||
class JWTAuth(HttpBearer):
|
||||
def authenticate(self, request, token):
|
||||
jwt_auth = JWTAuthentication()
|
||||
try:
|
||||
validated_token = jwt_auth.get_validated_token(token)
|
||||
user = jwt_auth.get_user(validated_token)
|
||||
return user
|
||||
except Exception:
|
||||
return None
|
||||
|
||||
|
||||
jwt_auth = JWTAuth()
|
||||
36
utils/permissions.py
Normal file
36
utils/permissions.py
Normal file
@ -0,0 +1,36 @@
|
||||
from functools import wraps
|
||||
from ninja.errors import HttpError
|
||||
|
||||
|
||||
from functools import wraps
|
||||
from ninja.errors import HttpError
|
||||
|
||||
|
||||
def login_required(func):
|
||||
@wraps(func)
|
||||
def wrapper(request, *args, **kwargs):
|
||||
user = getattr(request, 'user', None)
|
||||
if not user or not user.is_authenticated:
|
||||
raise HttpError(401, "请先登录")
|
||||
return func(request, *args, **kwargs)
|
||||
return wrapper
|
||||
|
||||
|
||||
def manager_required(func):
|
||||
@wraps(func)
|
||||
def wrapper(request, *args, **kwargs):
|
||||
user = getattr(request, 'user', None)
|
||||
if not user or not user.is_authenticated or user.role not in ['admin', 'manager']:
|
||||
raise HttpError(403, "仅分管理或管理员可访问")
|
||||
return func(request, *args, **kwargs)
|
||||
return wrapper
|
||||
|
||||
|
||||
def admin_required(func):
|
||||
@wraps(func)
|
||||
def wrapper(request, *args, **kwargs):
|
||||
user = getattr(request, 'user', None)
|
||||
if not user or not user.is_authenticated or user.role != 'admin':
|
||||
raise HttpError(403, "仅管理员可访问")
|
||||
return func(request, *args, **kwargs)
|
||||
return wrapper
|
||||
Loading…
x
Reference in New Issue
Block a user