Finish user permission revoke

2025-10-22 08:19:04 +00:00 · 2016-11-10 16:59:50 +08:00
parent dde9ffb2ae
commit 69f2bf664b
15 changed files with 289 additions and 229 deletions
--- a/apps/perms/api.py
+++ b/apps/perms/api.py
@@ -5,8 +5,10 @@ from rest_framework.views import APIView, Response
 from rest_framework.generics import ListCreateAPIView
 from rest_framework import viewsets
 from users.backends import IsValidUser, IsSuperUser
-from .utils import get_user_granted_assets, get_user_granted_asset_groups
+from common.utils import get_object_or_none
+from .utils import get_user_granted_assets, get_user_granted_asset_groups, get_user_asset_permissions
 from .models import AssetPermission
+from .hands import User
 from . import serializers


@@ -18,11 +20,41 @@ class AssetPermissionViewSet(viewsets.ModelViewSet):
    def get_queryset(self):
        queryset = super(AssetPermissionViewSet, self).get_queryset()
        user_id = self.request.query_params.get('user', '')
-        if user_id:
-            queryset = queryset.filter(users__id=user_id)
-
+        if user_id and user_id.isdigit():
+            from users.models import User
+            self.user_id = user_id
+            user = get_object_or_none(User, id=int(user_id))
+            if user:
+                queryset = get_user_asset_permissions(user)
+                print(queryset)
        return queryset

+    def get_serializer_class(self):
+        if getattr(self, 'user_id', ''):
+            return serializers.UserAssetPermissionSerializer
+        return serializers.AssetPermissionSerializer
+
+
+class RevokeUserAssetPermission(APIView):
+    permission_classes = (IsSuperUser,)
+
+    def put(self, request, *args, **kwargs):
+        permission_id = str(request.data.get('id', ''))
+        user_id = str(request.data.get('user_id', ''))
+
+        if permission_id and user_id and permission_id.isdigit() and user_id.isdigit():
+            permission_id = int(permission_id)
+            user_id = int(user_id)
+            asset_permission = get_object_or_none(AssetPermission, id=permission_id)
+            user = get_object_or_none(User, id=user_id)
+            print(asset_permission)
+            print(user)
+
+            if asset_permission and user:
+                asset_permission.users.remove(user)
+                return Response({'msg': 'success'})
+        return Response({'msg': 'failed'}, status=404)
+

 class UserAssetsApi(APIView):
    permission_classes = (IsValidUser,)