perf: 添加 check api 避免未认证

2025-08-31 23:20:37 +00:00 · 2023-09-13 17:05:01 +08:00
parent 1249935bab
commit d0f79c2df2
12 changed files with 189 additions and 40 deletions
--- a/apps/accounts/api/account/task.py
+++ b/apps/accounts/api/account/task.py
@@ -9,9 +9,12 @@ __all__ = [
    'AccountsTaskCreateAPI',
 ]

+from rbac.permissions import RBACPermission
+

 class AccountsTaskCreateAPI(CreateAPIView):
    serializer_class = serializers.AccountTaskSerializer
+    permission_classes = [RBACPermission]

    def check_permissions(self, request):
        act = request.data.get('action')
@@ -19,7 +22,9 @@ class AccountsTaskCreateAPI(CreateAPIView):
            code = 'accounts.push_account'
        else:
            code = 'accounts.verify_account'
-        return request.user.has_perm(code)
+        has = request.user.has_perm(code)
+        if not has:
+            self.permission_denied(request)

    def perform_create(self, serializer):
        data = serializer.validated_data
@@ -44,6 +49,6 @@ class AccountsTaskCreateAPI(CreateAPIView):

    def get_exception_handler(self):
        def handler(e, context):
-            return Response({"error": str(e)}, status=400)
+            return Response({"error": str(e)}, status=401)

        return handler