Skip to content

J
jumpserver
Commit d95ffdfb authored by ibuler's avatar ibuler
Browse files
Options

Test permmision

parent bb76f6c6
Hide whitespace changes
Inline Side-by-side
Showing with 37 additions and 13 deletions
apps/jumpserver/settings.py
View file @ d95ffdfb
......@@ -173,12 +173,12 @@ REST_FRAMEWORK = {
# Use Django's standard `django.contrib.auth` permissions,
# or allow read-only access for unauthenticated users.
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly',
'rest_framework.permissions.IsAdminUser',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.BasicAuthentication',
'rest_framework.authentication.SessionAuthentication',
),
# 'DEFAULT_AUTHENTICATION_CLASSES': (
# 'rest_framework.authentication.BasicAuthentication',
# 'rest_framework.authentication.SessionAuthentication',
# ),
}
# This setting is required to override the Django's main loop, when running in
# development mode, such as ./manage runserver
......
apps/templates/_foot_js.html
View file @ d95ffdfb
......@@ -35,7 +35,9 @@
}
var csrftoken = getCookie('csrftoken');
console.log(csrftoken)
var sessionid = getCookie('sessionid');
console.log(csrftoken);
console.log(sessionid);
function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
......@@ -46,6 +48,7 @@
beforeSend: function(xhr, settings) {
if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", csrftoken);
{# xhr.setRequestHeader("sessionid", sessionid);#}
}
}
});
......
apps/users/api.py
View file @ d95ffdfb
......@@ -13,11 +13,24 @@ class UserListAddApi(generics.ListCreateAPIView):
queryset = User.objects.all()
serializer_class = UserSerializer
# permission_classes = (
# permissions.DenyAll,
# )
class UserDetailDeleteUpdateApi(generics.RetrieveUpdateDestroyAPIView):
queryset = User.objects.all()
serializer_class = UserSerializer
def put(self, request, *args, **kwargs):
print(request.META)
return super(UserDetailDeleteUpdateApi, self).put(request, *args, **kwargs)
# def get(self, request, *args, **kwargs):
# print("hello world")
# print(request.user)
# return super(UserDetailDeleteUpdateApi, self).get(request, *args, **kwargs)
class UserGroupListAddApi(generics.ListCreateAPIView):
queryset = UserGroup.objects.all()
......
apps/users/models.py
View file @ d95ffdfb
......@@ -148,7 +148,7 @@ class User(AbstractUser):
@property
def is_staff(self):
if self.is_authenticated and self.is_active and not self.is_expired:
if self.is_authenticated and self.is_active and not self.is_expired and self.is_superuser:
return True
else:
return False
......
apps/users/templates/users/user_detail.html
View file @ d95ffdfb
......@@ -231,13 +231,19 @@
var status = $(obj).prop('checked');
$.ajax({
{# url: "{% url 'users:user-detail-api' pk=user.id %}",#}
url: "{% url 'users:login' %}",
type: "POST",
url: "{% url 'users:user-detail-api' pk=user.id %}",
{# url: "{% url 'users:login' %}",#}
type: "PUT",
data: {
'username': "{{ user.username }}",
'email': "{{ user.email }}",
'is_active': status
},
success: function (data, status) {
console.log(data)
},
error: function () {
console.log('error')
}
})
}
......
apps/users/views.py
View file @ d95ffdfb
......@@ -28,9 +28,11 @@ class UserLoginView(FormView):
return HttpResponseRedirect(reverse('users:user-list'))
return super(UserLoginView, self).get(request, *args, **kwargs)
# def post(self, request, *args, **kwargs):
# print(self.request.user)
# return HttpResponseRedirect('/')
def post(self, request, *args, **kwargs):
print(self.request.user)
print(request.POST)
print(request.session.session_key)
return HttpResponseRedirect('/')
def form_valid(self, form):
username = form.cleaned_data.get('username', '')
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment