验证权限控制有效性

Chise1 · Chise1 · commit b4a2ca42e83b · 2022-09-28T13:11:44.000+08:00
修改password字段
diff --git a/fast_tmp/admin/server.py b/fast_tmp/admin/server.py
@@ -58,7 +58,7 @@ async def login(
     if not password:
         context["password_err"] = True
         return templates.TemplateResponse("login.html", context)
-    user = await User.filter(username=username).first()
+    user = await User.filter(username=username, is_staff=True, is_active=True).first()
     if not user or not user.check_password(password) or not user.is_active:
         context["errinfo"] = "username or password error!"
         return templates.TemplateResponse("login.html", context)
@@ -106,7 +106,7 @@ async def get_site(request: Request):
     if not user.is_superuser:
         perms = [
             i.codename
-            for i in await Permission.filter(groups__user=user, codename__endswith="list")
+            for i in await Permission.filter(groups__users=user, codename__endswith="list")
         ]
     else:
         perms = [i.codename for i in await Permission.filter(codename__endswith="list")]
diff --git a/fast_tmp/amis/forms/enums.py b/fast_tmp/amis/forms/enums.py
@@ -31,6 +31,7 @@ class ControlEnum(str, Enum):
     checkboxes = "checkboxes"
     picker = "picker"
     custom = "custom"
+    input_password = "input-password"
 
 
 class ItemModel(str, Enum):
diff --git a/fast_tmp/site/field.py b/fast_tmp/site/field.py
@@ -1,9 +1,36 @@
 from typing import Any
 
+from starlette.requests import Request
+from tortoise import Model
+
+from fast_tmp.amis.forms import Control, ControlEnum
 from fast_tmp.contrib.auth.hashers import make_password
+from fast_tmp.responses import TmpValueError
 from fast_tmp.site.util import StrControl
 
 
+# todo 以后考虑创建更新的control分离
 class Password(StrControl):
-    def amis_2_orm(self, value: Any) -> Any:
-        return make_password(value)
+    _control_type = ControlEnum.input_password
+    _update_control = None
+
+    async def get_value(self, request: Request, obj: Model) -> Any:
+        return None
+
+    async def set_value(self, request: Request, obj: Model, value: Any):
+        if obj.pk is not None:
+            old_password = getattr(obj, self.name)
+            if value != old_password and len(value) > 0:
+                setattr(obj, self.name, make_password(value))
+        else:
+            if not value:
+                raise TmpValueError("password can not be none.")
+            await super().set_value(request, obj, value)
+
+    def get_control(self, request: Request) -> Control:
+        if not self._control:
+            self._control = Control(type=self._control_type, name=self.name, label=self.label)
+            if not self._field.null:  # type: ignore
+                if self._field.default is not None:  # type: ignore
+                    self._control.value = self.orm_2_amis(self._field.default)  # type: ignore
+        return self._control
diff --git a/tests/base.py b/tests/base.py
@@ -22,7 +22,7 @@ async def asyncSetUp(self) -> None:
         self.client = AsyncClient(app=self.app, base_url="http://test")
         await self.client.__aenter__()
         await Tortoise.init(settings.TORTOISE_ORM, _create_db=True)
-        await Tortoise.generate_schemas(False)
+        await Tortoise.generate_schemas(True)
         await self.create_superuser("admin", "admin")
 
     async def asyncTearDown(self) -> None:
@@ -33,7 +33,9 @@ async def asyncTearDown(self) -> None:
     async def create_superuser(cls, username, password):
         if await User.filter(username=username).exists():
             return
-        user = User(username=username, is_superuser=True)
+        user = User(
+            username=username, is_superuser=True, is_active=True, is_staff=True, name=username
+        )
         user.set_password(password)
         await user.save()
 
