opc-backend/users/permissions.py

from rest_framework import permissions
from .models import RolePermission

class HasAPIPermission(permissions.BasePermission):
    """
    Checks if the user has the specific API permission required by the view.
    The view must define `required_permission = 'api:something'` or a dictionary mapping methods to permissions:
    `required_permissions = {'GET': 'api:read', 'POST': 'api:write'}`
    """
    def has_permission(self, request, view):
        if not request.user or not request.user.is_authenticated:
            return False
            
        if getattr(request.user, 'is_superuser', False):
            return True

        method = request.method
        required_perm = None
        
        if hasattr(view, 'required_permissions') and isinstance(view.required_permissions, dict):
            required_perm = view.required_permissions.get(method)
        elif hasattr(view, 'required_permission'):
            required_perm = view.required_permission
            
        if not required_perm:
            # If no permission is required, default to IsAdminUser logic for safety, 
            # or True if you want it open. Let's require staff status by default for admin views.
            return request.user.is_staff

        user_perms = RolePermission.objects.filter(role__userrole__user=request.user).values_list('permission__code', flat=True)
        return required_perm in user_perms
开发了多角色登录与鉴权接口：实现了普通用户、企业和管理员的登录分流，并支持Token验证。开发了权限控制接口：实现了通过数据库分配菜单权限节点，控制接口访问安全。开发了实名认证中心：实现了个人身份证信息与企业营业执照的提交与审核接口。开发了任务与协作大厅核心业务：实现了任务的发布、接单、状态流转以及专家邀约接口。配置了全局环境变量与数据库引擎：集成了 PostgreSQL 数据库、Redis 缓存与 MinIO 对象存储。 2026-04-28 16:32:02 +08:00			`from rest_framework import permissions`
			`from .models import RolePermission`

			`class HasAPIPermission(permissions.BasePermission):`
			`"""`
			`Checks if the user has the specific API permission required by the view.`
			The view must define `required_permission = 'api:something'` or a dictionary mapping methods to permissions:
			`required_permissions = {'GET': 'api:read', 'POST': 'api:write'}`
			`"""`
			`def has_permission(self, request, view):`
			`if not request.user or not request.user.is_authenticated:`
			`return False`

			`if getattr(request.user, 'is_superuser', False):`
			`return True`

			`method = request.method`
			`required_perm = None`

			`if hasattr(view, 'required_permissions') and isinstance(view.required_permissions, dict):`
			`required_perm = view.required_permissions.get(method)`
			`elif hasattr(view, 'required_permission'):`
			`required_perm = view.required_permission`

			`if not required_perm:`
			`# If no permission is required, default to IsAdminUser logic for safety,`
			`# or True if you want it open. Let's require staff status by default for admin views.`
			`return request.user.is_staff`

			`user_perms = RolePermission.objects.filter(role__userrole__user=request.user).values_list('permission__code', flat=True)`
			`return required_perm in user_perms`