From f27f1ece0bcdd46da0e6343d76f9cabc952ca1bf Mon Sep 17 00:00:00 2001 From: yumoqing Date: Fri, 20 Mar 2026 12:59:30 +0800 Subject: [PATCH] bugfix --- rbac/check_perm.py | 24 +++++++++++++++++++++- rbac/userperm.py | 2 +- wwwroot/phone_login.dspy | 43 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 67 insertions(+), 2 deletions(-) diff --git a/rbac/check_perm.py b/rbac/check_perm.py index eeee780..074f404 100644 --- a/rbac/check_perm.py +++ b/rbac/check_perm.py @@ -13,6 +13,7 @@ from appPublic.uniqueID import getID from ahserver.auth_api import AuthAPI, user_login from ahserver.globalEnv import password_encode from ahserver.serverenv import ServerEnv, get_serverenv, set_serverenv +from .userperm import UserPermisions async def get_org_users(orgid): env = ServerEnv() @@ -92,13 +93,27 @@ async def register_user(sor, ns): debug('password not match') return False ns.password = password_encode(ns.password) + recs = await sor.R('users', {'username': ns.username}) + if recs: + return { + "status": "error", + "data": { + "message": f"username({ns.username}) exists", + "user": recs[0] + } + } id = getID() ns.id = id ns.orgid = id ns1 = DictObject(id=id, orgname=ns.username) await create_org(sor, ns1) await create_user(sor, ns) - return id + return { + "status": "ok", + "data": { + "user": ns + } + } def get_dbname(): f = get_serverenv('get_module_dbname') @@ -160,6 +175,12 @@ where c.userid = ${userid}$ async with db.sqlorContext(dbname) as sor: if userid is None: userid = await getAuthenticationUserid(sor, request) + uperm = UserPermisions() + ret = await uperm.is_user_has_path_perm(userid, path) + debug(f'{userid=}, {path=} permission is {ret}') + return ret + """ + perms = await sor.R('permission', {'path':path}) if len(perms) == 0: debug(f'{path=} not found in permission, can access') @@ -179,6 +200,7 @@ where c.userid = ${userid}$ e = db.e_except debug(f'objcheckperm() error happened {userid}, {path}, {e}\n{format_exc()}') return False + """ registered_auth_methods = { "Basic ": basic_auth diff --git a/rbac/userperm.py b/rbac/userperm.py index 24ec358..15a536f 100644 --- a/rbac/userperm.py +++ b/rbac/userperm.py @@ -60,7 +60,7 @@ where a.id = c.userid del self.cups[e['userid']] return cup - async def is_user_has_path_perm(self, userid, path): + async def is_user_has_path_perm(self, request, userid, path): paths = await self.get_user_perms_paths(userid) if path in paths: return True diff --git a/wwwroot/phone_login.dspy b/wwwroot/phone_login.dspy index 71a2b74..6687e88 100644 --- a/wwwroot/phone_login.dspy +++ b/wwwroot/phone_login.dspy @@ -22,4 +22,47 @@ if not f: } } +ns = { + "username": params_kw.cellphone, + "password": "^&%UHI", + "cfm_password": "^&%UHI", + "mobile": params_kw.cellphone, + "user_status": "0" +} +async with get_sor_context(request._run_ns, 'rbac') as sor: + recs = await R('users', {'mobile': params_kw.cellphone}) + if recs: + if len(recs) == 1: + r = recs[0] + await remember_user(r.id, username=r.username, userorgid=r.orgid) + return { + "status": "ok", + "data":{ + "user": r + } + } + if params_kw.selected_id: + for r in recs: + if r.id == params_kw.selected_id: + await remember_user(r.id, username=r.username, userorgid=r.orgid) + return { + "status": "ok", + "data":{ + "user": r + } + } + else: + return { + "status": "choose", + "data": { + "users": recs + } + } + + d = await register_user(sor, ns) + if d['status'] == 'error': + return d + + r = d['data']['user'] + await remember_user(r.id, username=r.username, userorgid=r.orgid)