fix: 修复普通用户也能获取下属部门的数据

2025-02-24 18:19:04 +08:00
parent df5f2977d4
commit f0c678b8d0
3 changed files with 42 additions and 12 deletions
--- a/annotation/auth.py
+++ b/annotation/auth.py
@@ -40,3 +40,16 @@ class Auth:
            raise PermissionException(message="该用户无此接口权限！")

        return wrapper
+
+
+async def hasAuth(request: Request, permission: str) -> bool:
+    """
+    判断是有拥有某项权限
+    """
+    token = request.headers.get('Authorization')  # 直接使用 request 对象
+    current_user = await LoginController.get_current_user(request, token)
+    permissions = current_user.get('permissions')
+    if permission in permissions:
+        return True
+    else:
+        return False