增加后台权限校验

app/__init__.py

@@ -22,7 +22,7 @@ class CustomJSONEncoder(JSONEncoder):
 
 loginmanager = LoginManager()
 loginmanager.session_protection = 'strong'
-loginmanager.login_view = 'base.login'
+#loginmanager.login_view = 'base.login'
 
 moment = Moment()
 db = SQLAlchemy()

app/routes/config.py

@@ -8,8 +8,10 @@ from flask import render_template, request, jsonify
 from sqlalchemy import asc
 from sqlalchemy import desc
 from .. import  db
+from flask_login import login_required
 
 @base.route('/system/config/configKey/<configKey>', methods=['GET'])
+@login_required
 def sysconfig_get_value(configKey):
     data = Config.query.filter(Config.config_key == configKey).first()
 
@@ -17,6 +19,7 @@ def sysconfig_get_value(configKey):
 
 
 @base.route('/system/config/list', methods=['GET'])
+@login_required
 def sys_config_list():
     filters = []
     if 'configName' in request.args:
@@ -39,12 +42,14 @@ def sys_config_list():
     return jsonify({'msg': '操作成功', 'code': 200, 'rows': [config.to_json() for config in config_list], 'total': pagination.total})
 
 @base.route('/system/config/<id>', methods=['GET'])
+@login_required
 def sysconfig_get_by_id(id):
     config = Config.query.get(id)
 
     return jsonify({'msg': '操作成功', 'code': 200, 'data': config.to_json()})
 
 @base.route('/system/config', methods=['POST'])
+@login_required
 def sysconfig_add():
     config = Config()
 
@@ -62,6 +67,7 @@ def sysconfig_add():
     return jsonify({'code': 200, 'msg': '操作成功'})
 
 @base.route('/system/config', methods=['PUT'])
+@login_required
 def sysconfig_update():
     config = Config.query.get(request.json['configId'])
 
@@ -79,6 +85,7 @@ def sysconfig_update():
     return jsonify({'msg': '操作成功', 'code': 200})
 
 @base.route('/system/config/<string:ids>', methods=['DELETE'])
+@login_required
 def syconfig_delete(ids):
     idList = ids.split(',')
     for id in idList:

app/routes/dictdata.py

@@ -7,8 +7,10 @@ from flask import render_template, request, jsonify
 from sqlalchemy import asc
 from sqlalchemy import desc
 from .. import  db
+from flask_login import login_required
 
 @base.route('/system/dict/data/type/<dictType>', methods=['GET'])
+@login_required
 def sysdictdata_get_by_type(dictType):
     data_list = DictData.query.filter(DictData.dict_type == dictType)
 
@@ -16,6 +18,7 @@ def sysdictdata_get_by_type(dictType):
 
 
 @base.route('/system/dict/data/list', methods=['GET'])
+@login_required
 def sysdict_data_list():
     filters = []
     if 'dictLabel' in request.args:
@@ -35,12 +38,14 @@ def sysdict_data_list():
     return jsonify({'msg': '操作成功', 'code': 200, 'rows': [data.to_json() for data in data_list], 'total': pagination.total})
 
 @base.route('/system/dict/data/<id>', methods=['GET'])
+@login_required
 def sysdict_data_get_by_id(id):
     data = DictData.query.get(id)
 
     return jsonify({'msg': '操作成功', 'code': 200, 'data': data.to_json()})
 
 @base.route('/system/dict/data', methods=['POST'])
+@login_required
 def sysdict_data_add():
     dictData = DictData()
 
@@ -59,6 +64,7 @@ def sysdict_data_add():
     return jsonify({'code': 200, 'msg': '操作成功'})
 
 @base.route('/system/dict/data', methods=['PUT'])
+@login_required
 def sysdict_data_update():
     dictData = DictData.query.get(request.json['dictCode'])
 
@@ -79,6 +85,7 @@ def sysdict_data_update():
     return jsonify({'msg': '操作成功', 'code': 200})
 
 @base.route('/system/dict/data/<string:ids>', methods=['DELETE'])
+@login_required
 def sydata_delete(ids):
     idList = ids.split(',')
     for id in idList:

app/routes/dicttype.py

@@ -7,8 +7,10 @@ from flask import render_template, request, jsonify
 from sqlalchemy import asc
 from sqlalchemy import desc
 from .. import  db
+from flask_login import login_required
 
 @base.route('/system/dict/type/list', methods=['GET'])
+@login_required
 def sysdict_type_list():
     filters = []
     if 'dictName' in request.args:
@@ -33,12 +35,14 @@ def sysdict_type_list():
     return jsonify({'msg': '操作成功', 'code': 200, 'rows': [type.to_json() for type in types], 'total': pagination.total})
 
 @base.route('/system/dict/type/<id>', methods=['GET'])
+@login_required
 def sysdict_type_get_by_id(id):
     type = DictType.query.get(id)
 
     return jsonify({'msg': '操作成功', 'code': 200, 'data': type.to_json()})
 
 @base.route('/system/dict/type', methods=['POST'])
+@login_required
 def sysdict_type_add():
     dictType = DictType()
 
@@ -57,6 +61,7 @@ def sysdict_type_add():
     return jsonify({'code': 200, 'msg': '操作成功'})
 
 @base.route('/system/dict/type', methods=['PUT'])
+@login_required
 def sysdict_type_update():
     dictType = DictType.query.get(request.json['dictId'])
 
@@ -73,6 +78,7 @@ def sysdict_type_update():
     return jsonify({'msg': '操作成功', 'code': 200})
 
 @base.route('/system/dict/type/<string:ids>', methods=['DELETE'])
+@login_required
 def sytype_delete(ids):
     idList = ids.split(',')
     for id in idList:
@@ -83,6 +89,7 @@ def sytype_delete(ids):
     return jsonify({'code': 200, 'msg': '操作成功'})
 
 @base.route('/system/dict/type/optionselect', methods=['GET'])
+@login_required
 def sysdict_type_all():
     types = DictData.query.all()
 

app/routes/online.py

@@ -4,8 +4,10 @@ from flask import render_template, request, jsonify
 from sqlalchemy import asc
 from sqlalchemy import desc
 import flask_excel as excel
+from flask_login import login_required
 
 @base.route('/monitor/logininfor/list', methods=['GET'])
+@login_required
 def grid_online():
     filters = []
     if request.args.get('userName'):
@@ -36,6 +38,7 @@ def grid_online():
     return jsonify({'total': OnLine.query.count(), 'rows': [online.to_json() for online in onlines], 'code': 200})
 
 @base.route('/base/syonline!export.action', methods=['POST'])
+@login_required
 def online_export():
     rows = []
     rows.append(['登录名', 'IP地址', '创建时间', '类别'])

app/routes/organization.py

@@ -12,6 +12,7 @@ from datetime import datetime
 import uuid
 
 @base.route('/base/syorganization!grant.action', methods=['POST'])
+@login_required
 def grant_organization_resource():
     id = request.form.get('id')
     ids = request.form.get('ids')
@@ -54,6 +55,7 @@ def syorganization_dept_list_exclude(id):
     return jsonify({'msg': '操作成功', 'code': 200, "data": [org.to_json() for org in orgs]})
 
 @base.route('/base/syorganization!doNotNeedSecurity_comboTree.action', methods=['POST'])
+@login_required
 def syorganization_comboTree():
     orgs = Organization.query.all()
 
@@ -61,16 +63,19 @@ def syorganization_comboTree():
 
 
 @base.route('/base/syorganization!doNotNeedSecurity_getSyorganizationsTree.action', methods=['POST'])
+@login_required
 def get_syorganizations_tree():
     orgs = Organization.query.join(User, Organization.users).filter(User.ID == current_user.ID).all()
     return jsonify([org.to_json() for org in orgs])
 
 @base.route('/base/syorganization!doNotNeedSecurity_getSyorganizationByUserId.action', methods=['POST'])
+@login_required
 def get_syorganization_by_userId():
     orgs = Organization.query.join(User, Organization.users).filter(User.ID == request.form.get('id')).all()
     return jsonify([org.to_json() for org in orgs])
 
 @base.route('/system/dept/<string:id>', methods=['GET'])
+@login_required
 def syorganization_getById(id):
     org = Organization.query.get(id)
 
@@ -80,6 +85,7 @@ def syorganization_getById(id):
         return jsonify({'success': False, 'msg': 'error'})
 
 @base.route('/system/dept', methods=['PUT'])
+@login_required
 def syorganization_update():
     org = Organization.query.get(request.json['deptId'])
 
@@ -96,6 +102,7 @@ def syorganization_update():
     return jsonify({'code': 200, 'msg': '操作成功'})
 
 @base.route('/system/dept', methods=['POST'])
+@login_required
 def syorganization_save():
     org = Organization()
     org.ID = str(uuid.uuid4())

app/routes/resource.py

@@ -12,8 +12,10 @@ import uuid
 from datetime import datetime
 from sqlalchemy import desc
 from sqlalchemy import asc
+from flask_login import login_required
 
 @base.route('/base/syresource!doNotNeedSecurity_getMainMenu.action', methods=['POST'])
+@login_required
 def resource_grid():
     rs = Resource.query.join(Role, Resource.roles).join(User, Role.users).filter(User.ID == current_user.ID).all()
 
@@ -21,25 +23,30 @@ def resource_grid():
 
 
 @base.route('/base/syresourcetype!doNotNeedSecurity_combobox.action', methods=['POST'])
+@login_required
 def resource_type_combox():
     rt = ResourceType.query.all()
     return jsonify([r.to_json() for r in rt])
 
 @base.route('/base/syresource!doNotNeedSecurity_getRoleResources.action', methods=['POST'])
+@login_required
 def get_role_resources():
     resources = Resource.query.join(Role, Resource.roles).filter(Role.ID == request.form.get('id')).all()
     return jsonify([res.to_json() for res in resources])
 
 @base.route('/base/syresource!doNotNeedSecurity_getResourcesTree.action', methods=['POST'])
+@login_required
 def get_resources_tree():
     return syresource_treeGrid()
 
 @base.route('/base/syresource!doNotNeedSecurity_getOrganizationResources.action', methods=['POST'])
+@login_required
 def get_organization_resources():
     resources = Resource.query.join(Organization, Resource.organizations).filter(Organization.ID == request.form.get('id')).all()
     return jsonify([res.to_json() for res in resources])    
 
 @base.route('/system/menu/list', methods=['GET'])
+@login_required
 def syresource_treeGrid():
     filters = []
     if 'menuName' in request.args:
@@ -54,12 +61,14 @@ def syresource_treeGrid():
     return jsonify({"msg":"操作成功","code":200, "data": [org.to_json() for org in res_list]})
 
 @base.route('/base/syresource!doNotNeedSecurity_comboTree.action', methods=['POST'])
+@login_required
 def syresource_comboTree():
     res_list = Resource.query.all()
 
     return jsonify([org.to_json() for org in res_list])
 
 @base.route('/system/menu/<id>', methods=['GET'])
+@login_required
 def syresource_getById(id):
     res = Resource.query.get(id)
 
@@ -69,6 +78,7 @@ def syresource_getById(id):
         return jsonify({'success': False, 'msg': 'error'})
 
 @base.route('/system/menu', methods=['PUT'])
+@login_required
 def syresource_update():
     res = Resource.query.get(request.json['menuId'])
 
@@ -87,6 +97,7 @@ def syresource_update():
     return jsonify({'code': 200, 'msg': '操作成功'})
 
 @base.route('/system/menu', methods=['POST'])
+@login_required
 def syresource_save():
     res = Resource()
 
@@ -105,6 +116,7 @@ def syresource_save():
     return jsonify({'code': 200, 'msg': '操作成功'})
 
 @base.route('/system/menu/<id>', methods=['DELETE'])
+@login_required
 def syresource_delete(id):
     res = Resource.query.get(id)
     if res:
@@ -113,12 +125,14 @@ def syresource_delete(id):
     return jsonify({'code': 200, 'msg': '操作成功'})
 
 @base.route('/system/menu/treeselect', methods=['GET'])
+@login_required
 def syresource_tree_select():
     resList = Resource.query.filter(Resource.SYRESOURCE_ID == None)
 
     return jsonify({'msg': '操作成功', 'code': 200, "data": [res.to_tree_select_json() for res in resList]})
 
 @base.route('/system/menu/roleMenuTreeselect/<roleId>', methods=['GET'])
+@login_required
 def syresource_role_tree_select(roleId):
     role = Role.query.get(roleId)
     resList = Resource.query.filter(Resource.SYRESOURCE_ID == None)

app/routes/role.py

@@ -14,19 +14,23 @@ import uuid
 from sqlalchemy import desc
 from sqlalchemy import asc
 from sqlalchemy import or_
+from flask_login import login_required
 
 @base.route('/base/syrole!doNotNeedSecurity_getRolesTree.action', methods=['POST'])
+@login_required
 def get_roles_tree():
     roles = Role.query.join(User, Role.users).filter(User.ID == current_user.ID).all()
     return jsonify([role.to_json() for role in roles])
 
 @base.route('/base/syrole!doNotNeedSecurity_getRoleByUserId.action', methods=['POST'])
+@login_required
 def get_roles_by_userId():
     roles = Role.query.join(User, Role.users).filter(User.ID == request.form.get('id')).all()
     return jsonify([role.to_json() for role in roles])
 
 
 @base.route('/system/role/authUser/cancelAll', methods=['PUT'])
+@login_required
 def cancel_all_role():
     roleId = request.args.get('roleId')
     userIds = request.args.get('userIds')
@@ -43,6 +47,7 @@ def cancel_all_role():
     return jsonify({'code': 200, 'msg': '取消成功'})
 
 @base.route('/system/role/authUser/cancel', methods=['PUT'])
+@login_required
 def cancel_role():
     roleId = request.json.get('roleId')
     userId = request.json.get('userId')
@@ -54,6 +59,7 @@ def cancel_role():
     return jsonify({'code': 200, 'msg': '取消成功'})
 
 @base.route('/system/role/list', methods=['GET'])
+@login_required
 def grid():
     filters = []
     if request.args.get('roleName'):
@@ -77,6 +83,7 @@ def grid():
     return jsonify({'rows': [role.to_json() for role in roles], 'total': pagination.total})
 
 @base.route('/system/role/<string:id>', methods=['GET'])
+@login_required
 def syrole_getById(id):
     role = Role.query.get(id)
 
@@ -86,6 +93,7 @@ def syrole_getById(id):
         return jsonify({'success': False, 'msg': 'error'})
 
 @base.route('/system/role', methods=['PUT'])
+@login_required
 def syrole_update():
     role = Role.query.get(request.json['roleId'])
 
@@ -105,6 +113,7 @@ def syrole_update():
     return jsonify({'code': 200, 'msg': '操作成功'})
 
 @base.route('/system/role', methods=['POST'])
+@login_required
 def syrole_save():
     role = Role()
 
@@ -127,6 +136,7 @@ def syrole_save():
     return jsonify({'code': 200, 'msg': '操作成功'})
 
 @base.route('/system/role/<string:id>', methods=['DELETE'])
+@login_required
 def syrole_delete(id):
     role = Role.query.get(id)
     if role:
@@ -135,6 +145,7 @@ def syrole_delete(id):
     return jsonify({'code': 200, 'msg': '操作成功'})
 
 @base.route('/system/role/authUser/allocatedList', methods=['GET'])
+@login_required
 def allocatedList():
     page = request.args.get('pageNum', 1, type=int)
     rows = request.args.get('pageSize', 10, type=int)
@@ -145,6 +156,7 @@ def allocatedList():
     return jsonify({'rows': [user.to_json() for user in users], 'total': pagination.total})
 
 @base.route('/system/role/authUser/unallocatedList', methods=['GET'])
+@login_required
 def unallocatedList():
     page = request.args.get('pageNum', 1, type=int)
     rows = request.args.get('pageNum', 10, type=int)
@@ -156,6 +168,7 @@ def unallocatedList():
 
 
 @base.route('/system/dept/roleDeptTreeselect/<id>', methods=['GET'])
+@login_required
 def roleDeptTreeselect(id):
     role = Role.query.get(id)
     dept = Organization.query.get('0')
@@ -164,6 +177,7 @@ def roleDeptTreeselect(id):
          'depts': [dept.to_tree_select_json()]})
 
 @base.route('/system/role/dataScope', methods=['PUT'])
+@login_required
 def syrole_dataScope():
     role = Role.query.get(request.json['roleId'])
 
@@ -177,6 +191,7 @@ def syrole_dataScope():
     return jsonify({'code': 200, 'msg': '操作成功'})
 
 @base.route('/system/role/authUser/selectAll', methods=['PUT'])
+@login_required
 def syrole_authUser_selectAll():
     role = Role.query.get(request.args.get('roleId'))
     userIds = request.args.get('userIds')

app/routes/user.py

@@ -14,6 +14,7 @@ from sqlalchemy import desc
 import flask_excel as excel
 
 @base.route('/base/syuser!grantOrganization.action', methods=['POST'])
+@login_required
 def grant_user_organization():
     id = request.form.get('id')
     ids = request.form.get('ids')
@@ -31,6 +32,7 @@ def grant_user_organization():
     return jsonify({'success': True})
 
 @base.route('/system/user/authRole', methods=['PUT'])
+@login_required
 def grant_user_role():
     id = request.args['userId']
     ids = request.args['roleIds']
@@ -47,6 +49,7 @@ def grant_user_role():
 
     return jsonify({'code': 200, 'msg': '操作成功'})
 
+@login_required
 def record_login_history(type):
     online = OnLine()
     online.ID = str(uuid.uuid4())
@@ -79,6 +82,7 @@ def do_login():
     return jsonify({'msg': '登录失败,账号密码错误~', 'code': 500})
 
 @base.route('/system/user/list', methods=['GET'])
+@login_required
 def user_grid():
     filters = []
     if 'userName' in request.args:
@@ -107,6 +111,7 @@ def user_grid():
     return jsonify({'rows': [user.to_json() for user in users], 'total': pagination.total, 'code': 200, 'msg': '查询成功'})
 
 @base.route('/system/user/', methods=['GET'])
+@login_required
 def syuser_get():
     json = {'code': 200, 'msg': ''}
     json['roles'] = [role.to_json() for role in Role.query.all()]
@@ -114,6 +119,7 @@ def syuser_get():
     return jsonify(json)
 
 @base.route('/system/user/<id>', methods=['GET'])
+@login_required
 def syuser_getById(id):
     user = User.query.get(id)
 
@@ -128,6 +134,7 @@ def syuser_getById(id):
         return jsonify({'success': False, 'msg': 'error'})
 
 @base.route('/system/user', methods=['PUT'])
+@login_required
 def syuser_update():
     id = request.json['userId']
     userName = request.json['userName']
@@ -151,6 +158,7 @@ def syuser_update():
     return jsonify({'code': 200, 'msg': '更新成功！'})
 
 @base.route('/system/user', methods=['POST'])
+@login_required
 def syuser_save():
     if User.query.filter_by(LOGINNAME = request.json['userName']).first():
         return jsonify({'success': False, 'msg': '新建用户失败，用户名已存在！'})
@@ -182,6 +190,7 @@ def syuser_save():
     return jsonify({'code': 200, 'msg': '新建用户成功！'})
 
 @base.route('/system/user/<id>', methods=['DELETE'])
+@login_required
 def syuser_delete(id):
     user = User.query.get(id)
     if user:
@@ -190,6 +199,7 @@ def syuser_delete(id):
     return jsonify({'code': 200, 'msg': '删除成功'})
 
 @base.route('/system/user/profile/updatePwd', methods=['PUT']) 
+@login_required
 def syuser_update_pwd():
     user = User.query.get(current_user.ID)
 
@@ -255,6 +265,7 @@ def syuser_update_profile():
     return jsonify({'code': 200, 'msg': '更新成功！'})
 
 @base.route('/system/user/authRole/<id>', methods=['GET'])
+@login_required
 def syuser_auth_role(id):
     user = User.query.get(id)
     userRoles = [role for role in user.roles]
@@ -267,6 +278,7 @@ def syuser_auth_role(id):
     return jsonify({'code': 200, 'msg': '操作成功', 'roles': [role.to_json() for role in allRoles], 'user': user.to_json()})
 
 @base.route('/base/syuser!export.action', methods=['POST'])
+@login_required
 def user_export():
     rows = []
     rows.append(['登录名', '姓名', '创建时间', '修改时间', '性别'])