修改查询基金权限验证

76c948e0 · 杨明橙 · 05e0cb9e · 76c948e0
Commit 76c948e0 authored Jun 13, 2023 by 杨明橙
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 2 deletions

fund.py api/fund.py +9 -2

No files found.
--- a/api/fund.py
+++ b/api/fund.py
@@ -93,13 +93,20 @@ async def update(
        fund_id: str,
        update_fund_data: UpdateFund,
        user: User = Depends(get_current_user),
+        permission_user_collect: AgnosticCollection = Depends(get_permission_user_collect),
+        permission_role_collect: AgnosticCollection = Depends(get_permission_role_collect),
        fund_collect: AgnosticCollection = Depends(get_fund_collect)
 ):
+    # 验证权限
+    if not await check_permission(['data_permission.fund.update_info'], fund_id, user.email, permission_user_collect,
+                                  permission_role_collect):
+        raise FundPermissionError()
    db_update_data = update_fund_data.dict(exclude_unset=True)
    db_update_data.update({
        "update_time": int(datetime.datetime.utcnow().timestamp())
    })
-    data = await fund_collect.find_one_and_update({'id': fund_id, 'user_id': user.id}, {'$set': db_update_data},
+    data = await fund_collect.find_one_and_update({'id': fund_id}, {'$set': db_update_data},
                                                  return_document=ReturnDocument.AFTER)
    assert data, NotFundError()
    response_model = fund_type_map[data['fund_type']]
@@ -120,7 +127,7 @@ async def get(
                                  permission_role_collect):
        raise FundPermissionError()
-    data = await fund_collect.find_one({'id': fund_id, 'user_id': user.id})
+    data = await fund_collect.find_one({'id': fund_id})
    assert data, NotFundError()
    response_model = fund_type_map[data['fund_type']]