Kaynağa Gözat

房间删除、家庭保存,增加主用户判断

zhangdongming 3 yıl önce
ebeveyn
işleme
77a9f18378

+ 4 - 1
SensorGateway/EquipmentFamilyController.py

@@ -91,7 +91,7 @@ class EquipmentFamilyView(View):
     @classmethod
     def do_save(cls, user_id, request_dict, response, request):
         """
-        添加设备
+        添加网关设备
         @param request:
         @param user_id:
         @param request_dict:
@@ -599,6 +599,9 @@ class EquipmentFamilyView(View):
         with transaction.atomic():
             now_time = int(time.time())
             if family_id:
+                is_owner = cls.get_family_owner(user_id, family_id)
+                if not is_owner:
+                    return response.json(404)
                 family_member = FamilyMember.objects.filter(family_id=family_id, user_id=user_id)
                 if family_member.exists():
                     family_member = family_member.first()

+ 10 - 2
SensorGateway/GatewayFamilyRoomController.py

@@ -46,7 +46,7 @@ class GatewayFamilyRoomView(View):
             return self.room_sort_save(request_dict, response)
         # 房间删除
         elif operation == 'del':
-            return self.room_del(request_dict, response)
+            return self.room_del(app_user_id, request_dict, response)
         # 房间详情
         elif operation == 'details':
             return self.get_room_details(app_user_id, request_dict, response)
@@ -81,9 +81,10 @@ class GatewayFamilyRoomView(View):
             return response.json(0)
 
     @classmethod
-    def room_del(cls, request_dict, response):
+    def room_del(cls, user_id, request_dict, response):
         """
         房间多选删除
+        @param user_id: 当前登录用户id
         @param request_dict: 请求参数
         @param response: 响应参数
         @return:
@@ -91,6 +92,13 @@ class GatewayFamilyRoomView(View):
         ids = request_dict.getlist('roomIds', None)
         if not ids:
             return response.json(444)
+        room_id = ids[0]
+        room_info = FamilyRoom.objects.filter(id=room_id)
+        if not room_info.exists():
+            return response.json(173)
+        is_owner = EquipmentFamilyView.get_family_owner(user_id, room_info.first().family_id)
+        if not is_owner:
+            return response.json(404)
         try:
             with transaction.atomic():
                 for item in ids: