forum

2026-02-12 15:51:18 +08:00
parent e69a24b555
commit 4ac8767659
14 changed files with 2851 additions and 141 deletions
--- a/backend/community/views.py
+++ b/backend/community/views.py
@@ -11,22 +11,8 @@ from drf_spectacular.utils import extend_schema
 from shop.models import WeChatUser
 from .models import Activity, ActivitySignup, Topic, Reply, TopicMedia, Announcement
 from .serializers import ActivitySerializer, ActivitySignupSerializer, TopicSerializer, ReplySerializer, TopicMediaSerializer, AnnouncementSerializer
-
-def get_current_wechat_user(request):
-    """
-    根据 Authorization 头获取当前微信用户 (复用 shop app 的逻辑)
-    """
-    auth_header = request.headers.get('Authorization')
-    if not auth_header or not auth_header.startswith('Bearer '):
-        return None
-    token = auth_header.split(' ')[1]
-    signer = TimestampSigner()
-    try:
-        # 签名包含 openid
-        openid = signer.unsign(token, max_age=86400 * 30) # 30天有效
-        return WeChatUser.objects.filter(openid=openid).first()
-    except (BadSignature, SignatureExpired):
-        return None
+from .utils import get_current_wechat_user
+from .permissions import IsAuthorOrReadOnly

 class ActivityViewSet(viewsets.ReadOnlyModelViewSet):
    """
@@ -71,6 +57,7 @@ class TopicViewSet(viewsets.ModelViewSet):
    """
    queryset = Topic.objects.all()
    serializer_class = TopicSerializer
+    permission_classes = [IsAuthorOrReadOnly]
    filter_backends = [filters.SearchFilter, filters.OrderingFilter, DjangoFilterBackend]
    search_fields = ['title', 'content']
    filterset_fields = ['category', 'is_pinned']
@@ -102,6 +89,7 @@ class ReplyViewSet(viewsets.ModelViewSet):
    """
    queryset = Reply.objects.all()
    serializer_class = ReplySerializer
+    permission_classes = [IsAuthorOrReadOnly]

    def perform_create(self, serializer):
        user = get_current_wechat_user(self.request)