修复 is_ajax() 判断失效的问题

common/tests.py

@@ -541,3 +541,25 @@ def test_init_user(self):
         # init 需要是无状态的, 可以重复执行, 执行一次和执行n次结果一样
         init_user(self.u1)
         self.assertEqual(self.u1, self.resource_group1.users_set.get(pk=self.u1.pk))
+
+
+class PermissionTest(TestCase):
+    def setUp(self) -> None:
+        self.user = User.objects.create(
+            username="test_user", display="中文显示", is_active=True, email="XXX@xxx.com"
+        )
+        self.client.force_login(self.user)
+
+    def tearDown(self) -> None:
+        self.user.delete()
+
+    def test_superuser_required_false(self):
+        """测试超管权限校验"""
+        r = self.client.get("/config/")
+        self.assertContains(r, "您无权操作，请联系管理员")
+
+    def test_superuser_required_true(self):
+        """测试超管权限校验"""
+        User.objects.filter(username=self.user.username).update(is_superuser=1)
+        r = self.client.get("/config/")
+        self.assertNotContains(r, "您无权操作，请联系管理员")

common/utils/permission.py

@@ -11,7 +11,8 @@ def wrapper(request, *args, **kw):
         user = request.user
 
         if user.is_superuser is False:
-            if request.is_ajax():
+            is_ajax = request.META.get("HTTP_X_REQUESTED_WITH") == "XMLHttpRequest"
+            if is_ajax:
                 result = {"status": 1, "msg": "您无权操作，请联系管理员", "data": []}
                 return HttpResponse(json.dumps(result), content_type="application/json")
             else:
@@ -30,7 +31,8 @@ def wrapper(request, *args, **kw):
             # 获取用户信息，权限验证
             user = request.user
             if user.role not in roles and user.is_superuser is False:
-                if request.is_ajax():
+                is_ajax = request.META.get("HTTP_X_REQUESTED_WITH") == "XMLHttpRequest"
+                if is_ajax:
                     result = {"status": 1, "msg": "您无权操作，请联系管理员", "data": []}
                     return HttpResponse(
                         json.dumps(result), content_type="application/json"