From f7dbf745b3962fc0e1b610cc01d4a67216deaec8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=8E=8B=E6=80=9D=E5=B7=9D?= <sichanwong0527@gmail.com>
Date: Wed, 30 Mar 2022 05:08:13 +0800
Subject: [PATCH] =?UTF-8?q?=E7=94=A8=E6=88=B7=E6=9D=83=E9=99=90=20?=
 =?UTF-8?q?=E6=9B=B4=E6=94=B9=E5=88=B0v0.21=E7=89=88=E6=9C=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 user/user_auth.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/user/user_auth.py b/user/user_auth.py
index 4d61bd4..b10a0a8 100644
--- a/user/user_auth.py
+++ b/user/user_auth.py
@@ -76,15 +76,21 @@ def authority_scope(scope):
         @functools.wraps(func)
         def internal(*args, ** kwargs):
 
-            records = FIND_DATA("用户", "用户信息", {"UID": kwargs['uid']})
+            db = MongoHelper("tfse_v0.21")
+            records = db.find_single_data(
+                "管理端",
+                "用户",
+                {"UID": kwargs['uid']},
+                ['status', 'role']
+            )
 
             if not records:
                 return {"info": "提示: 账户不存在"}, 401
 
-            if records[0]['status'] != "normal":
+            if records['status'] != "normal":
                 return {"info": "提示: 账户已被禁用"}, 401
 
-            if records[0]['role'] not in scope:
+            if records['role'] not in scope:
                 return {"info": "提示: 没有此项操作权限"}, 401
 
             return func(*args, ** kwargs)