fix: Add backend REST API that handles Organization CRUD operations and RBAC

role assignments license validation
2026-03-18 02:52:08 +00:00 · 2026-03-10 15:07:54 +08:00
parent ab36f72a86
commit 0579c8c3d8
3 changed files with 15 additions and 1 deletions
--- a/apps/common/permissions.py
+++ b/apps/common/permissions.py
@@ -92,6 +92,15 @@ class IsValidLicense(permissions.BasePermission):
        return settings.XPACK_LICENSE_IS_VALID


+class IsValidLicenseForWriteAction(permissions.BasePermission):
+    """Allow read for all, require valid license for write operations"""
+
+    def has_permission(self, request, view):
+        if request.method in permissions.SAFE_METHODS:
+            return True
+        return settings.XPACK_LICENSE_IS_VALID
+
+
 class IsOwnerOrAdminWritable(IsValidUser):
    def has_object_permission(self, request, view, obj):
        if request.user.is_superuser:
--- a/apps/orgs/api.py
+++ b/apps/orgs/api.py
@@ -10,10 +10,11 @@ from assets.models import (
    Asset, Zone, Label, Node,
 )
 from common.api import JMSBulkModelViewSet
-from common.permissions import IsValidUser
+from common.permissions import IsValidUser, IsValidLicenseForWriteAction
 from common.utils import get_logger
 from orgs.utils import current_org, tmp_to_root_org
 from perms.models import AssetPermission
+from rbac.permissions import RBACPermission
 from users.models import User, UserGroup
 from .models import Organization
 from .serializers import (
@@ -33,6 +34,7 @@ class OrgViewSet(JMSBulkModelViewSet):
    search_fields = ('name', 'comment')
    queryset = Organization.objects.all()
    serializer_class = OrgSerializer
+    permission_classes = [RBACPermission, IsValidLicenseForWriteAction]

    def get_serializer_class(self):
        mapper = {
--- a/apps/rbac/api/rolebinding.py
+++ b/apps/rbac/api/rolebinding.py
@@ -3,10 +3,12 @@ from django.db.models.functions import Concat
 from django.utils.translation import gettext as _

 from common.exceptions import JMSException
+from common.permissions import IsValidLicenseForWriteAction
 from orgs.mixins.api import OrgBulkModelViewSet
 from orgs.utils import current_org
 from .. import serializers
 from ..models import RoleBinding, SystemRoleBinding, OrgRoleBinding
+from ..permissions import RBACPermission

 __all__ = [
    'RoleBindingViewSet', 'SystemRoleBindingViewSet',
@@ -49,6 +51,7 @@ class SystemRoleBindingViewSet(RoleBindingViewSet):

 class OrgRoleBindingViewSet(RoleBindingViewSet):
    serializer_class = serializers.OrgRoleBindingSerializer
+    permission_classes = [RBACPermission, IsValidLicenseForWriteAction]

    def _get_queryset(self):
        return OrgRoleBinding.objects.root_all()