github/jumpserver
1
0
Fork 0
mirror of https://github.com/jumpserver/jumpserver.git synced 2025-09-04 17:01:09 +00:00
Code Issues Projects Releases Wiki Activity

fix: 修复校验用户登录规则的API权限

Browse Source
This commit is contained in:
Bai
2021-08-18 10:22:40 +08:00
committed by Jiangjie.Bai
parent 81d8592ee1
commit 0c8c926aac
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
apps/common/permissions.py
View File

@@ -6,6 +6,7 @@ from django.conf import settings
from common.exceptions import MFAVerifyRequired
from orgs.utils import current_org
from common.utils import is_uuid
class IsValidUser(permissions.IsAuthenticated, permissions.BasePermission):
@@ -186,7 +187,7 @@ class IsObjectOwner(IsValidUser):
class HasQueryParamsUserAndIsCurrentOrgMember(permissions.BasePermission):
def has_permission(self, request, view):
query_user_id = request.query_params.get('user')
if not query_user_id:
if not query_user_id or not is_uuid(query_user_id):
return False
query_user = current_org.get_members().filter(id=query_user_id).first()
return bool(query_user)