From 3a26b9d10284699af577f9d6fd621536d1b9ad00 Mon Sep 17 00:00:00 2001
From: feng626 <1304903146@qq.com>
Date: Wed, 16 Mar 2022 16:21:00 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E5=B7=A5=E5=8D=95?=
 =?UTF-8?q?=E7=9B=B8=E5=BA=94bug?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/applications/api/application.py | 2 +-
 apps/common/drf/metadata.py          | 1 +
 apps/rbac/permissions.py             | 9 ++++++---
 apps/tickets/api/ticket.py           | 2 +-
 4 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/apps/applications/api/application.py b/apps/applications/api/application.py
index 6d98123bc..435ccccad 100644
--- a/apps/applications/api/application.py
+++ b/apps/applications/api/application.py
@@ -28,7 +28,7 @@ class ApplicationViewSet(SuggestionMixin, OrgBulkModelViewSet):
     }
     rbac_perms = {
         'get_tree': 'applications.view_application',
-        'match': 'assets.match_application'
+        'match': 'applications.match_application'
     }
 
     @action(methods=['GET'], detail=False, url_path='tree')
diff --git a/apps/common/drf/metadata.py b/apps/common/drf/metadata.py
index 3f721bbea..59561e978 100644
--- a/apps/common/drf/metadata.py
+++ b/apps/common/drf/metadata.py
@@ -32,6 +32,7 @@ class SimpleMetadataWithFilters(SimpleMetadata):
         the fields that are accepted for 'PUT' and 'POST' methods.
         """
         actions = {}
+        view.raw_action = view.action
         for method in self.methods & set(view.allowed_methods):
             if hasattr(view, 'action_map'):
                 view.action = view.action_map.get(method.lower(), view.action)
diff --git a/apps/rbac/permissions.py b/apps/rbac/permissions.py
index 877cf06b2..7611698b6 100644
--- a/apps/rbac/permissions.py
+++ b/apps/rbac/permissions.py
@@ -54,6 +54,7 @@ class RBACPermission(permissions.DjangoModelPermissions):
     def get_default_action_perms(self, model_cls):
         if model_cls is None:
             return {}
+
         perms = {}
         for action, tmpl in dict(self.default_rbac_perms_tmpl).items():
             perms[action] = self.format_perms(tmpl, model_cls)
@@ -62,9 +63,11 @@ class RBACPermission(permissions.DjangoModelPermissions):
     def get_rbac_perms(self, view, model_cls) -> dict:
         if hasattr(view, 'get_rbac_perms'):
             return dict(view.get_rbac_perms())
-        perms = self.get_default_action_perms(model_cls)
+        perms = {}
         if hasattr(view, 'rbac_perms'):
             perms.update(dict(view.rbac_perms))
+        if '*' not in perms:
+            perms.update(self.get_default_action_perms(model_cls))
         return perms
 
     def _get_action_perms(self, action, model_cls, view):
@@ -116,8 +119,8 @@ class RBACPermission(permissions.DjangoModelPermissions):
         if request.user.is_anonymous and self.authenticated_users_only:
             return False
 
-        action = getattr(view, 'action', None)
-        if action == 'metadata':
+        raw_action = getattr(view, 'raw_action', None)
+        if raw_action == 'metadata':
             return True
 
         perms = self.get_require_perms(request, view)
diff --git a/apps/tickets/api/ticket.py b/apps/tickets/api/ticket.py
index a7e4fa485..8e7923e8e 100644
--- a/apps/tickets/api/ticket.py
+++ b/apps/tickets/api/ticket.py
@@ -35,7 +35,7 @@ class TicketViewSet(CommonApiMixin, viewsets.ModelViewSet):
     )
     ordering = ('-date_created',)
     rbac_perms = {
-        'open': 'tickets.view_ticket'
+        'open': 'tickets.view_ticket',
     }
 
     def create(self, request, *args, **kwargs):