github/jumpserver
1
0
Fork 0
mirror of https://github.com/jumpserver/jumpserver.git synced 2025-09-03 08:25:04 +00:00
Code Issues Projects Releases Wiki Activity

fix: 修复 public 和 smart API 权限包含 connection token

Browse Source
This commit is contained in:
Jiangjie.Bai
2022-07-15 14:56:51 +08:00
committed by 老广
parent 93537c07a1
commit 41541a91b9
3 changed files with 28 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
apps/common/permissions.py
View File

@@ -7,6 +7,9 @@ from rest_framework import permissions
from authentication.const import ConfirmType
from common.exceptions import UserConfirmRequired
from orgs.utils import tmp_to_root_org
from authentication.models import ConnectionToken
from common.utils import get_object_or_none
class IsValidUser(permissions.IsAuthenticated, permissions.BasePermission):
@@ -17,6 +20,22 @@ class IsValidUser(permissions.IsAuthenticated, permissions.BasePermission):
and request.user.is_valid
class IsValidUserOrConnectionToken(IsValidUser):
def has_permission(self, request, view):
return super(IsValidUserOrConnectionToken, self).has_permission(request, view) \
or self.is_valid_connection_token(request)
@staticmethod
def is_valid_connection_token(request):
token_id = request.query_params.get('token')
if not token_id:
return False
with tmp_to_root_org():
token = get_object_or_none(ConnectionToken, id=token_id)
return token and token.is_valid
class OnlySuperUser(IsValidUser):
def has_permission(self, request, view):
return super().has_permission(request, view) \