github/jumpserver
1
0
Fork 0
mirror of https://github.com/jumpserver/jumpserver.git synced 2025-09-03 00:15:20 +00:00
Code Issues Projects Releases Wiki Activity

perf: some risk example file path

Browse Source
This commit is contained in:
ibuler
2025-07-30 14:49:12 +08:00
committed by Bryan
parent 1406437d4e
commit 4e33b5b478
17 changed files with 83 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
apps/rbac/backends.py
View File

@@ -16,10 +16,11 @@ class RBACBackend(JMSBaseAuthBackend):
return False
def has_perm(self, user_obj, perm, obj=None):
# 扫描软件对 * 毕竟敏感,所以改成 none, 虽说这个 * 是我们自定义的标识
if perm == 'none':
return True
if not user_obj.is_active or not perm:
raise PermissionDenied()
if perm == '*':
return True
if isinstance(perm, str):
perm_set = set(i.strip() for i in perm.split('|'))
elif isinstance(perm, (list, tuple, set)):

6
apps/rbac/permissions.py
View File

@@ -16,10 +16,10 @@ class RBACPermission(permissions.DjangoModelPermissions):
('bulk_update', '%(app_label)s.change_%(model_name)s'),
('partial_bulk_update', '%(app_label)s.change_%(model_name)s'),
('bulk_destroy', '%(app_label)s.delete_%(model_name)s'),
('render_to_json', '*'),
('metadata', '*'),
('render_to_json', 'none'),
('metadata', 'none'),
('GET', '%(app_label)s.view_%(model_name)s'),
('OPTIONS', '*'),
('OPTIONS', 'none'),
('HEAD', '%(app_label)s.view_%(model_name)s'),
('POST', '%(app_label)s.add_%(model_name)s'),
('PUT', '%(app_label)s.change_%(model_name)s'),