From 6e0341b7b1e365ecca7af9de2a209796070f475e Mon Sep 17 00:00:00 2001 From: xinwen Date: Thu, 7 Oct 2021 15:30:39 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20xrdp=E6=8C=82=E8=BD=BD=E5=8F=97?= =?UTF-8?q?=E6=8E=88=E6=9D=83=E7=9A=84=E4=B8=8A=E4=BC=A0=E4=B8=8B=E8=BD=BD?= =?UTF-8?q?=E6=8E=A7=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/authentication/api/connection_token.py | 14 +++++++++++--- apps/authentication/errors.py | 8 +++++++- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/apps/authentication/api/connection_token.py b/apps/authentication/api/connection_token.py index a4b36ac3b..aa6d2c08d 100644 --- a/apps/authentication/api/connection_token.py +++ b/apps/authentication/api/connection_token.py @@ -23,7 +23,9 @@ from common.drf.api import SerializerMixin from common.permissions import IsSuperUserOrAppUser, IsValidUser, IsSuperUser from orgs.mixins.api import RootOrgViewMixin from common.http import is_true -from assets.models import SystemUser +from perms.utils.asset.permission import get_asset_system_user_ids_with_actions_by_user +from perms.models.asset_permission import Action +from authentication.errors import NotHaveUpDownLoadPerm from ..serializers import ( ConnectionTokenSerializer, ConnectionTokenSecretSerializer, @@ -89,8 +91,14 @@ class ClientProtocolMixin: drives_redirect = is_true(self.request.query_params.get('drives_redirect')) token = self.create_token(user, asset, application, system_user) - if drives_redirect: - options['drivestoredirect:s'] = '*' + if drives_redirect and asset: + systemuser_actions_mapper = get_asset_system_user_ids_with_actions_by_user(user, asset) + actions = systemuser_actions_mapper.get(system_user.id, []) + if actions & Action.UPDOWNLOAD: + options['drivestoredirect:s'] = '*' + else: + raise NotHaveUpDownLoadPerm + options['screen mode id:i'] = '2' if full_screen else '1' address = settings.TERMINAL_RDP_ADDR if not address or address == 'localhost:3389': diff --git a/apps/authentication/errors.py b/apps/authentication/errors.py index f2346ab6d..5844eb777 100644 --- a/apps/authentication/errors.py +++ b/apps/authentication/errors.py @@ -3,8 +3,8 @@ from django.utils.translation import ugettext_lazy as _ from django.urls import reverse from django.conf import settings +from rest_framework import status -from authentication import sms_verify_code from common.exceptions import JMSException from .signals import post_auth_failed from users.utils import LoginBlockUtil, MFABlockUtils @@ -348,3 +348,9 @@ class FeiShuNotBound(JMSException): class PasswdInvalid(JMSException): default_code = 'passwd_invalid' default_detail = _('Your password is invalid') + + +class NotHaveUpDownLoadPerm(JMSException): + status_code = status.HTTP_403_FORBIDDEN + code = 'not_have_up_down_load_perm' + default_detail = _('No upload or download permission')