From 768cfc7561dbc8f81e96b7e8ef13d899b32f91a0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=85=AB=E5=8D=83=E6=B5=81?=
 <40739051+jym503558564@users.noreply.github.com>
Date: Mon, 1 Jul 2019 11:22:05 +0800
Subject: [PATCH] =?UTF-8?q?[Bugfix]=20=E4=BF=AE=E5=A4=8D=E7=94=A8=E6=88=B7?=
 =?UTF-8?q?=E6=97=A0=E6=9D=83=E9=99=90=E6=89=A7=E8=A1=8C=E6=89=B9=E9=87=8F?=
 =?UTF-8?q?=E5=91=BD=E4=BB=A4=E5=8D=B4=E5=8F=AF=E7=9B=B4=E6=8E=A5=E8=AE=BF?=
 =?UTF-8?q?=E9=97=AE=E6=89=B9=E9=87=8F=E6=89=A7=E8=A1=8C=E9=A1=B5=E9=9D=A2?=
 =?UTF-8?q?=E7=9A=84bug=20(#2857)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Bugfix] 修复用户无权限执行批量命令却可直接访问批量执行页面的bug

* [Update] 更改小问题

* [Update] 优化小问题

* [Update] 优化变量名

* [Update] 优化变量名（2）
---
 apps/common/permissions.py |  5 ++++-
 apps/ops/api/command.py    |  2 +-
 apps/ops/views/command.py  |  5 +++++
 apps/users/models/user.py  | 10 ++++++++++
 4 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/apps/common/permissions.py b/apps/common/permissions.py
index ec004df0b..35dc2c460 100644
--- a/apps/common/permissions.py
+++ b/apps/common/permissions.py
@@ -126,8 +126,11 @@ class WithBootstrapToken(permissions.BasePermission):
 class PermissionsMixin(UserPassesTestMixin):
     permission_classes = []
 
+    def get_permissions(self):
+        return self.permission_classes
+
     def test_func(self):
-        permission_classes = self.permission_classes
+        permission_classes = self.get_permissions()
         for permission_class in permission_classes:
             if not permission_class().has_permission(self.request, self):
                 return False
diff --git a/apps/ops/api/command.py b/apps/ops/api/command.py
index dbc3aa218..ab5b97176 100644
--- a/apps/ops/api/command.py
+++ b/apps/ops/api/command.py
@@ -20,7 +20,7 @@ class CommandExecutionViewSet(viewsets.ModelViewSet):
         )
 
     def check_permissions(self, request):
-        if not settings.SECURITY_COMMAND_EXECUTION:
+        if not settings.SECURITY_COMMAND_EXECUTION and request.user.is_common_user:
             return self.permission_denied(request, "Command execution disabled")
         return super().check_permissions(request)
 
diff --git a/apps/ops/views/command.py b/apps/ops/views/command.py
index 6275f0f3f..15e887351 100644
--- a/apps/ops/views/command.py
+++ b/apps/ops/views/command.py
@@ -59,6 +59,11 @@ class CommandExecutionStartView(PermissionsMixin, TemplateView):
     form_class = CommandExecutionForm
     permission_classes = [IsValidUser]
 
+    def get_permissions(self):
+        if not settings.SECURITY_COMMAND_EXECUTION:
+            return [IsOrgAdmin]
+        return super().permission_classes()
+
     def get_user_system_users(self):
         from perms.utils import AssetPermissionUtil
         user = self.request.user
diff --git a/apps/users/models/user.py b/apps/users/models/user.py
index a0ceb6c51..983dcd38e 100644
--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@@ -249,6 +249,16 @@ class User(AbstractUser):
     def is_auditor(self):
         return self.role == 'Auditor'
 
+    @property
+    def is_common_user(self):
+        if self.is_org_admin:
+            return False
+        if self.is_auditor:
+            return False
+        if self.is_app:
+            return False
+        return True
+
     @property
     def is_app(self):
         return self.role == 'App'