github/jumpserver
1
0
Fork 0
mirror of https://github.com/jumpserver/jumpserver.git synced 2025-09-20 02:51:27 +00:00
Code Issues Projects Releases Wiki Activity

feat: 限制超级权限

Browse Source
This commit is contained in:
ibuler
2023-09-14 10:42:16 +08:00
parent 54d0a1b871
commit 82f96d6ed2
3 changed files with 17 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
apps/users/models/user.py
View File

@@ -400,10 +400,17 @@ class RoleMixin:
data = cache.get(key)
if data:
return data
console_orgs = RoleBinding.get_user_has_the_perm_orgs('rbac.view_console', self)
audit_orgs = RoleBinding.get_user_has_the_perm_orgs('rbac.view_audit', self)
workbench_orgs = RoleBinding.get_user_has_the_perm_orgs('rbac.view_workbench', self)
if settings.LIMIT_SUPER_PRIV:
audit_orgs = list(set(audit_orgs) - set(console_orgs))
data = {
'console_orgs': RoleBinding.get_user_has_the_perm_orgs('rbac.view_console', self),
'audit_orgs': RoleBinding.get_user_has_the_perm_orgs('rbac.view_audit', self),
'workbench_orgs': RoleBinding.get_user_has_the_perm_orgs('rbac.view_workbench', self),
'console_orgs': console_orgs,
'audit_orgs': audit_orgs,
'workbench_orgs': workbench_orgs,
}
cache.set(key, data, 60 * 60)
return data
@@ -541,6 +548,9 @@ class RoleMixin:
def get_all_permissions(self):
from rbac.models import RoleBinding
perms = RoleBinding.get_user_perms(self)
if settings.LIMIT_SUPER_PRIV and 'view_console' in perms:
perms = [p for p in perms if p != "view_audit"]
return perms