github/jumpserver
1
0
Fork 0
mirror of https://github.com/jumpserver/jumpserver.git synced 2025-06-26 06:52:53 +00:00
Code Issues Projects Releases Wiki Activity

perf: 优化获取token secret, 重新校验权限

Browse Source
This commit is contained in:
ibuler 2021-06-10 19:45:03 +08:00 committed by 老广
parent db99ab80db
commit 8d3c1bd783
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
apps/authentication/api/connection_token.py
View File

@ -231,6 +231,11 @@ class UserConnectionTokenViewSet(RootOrgViewMixin, SerializerMixin2, GenericView
if asset and not asset.is_active:
raise serializers.ValidationError("Asset disabled")
try:
self.check_resource_permission(user, asset, app, system_user)
except PermissionDenied:
raise serializers.ValidationError('Permission expired or invalid')
return value, user, system_user, asset, app
@action(methods=['POST'], detail=False, permission_classes=[IsSuperUserOrAppUser], url_path='secret-info/detail')