diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index 919fc5642..4af31bffb 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -390,7 +390,6 @@ class Config(dict): 'HELP_DOCUMENT_URL': 'http://docs.jumpserver.org', 'HELP_SUPPORT_URL': 'http://www.jumpserver.org/support/', - 'TICKETS_ENABLED': True, 'FORGOT_PASSWORD_URL': '', 'HEALTH_CHECK_TOKEN': '', } diff --git a/apps/jumpserver/settings/custom.py b/apps/jumpserver/settings/custom.py index 4eff9d9fe..794180fd2 100644 --- a/apps/jumpserver/settings/custom.py +++ b/apps/jumpserver/settings/custom.py @@ -119,7 +119,6 @@ CHANGE_AUTH_PLAN_SECURE_MODE_ENABLED = CONFIG.CHANGE_AUTH_PLAN_SECURE_MODE_ENABL DATETIME_DISPLAY_FORMAT = '%Y-%m-%d %H:%M:%S' -TICKETS_ENABLED = CONFIG.TICKETS_ENABLED REFERER_CHECK_ENABLED = CONFIG.REFERER_CHECK_ENABLED CONNECTION_TOKEN_ENABLED = CONFIG.CONNECTION_TOKEN_ENABLED diff --git a/apps/settings/api/public.py b/apps/settings/api/public.py index 349955007..314b7c9fa 100644 --- a/apps/settings/api/public.py +++ b/apps/settings/api/public.py @@ -43,7 +43,6 @@ class PublicSettingApi(generics.RetrieveAPIView): "XPACK_LICENSE_INFO": get_xpack_license_info(), "LOGIN_TITLE": self.get_login_title(), "LOGO_URLS": self.get_logo_urls(), - "TICKETS_ENABLED": settings.TICKETS_ENABLED, "PASSWORD_RULE": { 'SECURITY_PASSWORD_MIN_LENGTH': settings.SECURITY_PASSWORD_MIN_LENGTH, 'SECURITY_ADMIN_USER_PASSWORD_MIN_LENGTH': settings.SECURITY_ADMIN_USER_PASSWORD_MIN_LENGTH, diff --git a/apps/settings/api/settings.py b/apps/settings/api/settings.py index 7864b7c1c..454fc00d3 100644 --- a/apps/settings/api/settings.py +++ b/apps/settings/api/settings.py @@ -41,9 +41,41 @@ class SettingsApi(generics.RetrieveUpdateAPIView): 'tencent': serializers.TencentSMSSettingSerializer, } + rbac_category_permissions = { + # 'all': 'change_setting', + 'basic': 'change_basic', + 'terminal': 'change_terminal', + 'security': 'change_security', + 'ldap': 'change_auth', + 'email': 'change_email', + 'email_content': 'change_email', + 'wecom': 'change_auth', + 'dingtalk': 'change_auth', + 'feishu': 'change_auth', + 'auth': 'change_auth', + 'oidc': 'change_auth', + 'keycloak': 'change_auth', + 'radius': 'change_auth', + 'cas': 'change_auth', + 'sso': 'change_auth', + 'saml2': 'change_auth', + 'clean': 'change_clean', + 'other': 'change_other', + 'sms': 'change_sms', + 'alibaba': 'change_sms', + 'tencent': 'change_sms', + } + def get_queryset(self): return Setting.objects.all() + def check_permissions(self, request): + category = request.query_params.get('category', 'basic') + require_perm = self.rbac_category_permissions.get(category) + if not request.user.has_perm(require_perm): + self.permission_denied(request) + return super().check_permissions(request) + def get_serializer_class(self): category = self.request.query_params.get('category', 'basic') default = serializers.BasicSettingSerializer diff --git a/apps/settings/serializers/basic.py b/apps/settings/serializers/basic.py index 97ef96cbe..e0672f0df 100644 --- a/apps/settings/serializers/basic.py +++ b/apps/settings/serializers/basic.py @@ -41,7 +41,6 @@ class BasicSettingSerializer(serializers.Serializer): required=False, max_length=1024, allow_blank=True, allow_null=True, label=_("Global organization name"), help_text=_('The name of global organization to display') ) - TICKETS_ENABLED = serializers.BooleanField(required=False, default=True, label=_("Enable tickets")) ANNOUNCEMENT_ENABLED = serializers.BooleanField(label=_('Enable announcement'), default=True) ANNOUNCEMENT = AnnouncementSerializer(label=_("Announcement"))