perf(permission): 优化权限控制，显式的声明权限

2025-09-01 23:47:40 +00:00 · 2021-02-03 10:52:51 +08:00
parent 542eb25e7b
commit 93474766f6
9 changed files with 14 additions and 12 deletions
--- a/apps/authentication/api/init.py
+++ b/apps/authentication/api/init.py
@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 #

-from .auth import *
+from .connection_token import *
 from .token import *
 from .mfa import *
 from .access_key import *
--- a/apps/authentication/api/connection_token.py
+++ b/apps/authentication/api/connection_token.py
--- a/apps/authentication/api/login_confirm.py
+++ b/apps/authentication/api/login_confirm.py
@@ -3,10 +3,10 @@
 from rest_framework.generics import UpdateAPIView
 from rest_framework.response import Response
 from rest_framework.views import APIView
+from rest_framework.permissions import AllowAny
 from django.shortcuts import get_object_or_404
-from django.utils.translation import ugettext as _

-from common.utils import get_logger, get_object_or_none
+from common.utils import get_logger
 from common.permissions import IsOrgAdmin
 from ..models import LoginConfirmSetting
 from ..serializers import LoginConfirmSettingSerializer
@@ -32,7 +32,7 @@ class LoginConfirmSettingUpdateApi(UpdateAPIView):


 class TicketStatusApi(mixins.AuthMixin, APIView):
-    permission_classes = ()
+    permission_classes = (AllowAny,)

    def get(self, request, *args, **kwargs):
        try:
--- a/apps/authentication/api/sso.py
+++ b/apps/authentication/api/sso.py
@@ -7,6 +7,7 @@ from django.http.response import HttpResponseRedirect
 from rest_framework.decorators import action
 from rest_framework.response import Response
 from rest_framework.request import Request
+from rest_framework.permissions import AllowAny

 from common.utils.timezone import utcnow
 from common.const.http import POST, GET
@@ -31,6 +32,7 @@ class SSOViewSet(AuthMixin, JmsGenericViewSet):
        'login_url': SSOTokenSerializer,
        'login': EmptySerializer
    }
+    permission_classes = (IsSuperUser,)

    @action(methods=[POST], detail=False, permission_classes=[IsSuperUser], url_path='login-url')
    def login_url(self, request, *args, **kwargs):
@@ -54,7 +56,7 @@ class SSOViewSet(AuthMixin, JmsGenericViewSet):
        login_url = '%s?%s' % (reverse('api-auth:sso-login', external=True), urlencode(query))
        return Response(data={'login_url': login_url})

-    @action(methods=[GET], detail=False, filter_backends=[AuthKeyQueryDeclaration], permission_classes=[])
+    @action(methods=[GET], detail=False, filter_backends=[AuthKeyQueryDeclaration], permission_classes=[AllowAny])
    def login(self, request: Request, *args, **kwargs):
        """
        此接口违反了 `Restful` 的规范