diff --git a/apps/assets/api/asset.py b/apps/assets/api/asset.py index c744c6e17..eb8de77db 100644 --- a/apps/assets/api/asset.py +++ b/apps/assets/api/asset.py @@ -138,7 +138,9 @@ class AssetTaskCreateApi(AssetsTaskMixin, generics.CreateAPIView): def check_permissions(self, request): action = request.data.get('action') action_perm_require = { + 'refresh': 'assets.refresh_assethardwareinfo', 'push_system_user': 'assets.push_assetsystemuser', + 'test': 'assets.test_assetconnectivity', 'test_system_user': 'assets.test_assetconnectivity' } perm_required = action_perm_require.get(action) diff --git a/apps/assets/api/system_user_relation.py b/apps/assets/api/system_user_relation.py index 056bd1e53..36c16a09b 100644 --- a/apps/assets/api/system_user_relation.py +++ b/apps/assets/api/system_user_relation.py @@ -64,7 +64,7 @@ class RelationMixin: class BaseRelationViewSet(RelationMixin, OrgBulkModelViewSet): - pass + perm_model = models.SystemUser class SystemUserAssetRelationViewSet(BaseRelationViewSet): @@ -136,4 +136,3 @@ class SystemUserUserRelationViewSet(BaseRelationViewSet): ) ) return queryset - diff --git a/apps/assets/migrations/0088_auto_20220303_1612.py b/apps/assets/migrations/0088_auto_20220303_1612.py index e4942e5ff..f0b0191e1 100644 --- a/apps/assets/migrations/0088_auto_20220303_1612.py +++ b/apps/assets/migrations/0088_auto_20220303_1612.py @@ -12,7 +12,7 @@ class Migration(migrations.Migration): operations = [ migrations.AlterModelOptions( name='asset', - options={'ordering': ['hostname'], 'permissions': [('test_assetconnectivity', 'Can test asset connectivity'), ('push_assetsystemuser', 'Can push system user to asset'), ('match_asset', 'Can match asset')], 'verbose_name': 'Asset'}, + options={'ordering': ['hostname'], 'permissions': [('refresh_assethardwareinfo', 'Can refresh asset hardware info'), ('test_assetconnectivity', 'Can test asset connectivity'), ('push_assetsystemuser', 'Can push system user to asset'), ('match_asset', 'Can match asset')], 'verbose_name': 'Asset'}, ), migrations.AlterModelOptions( name='node', diff --git a/apps/assets/models/asset.py b/apps/assets/models/asset.py index c51520923..f693febc5 100644 --- a/apps/assets/models/asset.py +++ b/apps/assets/models/asset.py @@ -355,6 +355,7 @@ class Asset(AbsConnectivity, AbsHardwareInfo, ProtocolsMixin, NodesRelationMixin verbose_name = _("Asset") ordering = ["hostname", ] permissions = [ + ('refresh_assethardwareinfo', _('Can refresh asset hardware info')), ('test_assetconnectivity', _('Can test asset connectivity')), ('push_assetsystemuser', _('Can push system user to asset')), ('match_asset', _('Can match asset')), diff --git a/apps/rbac/permissions.py b/apps/rbac/permissions.py index 43210818f..fae808da1 100644 --- a/apps/rbac/permissions.py +++ b/apps/rbac/permissions.py @@ -26,6 +26,7 @@ class RBACPermission(permissions.DjangoModelPermissions): ('PATCH', '%(app_label)s.change_%(model_name)s'), ('DELETE', '%(app_label)s.delete_%(model_name)s'), ) + # rbac_perms = ((), ()) # def get_rbac_perms(): # return {} @@ -77,6 +78,17 @@ class RBACPermission(permissions.DjangoModelPermissions): perms = action_perms_map[action] return perms + def get_model_cls(self, view): + if hasattr(view, 'perm_model'): + return getattr(view, 'perm_model') + + try: + queryset = self._queryset(view) + model_cls = queryset.model + except AssertionError: + model_cls = None + return model_cls + def get_require_perms(self, request, view): """ 获取 request, view 需要的 perms @@ -84,12 +96,8 @@ class RBACPermission(permissions.DjangoModelPermissions): :param view: :return: """ - try: - queryset = self._queryset(view) - model_cls = queryset.model - except AssertionError: - model_cls = None + model_cls = self.get_model_cls(view) action = getattr(view, 'action', None) if not action: action = request.method @@ -116,4 +124,3 @@ class RBACPermission(permissions.DjangoModelPermissions): has = request.user.has_perms(perms) logger.debug('View require perms: {}, result: {}'.format(perms, has)) return has -