feat: support rbac SSO login URL and update translations

2025-08-31 15:08:36 +00:00 · 2025-07-04 08:27:25 +00:00
parent 06afc8a0e1
commit b1fa3619ac
12 changed files with 59 additions and 4 deletions
--- a/apps/authentication/api/sso.py
+++ b/apps/authentication/api/sso.py
@@ -14,7 +14,6 @@ from rest_framework.response import Response
 from authentication.errors import ACLError
 from common.api import JMSGenericViewSet
 from common.const.http import POST, GET
-from common.permissions import OnlySuperUser
 from common.serializers import EmptySerializer
 from common.utils import reverse, safe_next_url
 from common.utils.timezone import utc_now
@@ -38,8 +37,11 @@ class SSOViewSet(AuthMixin, JMSGenericViewSet):
        'login_url': SSOTokenSerializer,
        'login': EmptySerializer
    }
+    rbac_perms = {
+        'login_url': 'authentication.add_ssologinurl',
+    }

-    @action(methods=[POST], detail=False, permission_classes=[OnlySuperUser], url_path='login-url')
+    @action(methods=[POST], detail=False, url_path='login-url')
    def login_url(self, request, *args, **kwargs):
        if not settings.AUTH_SSO:
            raise SSOAuthClosed()
--- a/apps/authentication/migrations/0007_alter_ssotoken_options.py
+++ b/apps/authentication/migrations/0007_alter_ssotoken_options.py
@@ -0,0 +1,17 @@
+# Generated by Django 4.1.13 on 2025-07-03 08:39
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0006_connectiontoken_type'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='ssotoken',
+            options={'permissions': [('add_ssologinurl', 'Can add SSO login URL')], 'verbose_name': 'SSO token'},
+        ),
+    ]
--- a/apps/authentication/models/sso_token.py
+++ b/apps/authentication/models/sso_token.py
@@ -18,3 +18,6 @@ class SSOToken(BaseCreateUpdateModel):

    class Meta:
        verbose_name = _('SSO token')
+        permissions = [
+            ('add_ssologinurl', _('Can add SSO login URL')),
+        ]
--- a/apps/i18n/core/en/LC_MESSAGES/django.po
+++ b/apps/i18n/core/en/LC_MESSAGES/django.po
@@ -4182,6 +4182,10 @@ msgstr ""
 msgid "SSO token"
 msgstr ""

+#: authentication/models/sso_token.py:22
+msgid "Can add SSO login URL"
+msgstr ""
+
 #: authentication/models/temp_token.py:11
 msgid "Verified"
 msgstr ""
--- a/apps/i18n/core/es/LC_MESSAGES/django.po
+++ b/apps/i18n/core/es/LC_MESSAGES/django.po
@@ -4427,6 +4427,10 @@ msgstr "Tiempo de expiración"
 msgid "SSO token"
 msgstr "Token SSO"

+#: authentication/models/sso_token.py:22
+msgid "Can add SSO login URL"
+msgstr "Se puede agregar una URL de inicio de sesión SSO"
+
 #: authentication/models/temp_token.py:11
 msgid "Verified"
 msgstr "Verificado"
--- a/apps/i18n/core/ja/LC_MESSAGES/django.po
+++ b/apps/i18n/core/ja/LC_MESSAGES/django.po
@@ -4224,6 +4224,10 @@ msgstr "期限切れ"
 msgid "SSO token"
 msgstr "SSO token"

+#: authentication/models/sso_token.py:22
+msgid "Can add SSO login URL"
+msgstr "SSOログインURLを追加できます"
+
 #: authentication/models/temp_token.py:11
 msgid "Verified"
 msgstr "確認済み"
--- a/apps/i18n/core/ko/LC_MESSAGES/django.po
+++ b/apps/i18n/core/ko/LC_MESSAGES/django.po
@@ -4216,6 +4216,10 @@ msgstr "만료 시간"
 msgid "SSO token"
 msgstr "SSO 토큰"

+#: authentication/models/sso_token.py:22
+msgid "Can add SSO login URL"
+msgstr "SSO 로그인 URL 추가 가능합니다"
+
 #: authentication/models/temp_token.py:11
 msgid "Verified"
 msgstr "검증됨"
--- a/apps/i18n/core/pt_BR/LC_MESSAGES/django.po
+++ b/apps/i18n/core/pt_BR/LC_MESSAGES/django.po
@@ -4367,6 +4367,10 @@ msgstr "Data de validade"
 msgid "SSO token"
 msgstr "Token SSO"

+#: authentication/models/sso_token.py:22
+msgid "Can add SSO login URL"
+msgstr "Pode adicionar URL de login SSO"
+
 #: authentication/models/temp_token.py:11
 msgid "Verified"
 msgstr "Validado"
--- a/apps/i18n/core/ru/LC_MESSAGES/django.po
+++ b/apps/i18n/core/ru/LC_MESSAGES/django.po
@@ -4347,6 +4347,10 @@ msgstr "Срок действия"
 msgid "SSO token"
 msgstr "SSO токен"

+#: authentication/models/sso_token.py:22
+msgid "Can add SSO login URL"
+msgstr "Можно добавить URL для единого входа"
+
 #: authentication/models/temp_token.py:11
 msgid "Verified"
 msgstr "Проверено"
--- a/apps/i18n/core/zh/LC_MESSAGES/django.po
+++ b/apps/i18n/core/zh/LC_MESSAGES/django.po
@@ -4247,7 +4247,11 @@ msgstr "过期时间"

 #: authentication/models/sso_token.py:20
 msgid "SSO token"
-msgstr "SSO token"
+msgstr "SSO 令牌"
+
+#: authentication/models/sso_token.py:22
+msgid "Can add SSO login URL"
+msgstr "可以创建SSO登录链接"

 #: authentication/models/temp_token.py:11
 msgid "Verified"
--- a/apps/i18n/core/zh_Hant/LC_MESSAGES/django.po
+++ b/apps/i18n/core/zh_Hant/LC_MESSAGES/django.po
@@ -4201,6 +4201,10 @@ msgstr "過期時間"
 msgid "SSO token"
 msgstr "SSO token"

+#: authentication/models/sso_token.py:22
+msgid "Can add SSO login URL"
+msgstr "可以新增 SSO 登入網址"
+
 #: authentication/models/temp_token.py:11
 msgid "Verified"
 msgstr "已校驗"
--- a/apps/rbac/const.py
+++ b/apps/rbac/const.py
@@ -24,7 +24,7 @@ exclude_permissions = (
    ('authentication', 'privatetoken', '*', '*'),
    ('authentication', 'connectiontoken', 'delete,change', 'connectiontoken'),
    ('authentication', 'connectiontoken', 'view', 'connectiontokensecret'),
-    ('authentication', 'ssotoken', '*', '*'),
+    ('authentication', 'ssotoken', '*', 'ssotoken'),
    ('authentication', 'superconnectiontoken', 'change,delete', 'superconnectiontoken'),
    ('authentication', 'temptoken', 'delete', 'temptoken'),
    ('users', 'userpasswordhistory', '*', '*'),
@@ -156,6 +156,7 @@ only_system_permissions = (
    ('authentication', 'superconnectiontoken', '*', '*'),
    ('authentication', 'temptoken', '*', '*'),
    ('authentication', 'passkey', '*', '*'),
+    ('authentication', 'ssotoken', 'add', 'ssologinurl'),
    ('tickets', '*', '*', '*'),
    ('orgs', 'organization', 'view', 'rootorg'),
    ('terminal', 'applet', '*', '*'),