From b1fa3619acd96507414ed6e7effee1e831d27c06 Mon Sep 17 00:00:00 2001 From: Ewall555 Date: Fri, 4 Jul 2025 08:27:25 +0000 Subject: [PATCH] feat: support rbac SSO login URL and update translations --- apps/authentication/api/sso.py | 6 ++++-- .../migrations/0007_alter_ssotoken_options.py | 17 +++++++++++++++++ apps/authentication/models/sso_token.py | 3 +++ apps/i18n/core/en/LC_MESSAGES/django.po | 4 ++++ apps/i18n/core/es/LC_MESSAGES/django.po | 4 ++++ apps/i18n/core/ja/LC_MESSAGES/django.po | 4 ++++ apps/i18n/core/ko/LC_MESSAGES/django.po | 4 ++++ apps/i18n/core/pt_BR/LC_MESSAGES/django.po | 4 ++++ apps/i18n/core/ru/LC_MESSAGES/django.po | 4 ++++ apps/i18n/core/zh/LC_MESSAGES/django.po | 6 +++++- apps/i18n/core/zh_Hant/LC_MESSAGES/django.po | 4 ++++ apps/rbac/const.py | 3 ++- 12 files changed, 59 insertions(+), 4 deletions(-) create mode 100644 apps/authentication/migrations/0007_alter_ssotoken_options.py diff --git a/apps/authentication/api/sso.py b/apps/authentication/api/sso.py index 801a15a7d..2f2afcb6b 100644 --- a/apps/authentication/api/sso.py +++ b/apps/authentication/api/sso.py @@ -14,7 +14,6 @@ from rest_framework.response import Response from authentication.errors import ACLError from common.api import JMSGenericViewSet from common.const.http import POST, GET -from common.permissions import OnlySuperUser from common.serializers import EmptySerializer from common.utils import reverse, safe_next_url from common.utils.timezone import utc_now @@ -38,8 +37,11 @@ class SSOViewSet(AuthMixin, JMSGenericViewSet): 'login_url': SSOTokenSerializer, 'login': EmptySerializer } + rbac_perms = { + 'login_url': 'authentication.add_ssologinurl', + } - @action(methods=[POST], detail=False, permission_classes=[OnlySuperUser], url_path='login-url') + @action(methods=[POST], detail=False, url_path='login-url') def login_url(self, request, *args, **kwargs): if not settings.AUTH_SSO: raise SSOAuthClosed() diff --git a/apps/authentication/migrations/0007_alter_ssotoken_options.py b/apps/authentication/migrations/0007_alter_ssotoken_options.py new file mode 100644 index 000000000..c9414ec75 --- /dev/null +++ b/apps/authentication/migrations/0007_alter_ssotoken_options.py @@ -0,0 +1,17 @@ +# Generated by Django 4.1.13 on 2025-07-03 08:39 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('authentication', '0006_connectiontoken_type'), + ] + + operations = [ + migrations.AlterModelOptions( + name='ssotoken', + options={'permissions': [('add_ssologinurl', 'Can add SSO login URL')], 'verbose_name': 'SSO token'}, + ), + ] diff --git a/apps/authentication/models/sso_token.py b/apps/authentication/models/sso_token.py index 61002a1a8..0dc7c3cc2 100644 --- a/apps/authentication/models/sso_token.py +++ b/apps/authentication/models/sso_token.py @@ -18,3 +18,6 @@ class SSOToken(BaseCreateUpdateModel): class Meta: verbose_name = _('SSO token') + permissions = [ + ('add_ssologinurl', _('Can add SSO login URL')), + ] \ No newline at end of file diff --git a/apps/i18n/core/en/LC_MESSAGES/django.po b/apps/i18n/core/en/LC_MESSAGES/django.po index 31e95dbb2..4efe2ad8c 100644 --- a/apps/i18n/core/en/LC_MESSAGES/django.po +++ b/apps/i18n/core/en/LC_MESSAGES/django.po @@ -4182,6 +4182,10 @@ msgstr "" msgid "SSO token" msgstr "" +#: authentication/models/sso_token.py:22 +msgid "Can add SSO login URL" +msgstr "" + #: authentication/models/temp_token.py:11 msgid "Verified" msgstr "" diff --git a/apps/i18n/core/es/LC_MESSAGES/django.po b/apps/i18n/core/es/LC_MESSAGES/django.po index e79de7d25..8c9c3c6b6 100644 --- a/apps/i18n/core/es/LC_MESSAGES/django.po +++ b/apps/i18n/core/es/LC_MESSAGES/django.po @@ -4427,6 +4427,10 @@ msgstr "Tiempo de expiración" msgid "SSO token" msgstr "Token SSO" +#: authentication/models/sso_token.py:22 +msgid "Can add SSO login URL" +msgstr "Se puede agregar una URL de inicio de sesión SSO" + #: authentication/models/temp_token.py:11 msgid "Verified" msgstr "Verificado" diff --git a/apps/i18n/core/ja/LC_MESSAGES/django.po b/apps/i18n/core/ja/LC_MESSAGES/django.po index 7c32fdf9a..ad0b72148 100644 --- a/apps/i18n/core/ja/LC_MESSAGES/django.po +++ b/apps/i18n/core/ja/LC_MESSAGES/django.po @@ -4224,6 +4224,10 @@ msgstr "期限切れ" msgid "SSO token" msgstr "SSO token" +#: authentication/models/sso_token.py:22 +msgid "Can add SSO login URL" +msgstr "SSOログインURLを追加できます" + #: authentication/models/temp_token.py:11 msgid "Verified" msgstr "確認済み" diff --git a/apps/i18n/core/ko/LC_MESSAGES/django.po b/apps/i18n/core/ko/LC_MESSAGES/django.po index bd63fb180..af20b0fc1 100644 --- a/apps/i18n/core/ko/LC_MESSAGES/django.po +++ b/apps/i18n/core/ko/LC_MESSAGES/django.po @@ -4216,6 +4216,10 @@ msgstr "만료 시간" msgid "SSO token" msgstr "SSO 토큰" +#: authentication/models/sso_token.py:22 +msgid "Can add SSO login URL" +msgstr "SSO 로그인 URL 추가 가능합니다" + #: authentication/models/temp_token.py:11 msgid "Verified" msgstr "검증됨" diff --git a/apps/i18n/core/pt_BR/LC_MESSAGES/django.po b/apps/i18n/core/pt_BR/LC_MESSAGES/django.po index 20574ab92..22870b128 100644 --- a/apps/i18n/core/pt_BR/LC_MESSAGES/django.po +++ b/apps/i18n/core/pt_BR/LC_MESSAGES/django.po @@ -4367,6 +4367,10 @@ msgstr "Data de validade" msgid "SSO token" msgstr "Token SSO" +#: authentication/models/sso_token.py:22 +msgid "Can add SSO login URL" +msgstr "Pode adicionar URL de login SSO" + #: authentication/models/temp_token.py:11 msgid "Verified" msgstr "Validado" diff --git a/apps/i18n/core/ru/LC_MESSAGES/django.po b/apps/i18n/core/ru/LC_MESSAGES/django.po index 8bd19dd6b..3ce328834 100644 --- a/apps/i18n/core/ru/LC_MESSAGES/django.po +++ b/apps/i18n/core/ru/LC_MESSAGES/django.po @@ -4347,6 +4347,10 @@ msgstr "Срок действия" msgid "SSO token" msgstr "SSO токен" +#: authentication/models/sso_token.py:22 +msgid "Can add SSO login URL" +msgstr "Можно добавить URL для единого входа" + #: authentication/models/temp_token.py:11 msgid "Verified" msgstr "Проверено" diff --git a/apps/i18n/core/zh/LC_MESSAGES/django.po b/apps/i18n/core/zh/LC_MESSAGES/django.po index f83a7103b..c46316b93 100644 --- a/apps/i18n/core/zh/LC_MESSAGES/django.po +++ b/apps/i18n/core/zh/LC_MESSAGES/django.po @@ -4247,7 +4247,11 @@ msgstr "过期时间" #: authentication/models/sso_token.py:20 msgid "SSO token" -msgstr "SSO token" +msgstr "SSO 令牌" + +#: authentication/models/sso_token.py:22 +msgid "Can add SSO login URL" +msgstr "可以创建SSO登录链接" #: authentication/models/temp_token.py:11 msgid "Verified" diff --git a/apps/i18n/core/zh_Hant/LC_MESSAGES/django.po b/apps/i18n/core/zh_Hant/LC_MESSAGES/django.po index dfea05444..2a484ed5d 100644 --- a/apps/i18n/core/zh_Hant/LC_MESSAGES/django.po +++ b/apps/i18n/core/zh_Hant/LC_MESSAGES/django.po @@ -4201,6 +4201,10 @@ msgstr "過期時間" msgid "SSO token" msgstr "SSO token" +#: authentication/models/sso_token.py:22 +msgid "Can add SSO login URL" +msgstr "可以新增 SSO 登入網址" + #: authentication/models/temp_token.py:11 msgid "Verified" msgstr "已校驗" diff --git a/apps/rbac/const.py b/apps/rbac/const.py index da3782944..95251025e 100644 --- a/apps/rbac/const.py +++ b/apps/rbac/const.py @@ -24,7 +24,7 @@ exclude_permissions = ( ('authentication', 'privatetoken', '*', '*'), ('authentication', 'connectiontoken', 'delete,change', 'connectiontoken'), ('authentication', 'connectiontoken', 'view', 'connectiontokensecret'), - ('authentication', 'ssotoken', '*', '*'), + ('authentication', 'ssotoken', '*', 'ssotoken'), ('authentication', 'superconnectiontoken', 'change,delete', 'superconnectiontoken'), ('authentication', 'temptoken', 'delete', 'temptoken'), ('users', 'userpasswordhistory', '*', '*'), @@ -156,6 +156,7 @@ only_system_permissions = ( ('authentication', 'superconnectiontoken', '*', '*'), ('authentication', 'temptoken', '*', '*'), ('authentication', 'passkey', '*', '*'), + ('authentication', 'ssotoken', 'add', 'ssologinurl'), ('tickets', '*', '*', '*'), ('orgs', 'organization', 'view', 'rootorg'), ('terminal', 'applet', '*', '*'),