From b54afbe7bbb49c8d7aedfa64fc22a4229eb9f0e6 Mon Sep 17 00:00:00 2001 From: ibuler Date: Thu, 13 Sep 2018 11:17:55 +0800 Subject: [PATCH] =?UTF-8?q?[Bugfix]=20=E4=BF=AE=E5=A4=8D=E7=BB=84=E7=BB=87?= =?UTF-8?q?=E7=AE=A1=E7=90=86=E5=91=98=E6=97=A0=E6=B3=95=E6=9F=A5=E7=9C=8B?= =?UTF-8?q?=E7=94=A8=E6=88=B7=E6=8E=88=E6=9D=83=E7=9A=84bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/perms/api.py | 44 +++++++++++++++++++++++++++++++++++++++----- 1 file changed, 39 insertions(+), 5 deletions(-) diff --git a/apps/perms/api.py b/apps/perms/api.py index c0edc09f2..6128a90fc 100644 --- a/apps/perms/api.py +++ b/apps/perms/api.py @@ -6,13 +6,14 @@ from rest_framework.views import APIView, Response from rest_framework.generics import ListAPIView, get_object_or_404, RetrieveUpdateAPIView from rest_framework import viewsets -from common.utils import set_or_append_attr_bulk, get_object_or_none +from common.utils import set_or_append_attr_bulk from common.permissions import IsValidUser, IsOrgAdmin, IsOrgAdminOrAppUser from orgs.mixins import RootOrgViewMixin from .utils import AssetPermissionUtil from .models import AssetPermission from .hands import AssetGrantedSerializer, User, UserGroup, Asset, Node, \ NodeGrantedSerializer, SystemUser, NodeSerializer +from orgs.utils import set_to_root_org from . import serializers @@ -55,13 +56,19 @@ class AssetPermissionViewSet(viewsets.ModelViewSet): return permissions -class UserGrantedAssetsApi(RootOrgViewMixin, ListAPIView): +class UserGrantedAssetsApi(ListAPIView): """ 用户授权的所有资产 """ permission_classes = (IsOrgAdminOrAppUser,) serializer_class = AssetGrantedSerializer + def dispatch(self, request, *args, **kwargs): + if request.user.is_superuser or request.user.is_app or \ + self.kwargs.get('pk') is None: + set_to_root_org() + return super().dispatch(request, *args, **kwargs) + def get_queryset(self): user_id = self.kwargs.get('pk', '') queryset = [] @@ -84,10 +91,19 @@ class UserGrantedAssetsApi(RootOrgViewMixin, ListAPIView): return super().get_permissions() -class UserGrantedNodesApi(RootOrgViewMixin, ListAPIView): +class UserGrantedNodesApi(ListAPIView): + """ + 查询用户授权的所有节点的API, 如果是超级用户或者是 app,切换到root org + """ permission_classes = (IsOrgAdmin,) serializer_class = NodeSerializer + def dispatch(self, request, *args, **kwargs): + if request.user.is_superuser or request.user.is_app or \ + self.kwargs.get('pk') is None: + set_to_root_org() + return super().dispatch(request, *args, **kwargs) + def get_queryset(self): user_id = self.kwargs.get('pk', '') if user_id: @@ -104,10 +120,19 @@ class UserGrantedNodesApi(RootOrgViewMixin, ListAPIView): return super().get_permissions() -class UserGrantedNodesWithAssetsApi(RootOrgViewMixin, ListAPIView): +class UserGrantedNodesWithAssetsApi(ListAPIView): + """ + 用户授权的节点并带着节点下资产的api + """ permission_classes = (IsOrgAdminOrAppUser,) serializer_class = NodeGrantedSerializer + def dispatch(self, request, *args, **kwargs): + if request.user.is_superuser or request.user.is_app or \ + self.kwargs.get('pk') is None: + set_to_root_org() + return super().dispatch(request, *args, **kwargs) + def get_queryset(self): user_id = self.kwargs.get('pk', '') queryset = [] @@ -133,10 +158,19 @@ class UserGrantedNodesWithAssetsApi(RootOrgViewMixin, ListAPIView): return super().get_permissions() -class UserGrantedNodeAssetsApi(RootOrgViewMixin, ListAPIView): +class UserGrantedNodeAssetsApi(ListAPIView): + """ + 查询用户授权的节点下的资产的api, 与上面api不同的是,只返回某个节点下的资产 + """ permission_classes = (IsOrgAdminOrAppUser,) serializer_class = AssetGrantedSerializer + def dispatch(self, request, *args, **kwargs): + if request.user.is_superuser or request.user.is_app or \ + self.kwargs.get('pk') is None: + set_to_root_org() + return super().dispatch(request, *args, **kwargs) + def get_queryset(self): user_id = self.kwargs.get('pk', '') node_id = self.kwargs.get('node_id')