From c71f417ebff42c6f73816af84149e48fa5ef3e5d Mon Sep 17 00:00:00 2001 From: BaiJiangJie <32935519+BaiJiangJie@users.noreply.github.com> Date: Mon, 17 Jun 2019 19:27:02 +0800 Subject: [PATCH] =?UTF-8?q?[Update]=20=E7=94=A8=E6=88=B7=E6=8E=88=E6=9D=83?= =?UTF-8?q?=E7=9B=B8=E5=85=B3API=EF=BC=8C=E5=A6=82=E6=9E=9C=E9=9C=80?= =?UTF-8?q?=E8=A6=81=E5=88=87=E6=8D=A2=E5=88=B0root=20org=20(#2803)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [Update] 用户授权相关API,如果需要切换到root org * [Update] 优化小问题 --- .../assets/templates/assets/asset_create.html | 2 +- apps/perms/api/user_group_permission.py | 7 ------- apps/perms/api/user_permission.py | 12 +++++++----- apps/perms/mixins.py | 19 ++++++++++++++++++- 4 files changed, 26 insertions(+), 14 deletions(-) diff --git a/apps/assets/templates/assets/asset_create.html b/apps/assets/templates/assets/asset_create.html index 1d04f2bec..c1a617fdb 100644 --- a/apps/assets/templates/assets/asset_create.html +++ b/apps/assets/templates/assets/asset_create.html @@ -190,7 +190,7 @@ $(document).ready(function () { port = 3389; break; case "telnet": - port = 21; + port = 23; break; case "vnc": port = 5901; diff --git a/apps/perms/api/user_group_permission.py b/apps/perms/api/user_group_permission.py index 159f76a39..841a82096 100644 --- a/apps/perms/api/user_group_permission.py +++ b/apps/perms/api/user_group_permission.py @@ -93,19 +93,12 @@ class UserGroupGrantedNodesWithAssetsAsTreeApi(ListAPIView): show_assets = True system_user_id = None - def change_org_if_need(self): - if self.request.user.is_superuser or \ - self.request.user.is_app or \ - self.kwargs.get('pk') is None: - set_to_root_org() - def get(self, request, *args, **kwargs): self.show_assets = request.query_params.get('show_assets', '1') == '1' self.system_user_id = request.query_params.get('system_user') return super().get(request, *args, **kwargs) def get_queryset(self): - self.change_org_if_need() user_group_id = self.kwargs.get('pk', '') queryset = [] group = get_object_or_404(UserGroup, id=user_group_id) diff --git a/apps/perms/api/user_permission.py b/apps/perms/api/user_permission.py index 1445ccac6..26f3a6c52 100644 --- a/apps/perms/api/user_permission.py +++ b/apps/perms/api/user_permission.py @@ -25,7 +25,9 @@ from ..hands import ( NodeSerializer, RemoteAppSerializer, ) from .. import serializers, const -from ..mixins import AssetsFilterMixin, RemoteAppFilterMixin +from ..mixins import ( + AssetsFilterMixin, RemoteAppFilterMixin, ChangeOrgIfNeedMixin +) from ..models import Action logger = get_logger(__name__) @@ -459,7 +461,7 @@ class GetUserAssetPermissionActionsApi(UserPermissionCacheMixin, APIView): # RemoteApp permission -class UserGrantedRemoteAppsApi(RemoteAppFilterMixin, ListAPIView): +class UserGrantedRemoteAppsApi(ChangeOrgIfNeedMixin, RemoteAppFilterMixin, ListAPIView): permission_classes = (IsOrgAdminOrAppUser,) serializer_class = RemoteAppSerializer pagination_class = LimitOffsetPagination @@ -484,7 +486,7 @@ class UserGrantedRemoteAppsApi(RemoteAppFilterMixin, ListAPIView): return super().get_permissions() -class UserGrantedRemoteAppsAsTreeApi(ListAPIView): +class UserGrantedRemoteAppsAsTreeApi(ChangeOrgIfNeedMixin, ListAPIView): serializer_class = TreeNodeSerializer permission_classes = (IsOrgAdminOrAppUser,) @@ -516,10 +518,11 @@ class UserGrantedRemoteAppsAsTreeApi(ListAPIView): return super().get_permissions() -class ValidateUserRemoteAppPermissionApi(APIView): +class ValidateUserRemoteAppPermissionApi(ChangeOrgIfNeedMixin, APIView): permission_classes = (IsOrgAdminOrAppUser,) def get(self, request, *args, **kwargs): + self.change_org_if_need(request, kwargs) user_id = request.query_params.get('user_id', '') remote_app_id = request.query_params.get('remote_app_id', '') user = get_object_or_404(User, id=user_id) @@ -529,5 +532,4 @@ class ValidateUserRemoteAppPermissionApi(APIView): remote_apps = util.get_remote_apps() if remote_app not in remote_apps: return Response({'msg': False}, status=403) - return Response({'msg': True}, status=200) diff --git a/apps/perms/mixins.py b/apps/perms/mixins.py index f302285a6..88c851adc 100644 --- a/apps/perms/mixins.py +++ b/apps/perms/mixins.py @@ -2,8 +2,10 @@ # +from orgs.utils import set_to_root_org + __all__ = [ - 'AssetsFilterMixin', 'RemoteAppFilterMixin', + 'AssetsFilterMixin', 'RemoteAppFilterMixin', 'ChangeOrgIfNeedMixin', ] @@ -100,3 +102,18 @@ class RemoteAppFilterMixin(object): queryset, key=lambda x: getattr(x, order_by), reverse=reverse ) return queryset + + +class ChangeOrgIfNeedMixin(object): + + @staticmethod + def change_org_if_need(request, kwargs): + if request.user.is_authenticated and request.user.is_superuser \ + or request.user.is_app \ + or kwargs.get('pk') is None: + set_to_root_org() + + def get(self, request, *args, **kwargs): + self.change_org_if_need(request, kwargs) + return super().get(request, *args, **kwargs) +