github/jumpserver
1
0
Fork 0
mirror of https://github.com/jumpserver/jumpserver.git synced 2025-06-30 16:52:05 +00:00
Code Issues Projects Releases Wiki Activity

[Update] 用户授权相关API,如果需要切换到root org (#2803)

Browse Source 
* [Update] 用户授权相关API,如果需要切换到root org

* [Update] 优化小问题
This commit is contained in:
BaiJiangJie 2019-06-17 19:27:02 +08:00 committed by GitHub
parent 795807ddbe
commit c71f417ebf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 26 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/assets/templates/assets/asset_create.html
View File

@ -190,7 +190,7 @@ $(document).ready(function () {
port = 3389; port = 3389;
break; break;
case "telnet": case "telnet":
port = 21; port = 23;
break; break;
case "vnc": case "vnc":
port = 5901; port = 5901;

7
apps/perms/api/user_group_permission.py
View File

@ -93,19 +93,12 @@ class UserGroupGrantedNodesWithAssetsAsTreeApi(ListAPIView):
show_assets = True show_assets = True
system_user_id = None system_user_id = None
def change_org_if_need(self):
if self.request.user.is_superuser or \
self.request.user.is_app or \
self.kwargs.get('pk') is None:
set_to_root_org()
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
self.show_assets = request.query_params.get('show_assets', '1') == '1' self.show_assets = request.query_params.get('show_assets', '1') == '1'
self.system_user_id = request.query_params.get('system_user') self.system_user_id = request.query_params.get('system_user')
return super().get(request, *args, **kwargs) return super().get(request, *args, **kwargs)
def get_queryset(self): def get_queryset(self):
self.change_org_if_need()
user_group_id = self.kwargs.get('pk', '') user_group_id = self.kwargs.get('pk', '')
queryset = [] queryset = []
group = get_object_or_404(UserGroup, id=user_group_id) group = get_object_or_404(UserGroup, id=user_group_id)

12
apps/perms/api/user_permission.py
View File

@ -25,7 +25,9 @@ from ..hands import (
NodeSerializer, RemoteAppSerializer, NodeSerializer, RemoteAppSerializer,
) )
from .. import serializers, const from .. import serializers, const
from ..mixins import AssetsFilterMixin, RemoteAppFilterMixin from ..mixins import (
AssetsFilterMixin, RemoteAppFilterMixin, ChangeOrgIfNeedMixin
)
from ..models import Action from ..models import Action
logger = get_logger(__name__) logger = get_logger(__name__)
@ -459,7 +461,7 @@ class GetUserAssetPermissionActionsApi(UserPermissionCacheMixin, APIView):
# RemoteApp permission # RemoteApp permission
class UserGrantedRemoteAppsApi(RemoteAppFilterMixin, ListAPIView): class UserGrantedRemoteAppsApi(ChangeOrgIfNeedMixin, RemoteAppFilterMixin, ListAPIView):
permission_classes = (IsOrgAdminOrAppUser,) permission_classes = (IsOrgAdminOrAppUser,)
serializer_class = RemoteAppSerializer serializer_class = RemoteAppSerializer
pagination_class = LimitOffsetPagination pagination_class = LimitOffsetPagination
@ -484,7 +486,7 @@ class UserGrantedRemoteAppsApi(RemoteAppFilterMixin, ListAPIView):
return super().get_permissions() return super().get_permissions()
class UserGrantedRemoteAppsAsTreeApi(ListAPIView): class UserGrantedRemoteAppsAsTreeApi(ChangeOrgIfNeedMixin, ListAPIView):
serializer_class = TreeNodeSerializer serializer_class = TreeNodeSerializer
permission_classes = (IsOrgAdminOrAppUser,) permission_classes = (IsOrgAdminOrAppUser,)
@ -516,10 +518,11 @@ class UserGrantedRemoteAppsAsTreeApi(ListAPIView):
return super().get_permissions() return super().get_permissions()
class ValidateUserRemoteAppPermissionApi(APIView): class ValidateUserRemoteAppPermissionApi(ChangeOrgIfNeedMixin, APIView):
permission_classes = (IsOrgAdminOrAppUser,) permission_classes = (IsOrgAdminOrAppUser,)
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
self.change_org_if_need(request, kwargs)
user_id = request.query_params.get('user_id', '') user_id = request.query_params.get('user_id', '')
remote_app_id = request.query_params.get('remote_app_id', '') remote_app_id = request.query_params.get('remote_app_id', '')
user = get_object_or_404(User, id=user_id) user = get_object_or_404(User, id=user_id)
@ -529,5 +532,4 @@ class ValidateUserRemoteAppPermissionApi(APIView):
remote_apps = util.get_remote_apps() remote_apps = util.get_remote_apps()
if remote_app not in remote_apps: if remote_app not in remote_apps:
return Response({'msg': False}, status=403) return Response({'msg': False}, status=403)
return Response({'msg': True}, status=200) return Response({'msg': True}, status=200)

19
apps/perms/mixins.py
View File

@ -2,8 +2,10 @@
# #
from orgs.utils import set_to_root_org
__all__ = [ __all__ = [
'AssetsFilterMixin', 'RemoteAppFilterMixin', 'AssetsFilterMixin', 'RemoteAppFilterMixin', 'ChangeOrgIfNeedMixin',
] ]
@ -100,3 +102,18 @@ class RemoteAppFilterMixin(object):
queryset, key=lambda x: getattr(x, order_by), reverse=reverse queryset, key=lambda x: getattr(x, order_by), reverse=reverse
) )
return queryset return queryset
class ChangeOrgIfNeedMixin(object):
@staticmethod
def change_org_if_need(request, kwargs):
if request.user.is_authenticated and request.user.is_superuser \
or request.user.is_app \
or kwargs.get('pk') is None:
set_to_root_org()
def get(self, request, *args, **kwargs):
self.change_org_if_need(request, kwargs)
return super().get(request, *args, **kwargs)