[Update] 修改permission (#1574)

2025-11-13 06:38:31 +00:00 · 2018-07-22 23:55:13 -05:00
parent 2208d6d51e
commit c816875f28
20 changed files with 93 additions and 154 deletions
--- a/apps/perms/api.py
+++ b/apps/perms/api.py
@@ -7,7 +7,7 @@ from rest_framework.generics import ListAPIView, get_object_or_404, RetrieveUpda
 from rest_framework import viewsets

 from common.utils import set_or_append_attr_bulk, get_object_or_none
-from users.permissions import IsValidUser, IsSuperUser, IsSuperUserOrAppUser
+from common.permissions import IsValidUser, IsOrgAdmin, IsOrgAdminOrAppUser
 from .utils import AssetPermissionUtil
 from .models import AssetPermission
 from .hands import AssetGrantedSerializer, User, UserGroup, Asset, Node, \
@@ -21,7 +21,7 @@ class AssetPermissionViewSet(viewsets.ModelViewSet):
    """
    queryset = AssetPermission.objects.all()
    serializer_class = serializers.AssetPermissionCreateUpdateSerializer
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)

    def get_serializer_class(self):
        if self.action in ("list", 'retrieve'):
@@ -58,7 +58,7 @@ class UserGrantedAssetsApi(ListAPIView):
    """
    用户授权的所有资产
    """
-    permission_classes = (IsSuperUserOrAppUser,)
+    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = AssetGrantedSerializer

    def get_queryset(self):
@@ -87,7 +87,7 @@ class UserGrantedAssetsApi(ListAPIView):


 class UserGrantedNodesApi(ListAPIView):
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)
    serializer_class = NodeSerializer

    def get_queryset(self):
@@ -107,7 +107,7 @@ class UserGrantedNodesApi(ListAPIView):


 class UserGrantedNodesWithAssetsApi(ListAPIView):
-    permission_classes = (IsSuperUserOrAppUser,)
+    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = NodeGrantedSerializer

    def get_queryset(self):
@@ -139,7 +139,7 @@ class UserGrantedNodesWithAssetsApi(ListAPIView):


 class UserGrantedNodeAssetsApi(ListAPIView):
-    permission_classes = (IsSuperUserOrAppUser,)
+    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = AssetGrantedSerializer

    def get_queryset(self):
@@ -165,7 +165,7 @@ class UserGrantedNodeAssetsApi(ListAPIView):


 class UserGroupGrantedAssetsApi(ListAPIView):
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)
    serializer_class = AssetGrantedSerializer

    def get_queryset(self):
@@ -185,7 +185,7 @@ class UserGroupGrantedAssetsApi(ListAPIView):


 class UserGroupGrantedNodesApi(ListAPIView):
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)
    serializer_class = NodeSerializer

    def get_queryset(self):
@@ -201,7 +201,7 @@ class UserGroupGrantedNodesApi(ListAPIView):


 class UserGroupGrantedNodesWithAssetsApi(ListAPIView):
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)
    serializer_class = NodeGrantedSerializer

    def get_queryset(self):
@@ -224,7 +224,7 @@ class UserGroupGrantedNodesWithAssetsApi(ListAPIView):


 class UserGroupGrantedNodeAssetsApi(ListAPIView):
-    permission_classes = (IsSuperUserOrAppUser,)
+    permission_classes = (IsOrgAdminOrAppUser,)
    serializer_class = AssetGrantedSerializer

    def get_queryset(self):
@@ -242,7 +242,7 @@ class UserGroupGrantedNodeAssetsApi(ListAPIView):


 class ValidateUserAssetPermissionView(APIView):
-    permission_classes = (IsSuperUserOrAppUser,)
+    permission_classes = (IsOrgAdminOrAppUser,)

    @staticmethod
    def get(request):
@@ -266,7 +266,7 @@ class AssetPermissionRemoveUserApi(RetrieveUpdateAPIView):
    """
    将用户从授权中移除，Detail页面会调用
    """
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)
    serializer_class = serializers.AssetPermissionUpdateUserSerializer
    queryset = AssetPermission.objects.all()

@@ -283,7 +283,7 @@ class AssetPermissionRemoveUserApi(RetrieveUpdateAPIView):


 class AssetPermissionAddUserApi(RetrieveUpdateAPIView):
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)
    serializer_class = serializers.AssetPermissionUpdateUserSerializer
    queryset = AssetPermission.objects.all()

@@ -303,7 +303,7 @@ class AssetPermissionRemoveAssetApi(RetrieveUpdateAPIView):
    """
    将用户从授权中移除，Detail页面会调用
    """
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)
    serializer_class = serializers.AssetPermissionUpdateAssetSerializer
    queryset = AssetPermission.objects.all()

@@ -320,7 +320,7 @@ class AssetPermissionRemoveAssetApi(RetrieveUpdateAPIView):


 class AssetPermissionAddAssetApi(RetrieveUpdateAPIView):
-    permission_classes = (IsSuperUser,)
+    permission_classes = (IsOrgAdmin,)
    serializer_class = serializers.AssetPermissionUpdateAssetSerializer
    queryset = AssetPermission.objects.all()