perf: JobExecutionViewSet add SECURITY_COMMAND_EXECUTION permission (#13662)

Co-authored-by: feng <1304903146@qq.com>
2025-09-10 20:00:10 +00:00 · 2024-07-09 16:34:15 +08:00
parent 60f7cbef9a
commit ddd813241c
6 changed files with 429 additions and 365 deletions
--- a/apps/ops/api/job.py
+++ b/apps/ops/api/job.py
@@ -29,6 +29,7 @@ __all__ = [

 from ops.tasks import run_ops_job_execution
 from ops.variables import JMS_JOB_VARIABLE_HELP
+from ops.const import COMMAND_EXECUTION_DISABLED
 from orgs.mixins.api import OrgBulkModelViewSet
 from orgs.utils import tmp_to_org, get_current_org
 from accounts.models import Account
@@ -73,7 +74,7 @@ class JobViewSet(OrgBulkModelViewSet):
            return super().check_permissions(request)
        # job: adhoc, playbook
        if not settings.SECURITY_COMMAND_EXECUTION:
-            return self.permission_denied(request, "Command execution disabled")
+            return self.permission_denied(request, COMMAND_EXECUTION_DISABLED)
        return super().check_permissions(request)

    def check_upload_permission(self, assets, account_name):
@@ -202,6 +203,11 @@ class JobExecutionViewSet(OrgBulkModelViewSet):
    search_fields = ('material',)
    filterset_fields = ['status', 'job_id']

+    def check_permissions(self, request):
+        if not settings.SECURITY_COMMAND_EXECUTION:
+            return self.permission_denied(request, COMMAND_EXECUTION_DISABLED)
+        return super().check_permissions(request)
+
    @staticmethod
    def start_deploy(instance, serializer):
        run_ops_job_execution.apply_async((str(instance.id),), task_id=str(instance.id))