From f1bd4ea91fbfdedf5e795202b76bb081cf25cbf2 Mon Sep 17 00:00:00 2001 From: ibuler Date: Wed, 20 Apr 2022 11:19:37 +0800 Subject: [PATCH] =?UTF-8?q?perf:=20=E4=BF=AE=E6=94=B9=20=E7=B3=BB=E7=BB=9F?= =?UTF-8?q?=E7=BA=A7=E5=88=AB=E7=94=A8=E6=88=B7=E8=A7=92=E8=89=B2=E7=9A=84?= =?UTF-8?q?=20perms?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/rbac/builtin.py | 17 ++++++++--------- apps/rbac/models/rolebinding.py | 5 +++-- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/apps/rbac/builtin.py b/apps/rbac/builtin.py index c99181d4e..179889111 100644 --- a/apps/rbac/builtin.py +++ b/apps/rbac/builtin.py @@ -2,15 +2,6 @@ from django.utils.translation import ugettext_noop from .const import Scope, system_exclude_permissions, org_exclude_permissions -system_user_perms = ( - ('authentication', 'connectiontoken', 'add', 'connectiontoken'), - ('authentication', 'temptoken', 'add,change,view', 'temptoken'), - ('authentication', 'accesskey', '*', '*'), - ('tickets', 'ticket', 'view', 'ticket'), - ('orgs', 'organization', 'view', 'rootorg'), -) - -# Todo: 获取应该区分 系统用户,和组织用户的权限 # 工作台也区分组织后再考虑 user_perms = ( ('rbac', 'menupermission', 'view', 'workbench'), @@ -25,6 +16,14 @@ user_perms = ( ('ops', 'commandexecution', 'add', 'commandexecution'), ) +system_user_perms = ( + ('authentication', 'connectiontoken', 'add', 'connectiontoken'), + ('authentication', 'temptoken', 'add,change,view', 'temptoken'), + ('authentication', 'accesskey', '*', '*'), + ('tickets', 'ticket', 'view', 'ticket'), + ('orgs', 'organization', 'view', 'rootorg'), +) + user_perms + auditor_perms = user_perms + ( ('rbac', 'menupermission', 'view', 'audit'), ('audits', '*', '*', '*'), diff --git a/apps/rbac/models/rolebinding.py b/apps/rbac/models/rolebinding.py index 643e38207..dc09f75d2 100644 --- a/apps/rbac/models/rolebinding.py +++ b/apps/rbac/models/rolebinding.py @@ -6,7 +6,7 @@ from rest_framework.serializers import ValidationError from common.db.models import JMSModel from common.utils import lazyproperty -from orgs.utils import current_org +from orgs.utils import current_org, tmp_to_root_org from .role import Role from ..const import Scope @@ -105,7 +105,8 @@ class RoleBinding(JMSModel): from orgs.models import Organization roles = Role.get_roles_by_perm(perm) - bindings = list(cls.objects.root_all().filter(role__in=roles, user=user)) + with tmp_to_root_org(): + bindings = list(cls.objects.root_all().filter(role__in=roles, user=user)) system_bindings = [b for b in bindings if b.scope == Role.Scope.system.value] if perm == 'rbac.view_workbench':