github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: 修复校验用户登录规则的API权限

pull/6669/head
Bai 2021-08-18 10:22:40 +08:00 committed by Jiangjie.Bai
parent 81d8592ee1
commit 0c8c926aac
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
apps/common/permissions.py
View File

@ -6,6 +6,7 @@ from django.conf import settings
from common.exceptions import MFAVerifyRequired from common.exceptions import MFAVerifyRequired
from orgs.utils import current_org from orgs.utils import current_org
from common.utils import is_uuid
class IsValidUser(permissions.IsAuthenticated, permissions.BasePermission): class IsValidUser(permissions.IsAuthenticated, permissions.BasePermission):
@ -186,7 +187,7 @@ class IsObjectOwner(IsValidUser):
class HasQueryParamsUserAndIsCurrentOrgMember(permissions.BasePermission): class HasQueryParamsUserAndIsCurrentOrgMember(permissions.BasePermission):
def has_permission(self, request, view): def has_permission(self, request, view):
query_user_id = request.query_params.get('user') query_user_id = request.query_params.get('user')
if not query_user_id: if not query_user_id or not is_uuid(query_user_id):
return False return False
query_user = current_org.get_members().filter(id=query_user_id).first() query_user = current_org.get_members().filter(id=query_user_id).first()
return bool(query_user) return bool(query_user)