github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

[Bugfix] 修改校验系统用户资产动作权限的API逻辑

pull/2874/head
BaiJiangJie 2019-07-02 12:44:53 +08:00
parent e4880a247f
commit 1983533e76
2 changed files with 12 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
apps/perms/api/user_permission.py
View File

@ -17,14 +17,13 @@ from common.tree import TreeNodeSerializer
from common.utils import get_logger
from ..utils import (
AssetPermissionUtil, parse_asset_to_tree_node, parse_node_to_tree_node,
check_system_user_action,
)
from ..hands import User, Asset, Node, SystemUser, NodeSerializer
from .. import serializers, const
from ..mixins import (
AssetsFilterMixin,
)
from ..models import Action
from ..models import ActionFlag
logger = get_logger(__name__)
@ -407,7 +406,7 @@ class UserGrantedNodeChildrenApi(UserPermissionCacheMixin, ListAPIView):
class ValidateUserAssetPermissionApi(UserPermissionCacheMixin, APIView):
permission_classes = (IsOrgAdminOrAppUser,)
def get(self, request, *args, **kwargs):
user_id = request.query_params.get('user_id', '')
asset_id = request.query_params.get('asset_id', '')
@ -417,17 +416,17 @@ class ValidateUserAssetPermissionApi(UserPermissionCacheMixin, APIView):
user = get_object_or_404(User, id=user_id)
asset = get_object_or_404(Asset, id=asset_id)
su = get_object_or_404(SystemUser, id=system_id)
action = get_object_or_404(Action, name=action_name)
util = AssetPermissionUtil(user, cache_policy=self.cache_policy)
granted_assets = util.get_assets()
granted_system_users = granted_assets.get(asset, [])
granted_system_users = granted_assets.get(asset, {})
if su not in granted_system_users:
return Response({'msg': False}, status=403)
_su = next((s for s in granted_system_users if s.id == su.id), None)
if not check_system_user_action(_su, action):
action = granted_system_users[su]
choices = ActionFlag.value_to_choices(action)
if action_name not in choices:
return Response({'msg': False}, status=403)
return Response({'msg': True}, status=200)
@ -435,7 +434,7 @@ class ValidateUserAssetPermissionApi(UserPermissionCacheMixin, APIView):
class GetUserAssetPermissionActionsApi(UserPermissionCacheMixin, RetrieveAPIView):
permission_classes = (IsOrgAdminOrAppUser,)
serializers_class = serializers.ActionsSerializer
serializer_class = serializers.ActionsSerializer
def get_object(self):
user_id = self.request.query_params.get('user_id', '')
@ -450,6 +449,9 @@ class GetUserAssetPermissionActionsApi(UserPermissionCacheMixin, RetrieveAPIView
granted_assets = util.get_assets()
granted_system_users = granted_assets.get(asset, {})
_object = {}
if su not in granted_system_users:
return {"actions": 0}
return granted_system_users[su]
_object['actions'] = 0
else:
_object['actions'] = granted_system_users[su]
return _object

14
apps/perms/utils/asset_permission.py
View File

@ -27,7 +27,6 @@ logger = get_logger(__file__)
__all__ = [
'AssetPermissionUtil', 'is_obj_attr_has', 'sort_assets',
'parse_asset_to_tree_node', 'parse_node_to_tree_node',
'check_system_user_action',
]
@ -590,16 +589,3 @@ def parse_asset_to_tree_node(node, asset, system_users):
}
tree_node = TreeNode(**data)
return tree_node
def check_system_user_action(system_user, action):
"""
:param system_user: SystemUser object (包含动态属性: actions)
:param action: Action object
:return: bool
"""
check_actions = [Action.get_action_all(), action]
granted_actions = getattr(system_user, 'actions', [])
actions = list(set(granted_actions).intersection(set(check_actions)))
return bool(actions)