fix: 修复一些 connection-token rbac 权限控制

2 years ago · 1f4fdc13aa
3 changed files with 3 additions and 4 deletions
--- a/apps/authentication/api/connection_token.py
+++ b/apps/authentication/api/connection_token.py
@ -218,7 +218,7 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
        'list': 'authentication.view_connectiontoken',
        'retrieve': 'authentication.view_connectiontoken',
        'create': 'authentication.add_connectiontoken',
-        'expire': 'authentication.add_connectiontoken',
+        'expire': 'authentication.change_connectiontoken',
        'get_rdp_file': 'authentication.add_connectiontoken',
        'get_client_protocol_url': 'authentication.add_connectiontoken',
    }
--- a/apps/rbac/builtin.py
+++ b/apps/rbac/builtin.py
@ -18,11 +18,10 @@ user_perms = (
    ('assets', 'asset', 'match', 'asset'),
    ('assets', 'systemuser', 'match', 'systemuser'),
    ('assets', 'node', 'match', 'node'),
    ('applications', 'application', 'match', 'application'),
 )
 system_user_perms = (
-    ('authentication', 'connectiontoken', 'add,view', 'connectiontoken'),
+    ('authentication', 'connectiontoken', 'add,change,view', 'connectiontoken'),
    ('authentication', 'temptoken', 'add,change,view', 'temptoken'),
    ('authentication', 'accesskey', '*', '*'),
    ('tickets', 'ticket', 'view', 'ticket'),
--- a/apps/rbac/const.py
+++ b/apps/rbac/const.py
@ -22,7 +22,7 @@ exclude_permissions = (
    ('common', 'setting', '*', '*'),
    ('authentication', 'privatetoken', '*', '*'),
-    ('authentication', 'connectiontoken', 'change,delete', 'connectiontoken'),
+    ('authentication', 'connectiontoken', 'delete', 'connectiontoken'),
    ('authentication', 'ssotoken', '*', '*'),
    ('authentication', 'superconnectiontoken', 'change,delete', 'superconnectiontoken'),
    ('authentication', 'temptoken', 'delete', 'temptoken'),