feat: 远程应用支持磁盘挂载

3 years ago · 35c6b581e2
3 changed files with 30 additions and 6 deletions
--- a/apps/authentication/api/connection_token.py
+++ b/apps/authentication/api/connection_token.py
@ -21,15 +21,17 @@ from rest_framework.exceptions import PermissionDenied
 from rest_framework import serializers

 from applications.models import Application
-from authentication.signals import post_auth_failed, post_auth_success
+from authentication.signals import post_auth_failed
 from common.utils import get_logger, random_string
 from common.mixins.api import SerializerMixin
 from common.permissions import IsSuperUserOrAppUser, IsValidUser, IsSuperUser
 from common.utils.common import get_file_by_arch
 from orgs.mixins.api import RootOrgViewMixin
 from common.http import is_true
-from perms.utils.asset.permission import get_asset_system_user_ids_with_actions_by_user
 from perms.models.base import Action
+from perms.utils.application.permission import validate_permission as app_validate_permission
+from perms.utils.application.permission import get_application_actions
+from perms.utils.asset.permission import get_asset_actions

 from ..serializers import (
    ConnectionTokenSerializer, ConnectionTokenSecretSerializer,
@ -100,10 +102,14 @@ class ClientProtocolMixin:
        token = self.create_token(user, asset, application, system_user)

        # 设置磁盘挂载
-        if drives_redirect and asset:
-            systemuser_actions_mapper = get_asset_system_user_ids_with_actions_by_user(user, asset)
-            actions = systemuser_actions_mapper.get(system_user.id, 0)
-            if actions & Action.UPDOWNLOAD:
+        if drives_redirect:
+            actions = 0
+            if asset:
+                actions = get_asset_actions(user, asset, system_user)
+            elif application:
+                actions = get_application_actions(user, application, system_user)
+
+            if actions & Action.UPDOWNLOAD == Action.UPDOWNLOAD:
                options['drivestoredirect:s'] = '*'

        # 全屏
--- a/apps/perms/utils/application/permission.py
+++ b/apps/perms/utils/application/permission.py
@ -1,4 +1,5 @@
 import time
+from functools import reduce

 from django.db.models import Q

@ -79,3 +80,14 @@ def get_application_system_user_ids(user, application):
 def has_application_system_permission(user, application, system_user):
    system_user_ids = get_application_system_user_ids(user, application)
    return system_user.id in system_user_ids
+
+
+def get_application_actions(user, application, system_user):
+    perm_ids = get_user_all_app_perm_ids(user)
+    actions = ApplicationPermission.objects.filter(
+        applications=application, system_users=system_user,
+        id__in=list(perm_ids)
+    ).values_list('actions', flat=True)
+
+    actions = reduce(lambda x, y: x | y, actions, 0)
+    return actions
--- a/apps/perms/utils/asset/permission.py
+++ b/apps/perms/utils/asset/permission.py
@ -109,3 +109,9 @@ def get_asset_system_user_ids_with_actions_by_group(group: UserGroup, asset: Ass
        user_groups=group
    ).valid().values_list('id', flat=True).distinct()
    return get_asset_system_user_ids_with_actions(asset_perm_ids, asset)
+
+
+def get_asset_actions(user, asset, system_user):
+    systemuser_actions_mapper = get_asset_system_user_ids_with_actions_by_user(user, asset)
+    actions = systemuser_actions_mapper.get(system_user.id, 0)
+    return actions