From 35c6b581e2480b1c8cc3d89d62331f9714f0c8dc Mon Sep 17 00:00:00 2001 From: xinwen Date: Wed, 16 Feb 2022 15:48:28 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E8=BF=9C=E7=A8=8B=E5=BA=94=E7=94=A8?= =?UTF-8?q?=E6=94=AF=E6=8C=81=E7=A3=81=E7=9B=98=E6=8C=82=E8=BD=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/authentication/api/connection_token.py | 18 ++++++++++++------ apps/perms/utils/application/permission.py | 12 ++++++++++++ apps/perms/utils/asset/permission.py | 6 ++++++ 3 files changed, 30 insertions(+), 6 deletions(-) diff --git a/apps/authentication/api/connection_token.py b/apps/authentication/api/connection_token.py index f35fdc9e2..4bf980374 100644 --- a/apps/authentication/api/connection_token.py +++ b/apps/authentication/api/connection_token.py @@ -21,15 +21,17 @@ from rest_framework.exceptions import PermissionDenied from rest_framework import serializers from applications.models import Application -from authentication.signals import post_auth_failed, post_auth_success +from authentication.signals import post_auth_failed from common.utils import get_logger, random_string from common.mixins.api import SerializerMixin from common.permissions import IsSuperUserOrAppUser, IsValidUser, IsSuperUser from common.utils.common import get_file_by_arch from orgs.mixins.api import RootOrgViewMixin from common.http import is_true -from perms.utils.asset.permission import get_asset_system_user_ids_with_actions_by_user from perms.models.base import Action +from perms.utils.application.permission import validate_permission as app_validate_permission +from perms.utils.application.permission import get_application_actions +from perms.utils.asset.permission import get_asset_actions from ..serializers import ( ConnectionTokenSerializer, ConnectionTokenSecretSerializer, @@ -100,10 +102,14 @@ class ClientProtocolMixin: token = self.create_token(user, asset, application, system_user) # 设置磁盘挂载 - if drives_redirect and asset: - systemuser_actions_mapper = get_asset_system_user_ids_with_actions_by_user(user, asset) - actions = systemuser_actions_mapper.get(system_user.id, 0) - if actions & Action.UPDOWNLOAD: + if drives_redirect: + actions = 0 + if asset: + actions = get_asset_actions(user, asset, system_user) + elif application: + actions = get_application_actions(user, application, system_user) + + if actions & Action.UPDOWNLOAD == Action.UPDOWNLOAD: options['drivestoredirect:s'] = '*' # 全屏 diff --git a/apps/perms/utils/application/permission.py b/apps/perms/utils/application/permission.py index 3f3dc8018..f37ca62b1 100644 --- a/apps/perms/utils/application/permission.py +++ b/apps/perms/utils/application/permission.py @@ -1,4 +1,5 @@ import time +from functools import reduce from django.db.models import Q @@ -79,3 +80,14 @@ def get_application_system_user_ids(user, application): def has_application_system_permission(user, application, system_user): system_user_ids = get_application_system_user_ids(user, application) return system_user.id in system_user_ids + + +def get_application_actions(user, application, system_user): + perm_ids = get_user_all_app_perm_ids(user) + actions = ApplicationPermission.objects.filter( + applications=application, system_users=system_user, + id__in=list(perm_ids) + ).values_list('actions', flat=True) + + actions = reduce(lambda x, y: x | y, actions, 0) + return actions diff --git a/apps/perms/utils/asset/permission.py b/apps/perms/utils/asset/permission.py index e749e630b..86e297426 100644 --- a/apps/perms/utils/asset/permission.py +++ b/apps/perms/utils/asset/permission.py @@ -109,3 +109,9 @@ def get_asset_system_user_ids_with_actions_by_group(group: UserGroup, asset: Ass user_groups=group ).valid().values_list('id', flat=True).distinct() return get_asset_system_user_ids_with_actions(asset_perm_ids, asset) + + +def get_asset_actions(user, asset, system_user): + systemuser_actions_mapper = get_asset_system_user_ids_with_actions_by_user(user, asset) + actions = systemuser_actions_mapper.get(system_user.id, 0) + return actions