feat: 远程应用支持磁盘挂载

apps/authentication/api/connection_token.py

@@ -21,15 +21,17 @@ from rest_framework.exceptions import PermissionDenied
 from rest_framework import serializers
 
 from applications.models import Application
-from authentication.signals import post_auth_failed, post_auth_success
+from authentication.signals import post_auth_failed
 from common.utils import get_logger, random_string
 from common.mixins.api import SerializerMixin
 from common.permissions import IsSuperUserOrAppUser, IsValidUser, IsSuperUser
 from common.utils.common import get_file_by_arch
 from orgs.mixins.api import RootOrgViewMixin
 from common.http import is_true
-from perms.utils.asset.permission import get_asset_system_user_ids_with_actions_by_user
 from perms.models.base import Action
+from perms.utils.application.permission import validate_permission as app_validate_permission
+from perms.utils.application.permission import get_application_actions
+from perms.utils.asset.permission import get_asset_actions
 
 from ..serializers import (
     ConnectionTokenSerializer, ConnectionTokenSecretSerializer,
@@ -100,10 +102,14 @@ class ClientProtocolMixin:
         token = self.create_token(user, asset, application, system_user)
 
         # 设置磁盘挂载
-        if drives_redirect and asset:
+        if drives_redirect:
-            systemuser_actions_mapper = get_asset_system_user_ids_with_actions_by_user(user, asset)
+            actions = 0
-            actions = systemuser_actions_mapper.get(system_user.id, 0)
+            if asset:
-            if actions & Action.UPDOWNLOAD:
+                actions = get_asset_actions(user, asset, system_user)
+            elif application:
+                actions = get_application_actions(user, application, system_user)
+
+            if actions & Action.UPDOWNLOAD == Action.UPDOWNLOAD:
                 options['drivestoredirect:s'] = '*'
 
         # 全屏

apps/perms/utils/application/permission.py

@@ -1,4 +1,5 @@
 import time
+from functools import reduce
 
 from django.db.models import Q
 
@@ -79,3 +80,14 @@ def get_application_system_user_ids(user, application):
 def has_application_system_permission(user, application, system_user):
     system_user_ids = get_application_system_user_ids(user, application)
     return system_user.id in system_user_ids
+
+
+def get_application_actions(user, application, system_user):
+    perm_ids = get_user_all_app_perm_ids(user)
+    actions = ApplicationPermission.objects.filter(
+        applications=application, system_users=system_user,
+        id__in=list(perm_ids)
+    ).values_list('actions', flat=True)
+
+    actions = reduce(lambda x, y: x | y, actions, 0)
+    return actions

apps/perms/utils/asset/permission.py

@@ -109,3 +109,9 @@ def get_asset_system_user_ids_with_actions_by_group(group: UserGroup, asset: Ass
         user_groups=group
     ).valid().values_list('id', flat=True).distinct()
     return get_asset_system_user_ids_with_actions(asset_perm_ids, asset)
+
+
+def get_asset_actions(user, asset, system_user):
+    systemuser_actions_mapper = get_asset_system_user_ids_with_actions_by_user(user, asset)
+    actions = systemuser_actions_mapper.get(system_user.id, 0)
+    return actions