mirror of https://github.com/jumpserver/jumpserver
fix: 修复 public 和 smart API 权限包含 connection token
parent
93537c07a1
commit
41541a91b9
|
@ -7,6 +7,9 @@ from rest_framework import permissions
|
|||
|
||||
from authentication.const import ConfirmType
|
||||
from common.exceptions import UserConfirmRequired
|
||||
from orgs.utils import tmp_to_root_org
|
||||
from authentication.models import ConnectionToken
|
||||
from common.utils import get_object_or_none
|
||||
|
||||
|
||||
class IsValidUser(permissions.IsAuthenticated, permissions.BasePermission):
|
||||
|
@ -17,6 +20,22 @@ class IsValidUser(permissions.IsAuthenticated, permissions.BasePermission):
|
|||
and request.user.is_valid
|
||||
|
||||
|
||||
class IsValidUserOrConnectionToken(IsValidUser):
|
||||
|
||||
def has_permission(self, request, view):
|
||||
return super(IsValidUserOrConnectionToken, self).has_permission(request, view) \
|
||||
or self.is_valid_connection_token(request)
|
||||
|
||||
@staticmethod
|
||||
def is_valid_connection_token(request):
|
||||
token_id = request.query_params.get('token')
|
||||
if not token_id:
|
||||
return False
|
||||
with tmp_to_root_org():
|
||||
token = get_object_or_none(ConnectionToken, id=token_id)
|
||||
return token and token.is_valid
|
||||
|
||||
|
||||
class OnlySuperUser(IsValidUser):
|
||||
def has_permission(self, request, view):
|
||||
return super().has_permission(request, view) \
|
||||
|
|
|
@ -3,7 +3,11 @@ from rest_framework.permissions import AllowAny, IsAuthenticated
|
|||
from django.conf import settings
|
||||
|
||||
from jumpserver.utils import has_valid_xpack_license, get_xpack_license_info
|
||||
from common.utils import get_logger, lazyproperty
|
||||
from common.utils import get_logger, lazyproperty, get_object_or_none
|
||||
from authentication.models import ConnectionToken
|
||||
from orgs.utils import tmp_to_root_org
|
||||
from common.permissions import IsValidUserOrConnectionToken
|
||||
|
||||
from .. import serializers
|
||||
from ..utils import get_interface_setting_or_default
|
||||
|
||||
|
@ -28,7 +32,7 @@ class OpenPublicSettingApi(generics.RetrieveAPIView):
|
|||
|
||||
|
||||
class PublicSettingApi(OpenPublicSettingApi):
|
||||
permission_classes = (IsAuthenticated,)
|
||||
permission_classes = (IsValidUserOrConnectionToken,)
|
||||
serializer_class = serializers.PrivateSettingSerializer
|
||||
|
||||
def get_object(self):
|
||||
|
|
|
@ -9,9 +9,9 @@ from assets.models import Asset
|
|||
from orgs.utils import tmp_to_root_org
|
||||
from applications.models import Application
|
||||
from terminal.models import Session
|
||||
from common.permissions import IsValidUser
|
||||
from ..models import Endpoint, EndpointRule
|
||||
from .. import serializers
|
||||
from common.permissions import IsValidUserOrConnectionToken
|
||||
|
||||
|
||||
__all__ = ['EndpointViewSet', 'EndpointRuleViewSet']
|
||||
|
@ -25,7 +25,8 @@ class SmartEndpointViewMixin:
|
|||
target_instance: None
|
||||
target_protocol: None
|
||||
|
||||
@action(methods=['get'], detail=False, permission_classes=[IsValidUser], url_path='smart')
|
||||
@action(methods=['get'], detail=False, permission_classes=[IsValidUserOrConnectionToken],
|
||||
url_path='smart')
|
||||
def smart(self, request, *args, **kwargs):
|
||||
self.target_instance = self.get_target_instance()
|
||||
self.target_protocol = self.get_target_protocol()
|
||||
|
|
Loading…
Reference in New Issue