perf: org admin view settings

2025-08-20 17:08:53 +08:00 · 2025-08-20 17:08:53 +08:00 · 540becdcbe
parent 6929c4968e
commit 540becdcbe
3 changed files with 23 additions and 2 deletions
--- a/apps/assets/api/platform.py
+++ b/apps/assets/api/platform.py
@ -12,10 +12,13 @@ from assets.serializers import PlatformSerializer, PlatformProtocolSerializer, P
 from common.api import JMSModelViewSet
 from common.permissions import IsValidUser
 from common.serializers import GroupedChoiceSerializer
+from rbac.models import RoleBinding

 __all__ = ['AssetPlatformViewSet', 'PlatformAutomationMethodsApi', 'PlatformProtocolViewSet']


+
+
 class PlatformFilter(filters.FilterSet):
    name__startswith = filters.CharFilter(field_name='name', lookup_expr='istartswith')

@ -63,6 +66,13 @@ class AssetPlatformViewSet(JMSModelViewSet):
            return super().get_object()
        return self.get_queryset().get(name=pk)

+
+    def check_permissions(self, request):
+        if self.action == 'list' and RoleBinding.is_org_admin(request.user):
+            return True
+        else:
+            return super().check_permissions(request)
+
    def check_object_permissions(self, request, obj):
        if request.method.lower() in ['delete', 'put', 'patch'] and obj.internal:
            self.permission_denied(
--- a/apps/rbac/models/rolebinding.py
+++ b/apps/rbac/models/rolebinding.py
@ -110,6 +110,13 @@ class RoleBinding(JMSBaseModel):
    def is_scope_org(self):
        return self.scope == Scope.org

+    @classmethod
+    def is_org_admin(cls, user):
+        from rbac.builtin import BuiltinRole
+        return cls.objects_raw.filter(
+            role_id=BuiltinRole.org_admin.id, user_id=user.id
+        ).exists()
+
    @staticmethod
    def orgs_order_by_name(orgs):
        from orgs.models import Organization
--- a/apps/settings/api/settings.py
+++ b/apps/settings/api/settings.py
@ -1,5 +1,4 @@
 # -*- coding: utf-8 -*-
-#

 from django.conf import settings
 from django.core.cache import cache
@ -12,6 +11,7 @@ from rest_framework.views import APIView

 from common.utils import get_logger
 from jumpserver.conf import Config
+from rbac.models import RoleBinding
 from rbac.permissions import RBACPermission
 from users.models import User
 from .. import serializers
@ -118,10 +118,14 @@ class SettingsApi(generics.RetrieveUpdateAPIView):
        return Setting.objects.all()

    def check_permissions(self, request):
+        ok = RoleBinding.is_org_admin(request.user)
        category = request.query_params.get('category', 'basic')
        perm_required = self.rbac_category_permissions.get(category)
-        has = self.request.user.has_perm(perm_required)

+        if ok and perm_required == 'settings.view_setting':
+            return True
+
+        has = request.user.has_perm(perm_required)
        if not has:
            self.permission_denied(request)