github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perf: org admin view settings

pull/15886/head
feng 2025-08-20 17:08:53 +08:00 committed by ZhaoJiSen
parent 6929c4968e
commit 540becdcbe
3 changed files with 23 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
apps/assets/api/platform.py
View File

@ -12,10 +12,13 @@ from assets.serializers import PlatformSerializer, PlatformProtocolSerializer, P
from common.api import JMSModelViewSet from common.api import JMSModelViewSet
from common.permissions import IsValidUser from common.permissions import IsValidUser
from common.serializers import GroupedChoiceSerializer from common.serializers import GroupedChoiceSerializer
from rbac.models import RoleBinding
__all__ = ['AssetPlatformViewSet', 'PlatformAutomationMethodsApi', 'PlatformProtocolViewSet'] __all__ = ['AssetPlatformViewSet', 'PlatformAutomationMethodsApi', 'PlatformProtocolViewSet']
class PlatformFilter(filters.FilterSet): class PlatformFilter(filters.FilterSet):
name__startswith = filters.CharFilter(field_name='name', lookup_expr='istartswith') name__startswith = filters.CharFilter(field_name='name', lookup_expr='istartswith')
@ -63,6 +66,13 @@ class AssetPlatformViewSet(JMSModelViewSet):
return super().get_object() return super().get_object()
return self.get_queryset().get(name=pk) return self.get_queryset().get(name=pk)
def check_permissions(self, request):
if self.action == 'list' and RoleBinding.is_org_admin(request.user):
return True
else:
return super().check_permissions(request)
def check_object_permissions(self, request, obj): def check_object_permissions(self, request, obj):
if request.method.lower() in ['delete', 'put', 'patch'] and obj.internal: if request.method.lower() in ['delete', 'put', 'patch'] and obj.internal:
self.permission_denied( self.permission_denied(

7
apps/rbac/models/rolebinding.py
View File

@ -110,6 +110,13 @@ class RoleBinding(JMSBaseModel):
def is_scope_org(self): def is_scope_org(self):
return self.scope == Scope.org return self.scope == Scope.org
@classmethod
def is_org_admin(cls, user):
from rbac.builtin import BuiltinRole
return cls.objects_raw.filter(
role_id=BuiltinRole.org_admin.id, user_id=user.id
).exists()
@staticmethod @staticmethod
def orgs_order_by_name(orgs): def orgs_order_by_name(orgs):
from orgs.models import Organization from orgs.models import Organization

8
apps/settings/api/settings.py
View File

@ -1,5 +1,4 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
#
from django.conf import settings from django.conf import settings
from django.core.cache import cache from django.core.cache import cache
@ -12,6 +11,7 @@ from rest_framework.views import APIView
from common.utils import get_logger from common.utils import get_logger
from jumpserver.conf import Config from jumpserver.conf import Config
from rbac.models import RoleBinding
from rbac.permissions import RBACPermission from rbac.permissions import RBACPermission
from users.models import User from users.models import User
from .. import serializers from .. import serializers
@ -118,10 +118,14 @@ class SettingsApi(generics.RetrieveUpdateAPIView):
return Setting.objects.all() return Setting.objects.all()
def check_permissions(self, request): def check_permissions(self, request):
ok = RoleBinding.is_org_admin(request.user)
category = request.query_params.get('category', 'basic') category = request.query_params.get('category', 'basic')
perm_required = self.rbac_category_permissions.get(category) perm_required = self.rbac_category_permissions.get(category)
has = self.request.user.has_perm(perm_required)
if ok and perm_required == 'settings.view_setting':
return True
has = request.user.has_perm(perm_required)
if not has: if not has:
self.permission_denied(request) self.permission_denied(request)