fix: 修改工单管理权限位

apps/rbac/const.py

@@ -62,12 +62,12 @@ exclude_permissions = (
     ('audits', 'ftplog', 'change,delete', 'ftplog'),
     ('tickets', 'ticketassignee', '*', 'ticketassignee'),
     ('tickets', 'ticketflow', 'add,delete', 'ticketflow'),
-    ('tickets', 'comment', 'change,delete', 'comment'),
-    ('tickets', 'ticket', 'delete', 'ticket'),
+    ('tickets', 'comment', '*', '*'),
+    ('tickets', 'ticket', 'add,delete,change', 'ticket'),
     ('tickets', 'ticketstep', '*', '*'),
     ('tickets', 'approvalrule', '*', '*'),
     ('tickets', 'superticket', 'delete', 'superticket'),
-    ('tickets', 'ticketsession', 'delete', 'ticketsession'),
+    ('tickets', 'ticketsession', 'view,delete', 'ticketsession'),
     ('xpack', 'interface', '*', '*'),
     ('xpack', 'license', '*', '*'),
     ('xpack', 'syncinstancedetail', 'add,delete,change', 'syncinstancedetail'),

apps/rbac/permissions.py

@@ -69,13 +69,16 @@ class RBACPermission(permissions.DjangoModelPermissions):
 
     def _get_action_perms(self, action, model_cls, view):
         action_perms_map = self.get_rbac_perms(view, model_cls)
-        if action not in action_perms_map:
+        if action in action_perms_map:
+            perms = action_perms_map[action]
+        elif '*' in action_perms_map:
+            perms = action_perms_map['*']
+        else:
             msg = 'Action not allowed: {}, only `{}` supported'.format(
                 action, ','.join(list(action_perms_map.keys()))
             )
             logger.error(msg)
             raise exceptions.PermissionDenied(msg)
-        perms = action_perms_map[action]
         return perms
 
     def get_model_cls(self, view):
@@ -96,7 +99,6 @@ class RBACPermission(permissions.DjangoModelPermissions):
         :param view:
         :return:
         """
-
         model_cls = self.get_model_cls(view)
         action = getattr(view, 'action', None)
         if not action:

apps/rbac/tree.py

@@ -104,11 +104,13 @@ special_pid_mapper = {
     "rbac.view_workspace": "view_workspace",
     "rbac.view_webterminal": "view_workspace",
     "rbac.view_filemanager": "view_workspace",
+    'tickets.view_ticket': 'tickets'
 }
 
 verbose_name_mapper = {
     'orgs.organization': _("App organizations"),
     'tickets.comment': _("Ticket comment"),
+    'tickets.view_ticket': _("Ticket"),
     'settings.setting': _("Common setting"),
 }
 
@@ -279,13 +281,17 @@ class PermissionTreeUtil:
 
     def _get_permission_name_icon(self, p: Permission, content_types_name_mapper: dict):
         action, resource = p.codename.split('_', 1)
+        icon = self.action_icon.get(action, 'file')
+        name = verbose_name_mapper.get(p.app_label_codename)
+        if name:
+            return name, icon
+
         app_model = '%s.%s' % (p.content_type.app_label, resource)
         if action in self.action_mapper and app_model in content_types_name_mapper:
             action_name = self.action_mapper[action]
             name = action_name + content_types_name_mapper[app_model]
         else:
             name = gettext(p.name)
-        icon = self.action_icon.get(action, 'file')
         name = name.replace('Can ', '').replace('可以', '')
         return name, icon
 

apps/tickets/api/comment.py

@@ -16,6 +16,9 @@ __all__ = ['CommentViewSet']
 class CommentViewSet(mixins.CreateModelMixin, viewsets.ReadOnlyModelViewSet):
     serializer_class = serializers.CommentSerializer
     permission_classes = (RBACPermission, IsSwagger | IsAssignee | IsApplicant)
+    rbac_perms = {
+        '*': 'tickets.view_ticket'
+    }
 
     @lazyproperty
     def ticket(self):

apps/tickets/api/relation.py

@@ -18,6 +18,9 @@ class TicketSessionRelationViewSet(CreateModelMixin, JMSGenericViewSet):
 # Todo: 放到上面的 ViewSet 中
 class TicketSessionApi(views.APIView):
     perm_model = TicketSession
+    rbac_perms = {
+        '*': ['tickets.view_ticket']
+    }
 
     def get(self, request, *args, **kwargs):
         with tmp_to_root_org():

apps/tickets/api/ticket.py

@@ -7,9 +7,10 @@ from rest_framework.response import Response
 
 from common.const.http import POST, PUT
 from common.mixins.api import CommonApiMixin
-from common.permissions import IsValidUser
 from common.drf.api import JMSBulkModelViewSet
 
+from rbac.permissions import RBACPermission
+
 from tickets import serializers
 from tickets.models import Ticket, TicketFlow
 from tickets.filters import TicketFilter
@@ -33,6 +34,9 @@ class TicketViewSet(CommonApiMixin, viewsets.ModelViewSet):
         'date_created', 'serial_num',
     )
     ordering = ('-date_created',)
+    rbac_perms = {
+        'open': 'tickets.view_ticket'
+    }
 
     def create(self, request, *args, **kwargs):
         raise MethodNotAllowed(self.action)
@@ -53,7 +57,7 @@ class TicketViewSet(CommonApiMixin, viewsets.ModelViewSet):
         instance.process_map = instance.create_process_map()
         instance.open(applicant=self.request.user)
 
-    @action(detail=False, methods=[POST], permission_classes=[IsValidUser, ])
+    @action(detail=False, methods=[POST], permission_classes=[RBACPermission, ])
     def open(self, request, *args, **kwargs):
         return super().create(request, *args, **kwargs)