github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: 修改工单管理权限位

pull/7878/head
Jiangjie.Bai 2022-03-16 14:43:20 +08:00 committed by 老广
parent 8a1cd7e2a9
commit 572c5b6925
6 changed files with 27 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/rbac/const.py
View File

@ -62,12 +62,12 @@ exclude_permissions = (
('audits', 'ftplog', 'change,delete', 'ftplog'), ('audits', 'ftplog', 'change,delete', 'ftplog'),
('tickets', 'ticketassignee', '*', 'ticketassignee'), ('tickets', 'ticketassignee', '*', 'ticketassignee'),
('tickets', 'ticketflow', 'add,delete', 'ticketflow'), ('tickets', 'ticketflow', 'add,delete', 'ticketflow'),
('tickets', 'comment', 'change,delete', 'comment'), ('tickets', 'comment', '*', '*'),
('tickets', 'ticket', 'delete', 'ticket'), ('tickets', 'ticket', 'add,delete,change', 'ticket'),
('tickets', 'ticketstep', '*', '*'), ('tickets', 'ticketstep', '*', '*'),
('tickets', 'approvalrule', '*', '*'), ('tickets', 'approvalrule', '*', '*'),
('tickets', 'superticket', 'delete', 'superticket'), ('tickets', 'superticket', 'delete', 'superticket'),
('tickets', 'ticketsession', 'delete', 'ticketsession'), ('tickets', 'ticketsession', 'view,delete', 'ticketsession'),
('xpack', 'interface', '*', '*'), ('xpack', 'interface', '*', '*'),
('xpack', 'license', '*', '*'), ('xpack', 'license', '*', '*'),
('xpack', 'syncinstancedetail', 'add,delete,change', 'syncinstancedetail'), ('xpack', 'syncinstancedetail', 'add,delete,change', 'syncinstancedetail'),

8
apps/rbac/permissions.py
View File

@ -69,13 +69,16 @@ class RBACPermission(permissions.DjangoModelPermissions):
def _get_action_perms(self, action, model_cls, view): def _get_action_perms(self, action, model_cls, view):
action_perms_map = self.get_rbac_perms(view, model_cls) action_perms_map = self.get_rbac_perms(view, model_cls)
if action not in action_perms_map: if action in action_perms_map:
perms = action_perms_map[action]
elif '*' in action_perms_map:
perms = action_perms_map['*']
else:
msg = 'Action not allowed: {}, only `{}` supported'.format( msg = 'Action not allowed: {}, only `{}` supported'.format(
action, ','.join(list(action_perms_map.keys())) action, ','.join(list(action_perms_map.keys()))
) )
logger.error(msg) logger.error(msg)
raise exceptions.PermissionDenied(msg) raise exceptions.PermissionDenied(msg)
perms = action_perms_map[action]
return perms return perms
def get_model_cls(self, view): def get_model_cls(self, view):
@ -96,7 +99,6 @@ class RBACPermission(permissions.DjangoModelPermissions):
:param view: :param view:
:return: :return:
""" """
model_cls = self.get_model_cls(view) model_cls = self.get_model_cls(view)
action = getattr(view, 'action', None) action = getattr(view, 'action', None)
if not action: if not action:

8
apps/rbac/tree.py
View File

@ -104,11 +104,13 @@ special_pid_mapper = {
"rbac.view_workspace": "view_workspace", "rbac.view_workspace": "view_workspace",
"rbac.view_webterminal": "view_workspace", "rbac.view_webterminal": "view_workspace",
"rbac.view_filemanager": "view_workspace", "rbac.view_filemanager": "view_workspace",
'tickets.view_ticket': 'tickets'
} }
verbose_name_mapper = { verbose_name_mapper = {
'orgs.organization': _("App organizations"), 'orgs.organization': _("App organizations"),
'tickets.comment': _("Ticket comment"), 'tickets.comment': _("Ticket comment"),
'tickets.view_ticket': _("Ticket"),
'settings.setting': _("Common setting"), 'settings.setting': _("Common setting"),
} }
@ -279,13 +281,17 @@ class PermissionTreeUtil:
def _get_permission_name_icon(self, p: Permission, content_types_name_mapper: dict): def _get_permission_name_icon(self, p: Permission, content_types_name_mapper: dict):
action, resource = p.codename.split('_', 1) action, resource = p.codename.split('_', 1)
icon = self.action_icon.get(action, 'file')
name = verbose_name_mapper.get(p.app_label_codename)
if name:
return name, icon
app_model = '%s.%s' % (p.content_type.app_label, resource) app_model = '%s.%s' % (p.content_type.app_label, resource)
if action in self.action_mapper and app_model in content_types_name_mapper: if action in self.action_mapper and app_model in content_types_name_mapper:
action_name = self.action_mapper[action] action_name = self.action_mapper[action]
name = action_name + content_types_name_mapper[app_model] name = action_name + content_types_name_mapper[app_model]
else: else:
name = gettext(p.name) name = gettext(p.name)
icon = self.action_icon.get(action, 'file')
name = name.replace('Can ', '').replace('可以', '') name = name.replace('Can ', '').replace('可以', '')
return name, icon return name, icon

3
apps/tickets/api/comment.py
View File

@ -16,6 +16,9 @@ __all__ = ['CommentViewSet']
class CommentViewSet(mixins.CreateModelMixin, viewsets.ReadOnlyModelViewSet): class CommentViewSet(mixins.CreateModelMixin, viewsets.ReadOnlyModelViewSet):
serializer_class = serializers.CommentSerializer serializer_class = serializers.CommentSerializer
permission_classes = (RBACPermission, IsSwagger | IsAssignee | IsApplicant) permission_classes = (RBACPermission, IsSwagger | IsAssignee | IsApplicant)
rbac_perms = {
'*': 'tickets.view_ticket'
}
@lazyproperty @lazyproperty
def ticket(self): def ticket(self):

3
apps/tickets/api/relation.py
View File

@ -18,6 +18,9 @@ class TicketSessionRelationViewSet(CreateModelMixin, JMSGenericViewSet):
# Todo: 放到上面的 ViewSet 中 # Todo: 放到上面的 ViewSet 中
class TicketSessionApi(views.APIView): class TicketSessionApi(views.APIView):
perm_model = TicketSession perm_model = TicketSession
rbac_perms = {
'*': ['tickets.view_ticket']
}
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
with tmp_to_root_org(): with tmp_to_root_org():

8
apps/tickets/api/ticket.py
View File

@ -7,9 +7,10 @@ from rest_framework.response import Response
from common.const.http import POST, PUT from common.const.http import POST, PUT
from common.mixins.api import CommonApiMixin from common.mixins.api import CommonApiMixin
from common.permissions import IsValidUser
from common.drf.api import JMSBulkModelViewSet from common.drf.api import JMSBulkModelViewSet
from rbac.permissions import RBACPermission
from tickets import serializers from tickets import serializers
from tickets.models import Ticket, TicketFlow from tickets.models import Ticket, TicketFlow
from tickets.filters import TicketFilter from tickets.filters import TicketFilter
@ -33,6 +34,9 @@ class TicketViewSet(CommonApiMixin, viewsets.ModelViewSet):
'date_created', 'serial_num', 'date_created', 'serial_num',
) )
ordering = ('-date_created',) ordering = ('-date_created',)
rbac_perms = {
'open': 'tickets.view_ticket'
}
def create(self, request, *args, **kwargs): def create(self, request, *args, **kwargs):
raise MethodNotAllowed(self.action) raise MethodNotAllowed(self.action)
@ -53,7 +57,7 @@ class TicketViewSet(CommonApiMixin, viewsets.ModelViewSet):
instance.process_map = instance.create_process_map() instance.process_map = instance.create_process_map()
instance.open(applicant=self.request.user) instance.open(applicant=self.request.user)
@action(detail=False, methods=[POST], permission_classes=[IsValidUser, ]) @action(detail=False, methods=[POST], permission_classes=[RBACPermission, ])
def open(self, request, *args, **kwargs): def open(self, request, *args, **kwargs):
return super().create(request, *args, **kwargs) return super().create(request, *args, **kwargs)