perf: 优化内置系统用户角色权限

2022-04-19 19:10:36 +08:00 · 2022-04-19 19:10:36 +08:00 · 5f370c1c04
parent f026b86a20
commit 5f370c1c04
5 changed files with 11 additions and 6 deletions
--- a/apps/authentication/api/access_key.py
+++ b/apps/authentication/api/access_key.py
@ -2,14 +2,14 @@
 #

 from rest_framework.viewsets import ModelViewSet
-
-from common.permissions import IsValidUser
 from .. import serializers
+from rbac.permissions import RBACPermission


 class AccessKeyViewSet(ModelViewSet):
    serializer_class = serializers.AccessKeySerializer
    search_fields = ['^id', '^secret']
+    permission_classes = [RBACPermission]

    def get_queryset(self):
        return self.request.user.access_keys.all()
--- a/apps/authentication/api/temp_token.py
+++ b/apps/authentication/api/temp_token.py
@ -3,15 +3,18 @@ from rest_framework.response import Response
 from rest_framework.decorators import action

 from common.drf.api import JMSModelViewSet
-from common.permissions import IsValidUser
 from ..models import TempToken
 from ..serializers import TempTokenSerializer
+from rbac.permissions import RBACPermission


 class TempTokenViewSet(JMSModelViewSet):
    serializer_class = TempTokenSerializer
-    permission_classes = [IsValidUser]
+    permission_classes = [RBACPermission]
    http_method_names = ['post', 'get', 'options', 'patch']
+    rbac_perms = {
+        'expire': 'authentication.change_temptoken',
+    }

    def get_queryset(self):
        username = self.request.user.username
--- a/apps/common/validators.py
+++ b/apps/common/validators.py
@ -42,7 +42,7 @@ class NoSpecialChars:


 class PhoneValidator:
-    pattern = re.compile(r"^1[356789]\d{9}$")
+    pattern = re.compile(r"^1[3456789]\d{9}$")
    message = _('The mobile phone number format is incorrect')

    def __call__(self, value):
--- a/apps/rbac/builtin.py
+++ b/apps/rbac/builtin.py
@ -4,7 +4,8 @@ from .const import Scope, system_exclude_permissions, org_exclude_permissions

 system_user_perms = (
    ('authentication', 'connectiontoken', 'add', 'connectiontoken'),
-    ('authentication', 'temptoken', 'add', 'temptoken'),
+    ('authentication', 'temptoken', 'add,change,view', 'temptoken'),
+    ('authentication', 'accesskey', '*', '*'),
    ('tickets', 'ticket', 'view', 'ticket'),
    ('orgs', 'organization', 'view', 'rootorg'),
 )
--- a/apps/rbac/const.py
+++ b/apps/rbac/const.py
@ -25,6 +25,7 @@ exclude_permissions = (
    ('authentication', 'connectiontoken', 'change,delete', 'connectiontoken'),
    ('authentication', 'ssotoken', '*', '*'),
    ('authentication', 'superconnectiontoken', 'change,delete', 'superconnectiontoken'),
+    ('authentication', 'temptoken', 'delete', 'temptoken'),
    ('users', 'userpasswordhistory', '*', '*'),
    ('applications', 'applicationuser', '*', '*'),
    ('applications', 'historicalaccount', '*', '*'),