github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perf: 优化内置系统用户角色权限

pull/8100/head
Jiangjie.Bai 2022-04-19 19:10:36 +08:00 committed by 老广
parent f026b86a20
commit 5f370c1c04
5 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/authentication/api/access_key.py
View File

@ -2,14 +2,14 @@
# #
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
from common.permissions import IsValidUser
from .. import serializers from .. import serializers
from rbac.permissions import RBACPermission
class AccessKeyViewSet(ModelViewSet): class AccessKeyViewSet(ModelViewSet):
serializer_class = serializers.AccessKeySerializer serializer_class = serializers.AccessKeySerializer
search_fields = ['^id', '^secret'] search_fields = ['^id', '^secret']
permission_classes = [RBACPermission]
def get_queryset(self): def get_queryset(self):
return self.request.user.access_keys.all() return self.request.user.access_keys.all()

7
apps/authentication/api/temp_token.py
View File

@ -3,15 +3,18 @@ from rest_framework.response import Response
from rest_framework.decorators import action from rest_framework.decorators import action
from common.drf.api import JMSModelViewSet from common.drf.api import JMSModelViewSet
from common.permissions import IsValidUser
from ..models import TempToken from ..models import TempToken
from ..serializers import TempTokenSerializer from ..serializers import TempTokenSerializer
from rbac.permissions import RBACPermission
class TempTokenViewSet(JMSModelViewSet): class TempTokenViewSet(JMSModelViewSet):
serializer_class = TempTokenSerializer serializer_class = TempTokenSerializer
permission_classes = [IsValidUser] permission_classes = [RBACPermission]
http_method_names = ['post', 'get', 'options', 'patch'] http_method_names = ['post', 'get', 'options', 'patch']
rbac_perms = {
'expire': 'authentication.change_temptoken',
}
def get_queryset(self): def get_queryset(self):
username = self.request.user.username username = self.request.user.username

2
apps/common/validators.py
View File

@ -42,7 +42,7 @@ class NoSpecialChars:
class PhoneValidator: class PhoneValidator:
pattern = re.compile(r"^1[356789]\d{9}$") pattern = re.compile(r"^1[3456789]\d{9}$")
message = _('The mobile phone number format is incorrect') message = _('The mobile phone number format is incorrect')
def __call__(self, value): def __call__(self, value):

3
apps/rbac/builtin.py
View File

@ -4,7 +4,8 @@ from .const import Scope, system_exclude_permissions, org_exclude_permissions
system_user_perms = ( system_user_perms = (
('authentication', 'connectiontoken', 'add', 'connectiontoken'), ('authentication', 'connectiontoken', 'add', 'connectiontoken'),
('authentication', 'temptoken', 'add', 'temptoken'), ('authentication', 'temptoken', 'add,change,view', 'temptoken'),
('authentication', 'accesskey', '*', '*'),
('tickets', 'ticket', 'view', 'ticket'), ('tickets', 'ticket', 'view', 'ticket'),
('orgs', 'organization', 'view', 'rootorg'), ('orgs', 'organization', 'view', 'rootorg'),
) )

1
apps/rbac/const.py
View File

@ -25,6 +25,7 @@ exclude_permissions = (
('authentication', 'connectiontoken', 'change,delete', 'connectiontoken'), ('authentication', 'connectiontoken', 'change,delete', 'connectiontoken'),
('authentication', 'ssotoken', '*', '*'), ('authentication', 'ssotoken', '*', '*'),
('authentication', 'superconnectiontoken', 'change,delete', 'superconnectiontoken'), ('authentication', 'superconnectiontoken', 'change,delete', 'superconnectiontoken'),
('authentication', 'temptoken', 'delete', 'temptoken'),
('users', 'userpasswordhistory', '*', '*'), ('users', 'userpasswordhistory', '*', '*'),
('applications', 'applicationuser', '*', '*'), ('applications', 'applicationuser', '*', '*'),
('applications', 'historicalaccount', '*', '*'), ('applications', 'historicalaccount', '*', '*'),