diff --git a/apps/ops/api/command.py b/apps/ops/api/command.py index f9a82a767..2b7e5fda9 100644 --- a/apps/ops/api/command.py +++ b/apps/ops/api/command.py @@ -10,6 +10,7 @@ from django.conf import settings from assets.models import Asset, Node from orgs.mixins.api import RootOrgViewMixin from common.permissions import IsValidUser +from rbac.permissions import RBACPermission from ..models import CommandExecution from ..serializers import CommandExecutionSerializer from ..tasks import run_command_execution @@ -17,12 +18,10 @@ from ..tasks import run_command_execution class CommandExecutionViewSet(RootOrgViewMixin, viewsets.ModelViewSet): serializer_class = CommandExecutionSerializer - permission_classes = (IsValidUser,) + permission_classes = (RBACPermission,) def get_queryset(self): - return CommandExecution.objects.filter( - user_id=str(self.request.user.id) - ) + return CommandExecution.objects.filter(user_id=str(self.request.user.id)) def check_hosts(self, serializer): data = serializer.validated_data @@ -36,11 +35,7 @@ class CommandExecutionViewSet(RootOrgViewMixin, viewsets.ModelViewSet): ) permed_assets = set() - permed_assets.update( - Asset.objects.filter( - id__in=[a.id for a in assets] - ).filter(q).distinct() - ) + permed_assets.update(Asset.objects.filter(id__in=[a.id for a in assets]).filter(q).distinct()) node_keys = Node.objects.filter(q).distinct().values_list('key', flat=True) nodes_assets_q = Q() diff --git a/apps/rbac/tree.py b/apps/rbac/tree.py index dbd78beb4..eec2e627a 100644 --- a/apps/rbac/tree.py +++ b/apps/rbac/tree.py @@ -90,7 +90,8 @@ special_pid_mapper = { 'perms.connect_myassets': 'my_assets', 'perms.view_myapps': 'my_apps', 'perms.connect_myapps': 'my_apps', - 'ops.commandexecution': 'view_workspace', + 'ops.add_commandexecution': 'view_workspace', + 'ops.view_commandexecution': 'audits', "perms.view_mykubernetsapp": "my_apps", "perms.connect_mykubernetsapp": "my_apps", "perms.view_myremoteapp": "my_apps",