github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: 修复批量命令权限

pull/7846/head
Jiangjie.Bai 2022-03-14 20:31:05 +08:00 committed by Jiangjie.Bai
parent faf82d7cfb
commit 72247d1df3
2 changed files with 6 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
apps/ops/api/command.py
View File

@ -10,6 +10,7 @@ from django.conf import settings
from assets.models import Asset, Node from assets.models import Asset, Node
from orgs.mixins.api import RootOrgViewMixin from orgs.mixins.api import RootOrgViewMixin
from common.permissions import IsValidUser from common.permissions import IsValidUser
from rbac.permissions import RBACPermission
from ..models import CommandExecution from ..models import CommandExecution
from ..serializers import CommandExecutionSerializer from ..serializers import CommandExecutionSerializer
from ..tasks import run_command_execution from ..tasks import run_command_execution
@ -17,12 +18,10 @@ from ..tasks import run_command_execution
class CommandExecutionViewSet(RootOrgViewMixin, viewsets.ModelViewSet): class CommandExecutionViewSet(RootOrgViewMixin, viewsets.ModelViewSet):
serializer_class = CommandExecutionSerializer serializer_class = CommandExecutionSerializer
permission_classes = (IsValidUser,) permission_classes = (RBACPermission,)
def get_queryset(self): def get_queryset(self):
return CommandExecution.objects.filter( return CommandExecution.objects.filter(user_id=str(self.request.user.id))
user_id=str(self.request.user.id)
)
def check_hosts(self, serializer): def check_hosts(self, serializer):
data = serializer.validated_data data = serializer.validated_data
@ -36,11 +35,7 @@ class CommandExecutionViewSet(RootOrgViewMixin, viewsets.ModelViewSet):
) )
permed_assets = set() permed_assets = set()
permed_assets.update( permed_assets.update(Asset.objects.filter(id__in=[a.id for a in assets]).filter(q).distinct())
Asset.objects.filter(
id__in=[a.id for a in assets]
).filter(q).distinct()
)
node_keys = Node.objects.filter(q).distinct().values_list('key', flat=True) node_keys = Node.objects.filter(q).distinct().values_list('key', flat=True)
nodes_assets_q = Q() nodes_assets_q = Q()

3
apps/rbac/tree.py
View File

@ -90,7 +90,8 @@ special_pid_mapper = {
'perms.connect_myassets': 'my_assets', 'perms.connect_myassets': 'my_assets',
'perms.view_myapps': 'my_apps', 'perms.view_myapps': 'my_apps',
'perms.connect_myapps': 'my_apps', 'perms.connect_myapps': 'my_apps',
'ops.commandexecution': 'view_workspace', 'ops.add_commandexecution': 'view_workspace',
'ops.view_commandexecution': 'audits',
"perms.view_mykubernetsapp": "my_apps", "perms.view_mykubernetsapp": "my_apps",
"perms.connect_mykubernetsapp": "my_apps", "perms.connect_mykubernetsapp": "my_apps",
"perms.view_myremoteapp": "my_apps", "perms.view_myremoteapp": "my_apps",