github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: 修复批量命令权限

pull/7846/head
Jiangjie.Bai 2022-03-14 20:31:05 +08:00 committed by Jiangjie.Bai
parent faf82d7cfb
commit 72247d1df3
2 changed files with 6 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
apps/ops/api/command.py
View File

@ -10,6 +10,7 @@ from django.conf import settings
from assets.models import Asset, Node
from orgs.mixins.api import RootOrgViewMixin
from common.permissions import IsValidUser
from rbac.permissions import RBACPermission
from ..models import CommandExecution
from ..serializers import CommandExecutionSerializer
from ..tasks import run_command_execution
@ -17,12 +18,10 @@ from ..tasks import run_command_execution
class CommandExecutionViewSet(RootOrgViewMixin, viewsets.ModelViewSet):
serializer_class = CommandExecutionSerializer
permission_classes = (IsValidUser,)
permission_classes = (RBACPermission,)
def get_queryset(self):
return CommandExecution.objects.filter(
user_id=str(self.request.user.id)
)
return CommandExecution.objects.filter(user_id=str(self.request.user.id))
def check_hosts(self, serializer):
data = serializer.validated_data
@ -36,11 +35,7 @@ class CommandExecutionViewSet(RootOrgViewMixin, viewsets.ModelViewSet):
)
permed_assets = set()
permed_assets.update(
Asset.objects.filter(
id__in=[a.id for a in assets]
).filter(q).distinct()
)
permed_assets.update(Asset.objects.filter(id__in=[a.id for a in assets]).filter(q).distinct())
node_keys = Node.objects.filter(q).distinct().values_list('key', flat=True)
nodes_assets_q = Q()

3
apps/rbac/tree.py
View File

@ -90,7 +90,8 @@ special_pid_mapper = {
'perms.connect_myassets': 'my_assets',
'perms.view_myapps': 'my_apps',
'perms.connect_myapps': 'my_apps',
'ops.commandexecution': 'view_workspace',
'ops.add_commandexecution': 'view_workspace',
'ops.view_commandexecution': 'audits',
"perms.view_mykubernetsapp": "my_apps",
"perms.connect_mykubernetsapp": "my_apps",
"perms.view_myremoteapp": "my_apps",