[Bugfix] 修复用户无权限执行批量命令却可直接访问批量执行页面的bug (#2857)

* [Bugfix] 修复用户无权限执行批量命令却可直接访问批量执行页面的bug * [Update] 更改小问题 * [Update] 优化小问题 * [Update] 优化变量名 * [Update] 优化变量名（2）
2019-07-01 11:22:05 +08:00 · 2019-07-01 11:22:05 +08:00 · 768cfc7561
parent 297820b65a
commit 768cfc7561
4 changed files with 20 additions and 2 deletions
--- a/apps/common/permissions.py
+++ b/apps/common/permissions.py
@ -126,8 +126,11 @@ class WithBootstrapToken(permissions.BasePermission):
 class PermissionsMixin(UserPassesTestMixin):
    permission_classes = []

+    def get_permissions(self):
+        return self.permission_classes
+
    def test_func(self):
-        permission_classes = self.permission_classes
+        permission_classes = self.get_permissions()
        for permission_class in permission_classes:
            if not permission_class().has_permission(self.request, self):
                return False
--- a/apps/ops/api/command.py
+++ b/apps/ops/api/command.py
@ -20,7 +20,7 @@ class CommandExecutionViewSet(viewsets.ModelViewSet):
        )

    def check_permissions(self, request):
-        if not settings.SECURITY_COMMAND_EXECUTION:
+        if not settings.SECURITY_COMMAND_EXECUTION and request.user.is_common_user:
            return self.permission_denied(request, "Command execution disabled")
        return super().check_permissions(request)

--- a/apps/ops/views/command.py
+++ b/apps/ops/views/command.py
@ -59,6 +59,11 @@ class CommandExecutionStartView(PermissionsMixin, TemplateView):
    form_class = CommandExecutionForm
    permission_classes = [IsValidUser]

+    def get_permissions(self):
+        if not settings.SECURITY_COMMAND_EXECUTION:
+            return [IsOrgAdmin]
+        return super().permission_classes()
+
    def get_user_system_users(self):
        from perms.utils import AssetPermissionUtil
        user = self.request.user
--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@ -249,6 +249,16 @@ class User(AbstractUser):
    def is_auditor(self):
        return self.role == 'Auditor'

+    @property
+    def is_common_user(self):
+        if self.is_org_admin:
+            return False
+        if self.is_auditor:
+            return False
+        if self.is_app:
+            return False
+        return True
+
    @property
    def is_app(self):
        return self.role == 'App'