diff --git a/apps/perms/api/user_permission.py b/apps/perms/api/user_permission.py index db4aed12c..ca583c388 100644 --- a/apps/perms/api/user_permission.py +++ b/apps/perms/api/user_permission.py @@ -17,12 +17,11 @@ from common.tree import TreeNodeSerializer from common.utils import get_logger from ..utils import ( AssetPermissionUtil, parse_asset_to_tree_node, parse_node_to_tree_node, - check_system_user_action, ) from ..hands import User, Asset, Node, SystemUser, NodeSerializer from .. import serializers, const from ..mixins import AssetsFilterMixin -from ..models import Action +from ..models import ActionFlag logger = get_logger(__name__) @@ -405,7 +404,7 @@ class UserGrantedNodeChildrenApi(UserPermissionCacheMixin, ListAPIView): class ValidateUserAssetPermissionApi(UserPermissionCacheMixin, APIView): permission_classes = (IsOrgAdminOrAppUser,) - + def get(self, request, *args, **kwargs): user_id = request.query_params.get('user_id', '') asset_id = request.query_params.get('asset_id', '') @@ -415,17 +414,17 @@ class ValidateUserAssetPermissionApi(UserPermissionCacheMixin, APIView): user = get_object_or_404(User, id=user_id) asset = get_object_or_404(Asset, id=asset_id) su = get_object_or_404(SystemUser, id=system_id) - action = get_object_or_404(Action, name=action_name) util = AssetPermissionUtil(user, cache_policy=self.cache_policy) granted_assets = util.get_assets() - granted_system_users = granted_assets.get(asset, []) + granted_system_users = granted_assets.get(asset, {}) if su not in granted_system_users: return Response({'msg': False}, status=403) - _su = next((s for s in granted_system_users if s.id == su.id), None) - if not check_system_user_action(_su, action): + action = granted_system_users[su] + choices = ActionFlag.value_to_choices(action) + if action_name not in choices: return Response({'msg': False}, status=403) return Response({'msg': True}, status=200) @@ -433,7 +432,7 @@ class ValidateUserAssetPermissionApi(UserPermissionCacheMixin, APIView): class GetUserAssetPermissionActionsApi(UserPermissionCacheMixin, RetrieveAPIView): permission_classes = (IsOrgAdminOrAppUser,) - serializers_class = serializers.ActionsSerializer + serializer_class = serializers.ActionsSerializer def get_object(self): user_id = self.request.query_params.get('user_id', '') @@ -448,6 +447,9 @@ class GetUserAssetPermissionActionsApi(UserPermissionCacheMixin, RetrieveAPIView granted_assets = util.get_assets() granted_system_users = granted_assets.get(asset, {}) + _object = {} if su not in granted_system_users: - return {"actions": 0} - return granted_system_users[su] + _object['actions'] = 0 + else: + _object['actions'] = granted_system_users[su] + return _object diff --git a/apps/perms/utils/asset_permission.py b/apps/perms/utils/asset_permission.py index f3de9bcb7..fbf0e0d6b 100644 --- a/apps/perms/utils/asset_permission.py +++ b/apps/perms/utils/asset_permission.py @@ -27,7 +27,6 @@ logger = get_logger(__file__) __all__ = [ 'AssetPermissionUtil', 'is_obj_attr_has', 'sort_assets', 'parse_asset_to_tree_node', 'parse_node_to_tree_node', - 'check_system_user_action', ] @@ -597,16 +596,3 @@ def parse_asset_to_tree_node(node, asset, system_users): } tree_node = TreeNode(**data) return tree_node - - -def check_system_user_action(system_user, action): - """ - :param system_user: SystemUser object (包含动态属性: actions) - :param action: Action object - :return: bool - """ - - check_actions = [Action.get_action_all(), action] - granted_actions = getattr(system_user, 'actions', []) - actions = list(set(granted_actions).intersection(set(check_actions))) - return bool(actions)