fix: 修复系统用户Perms

2022-03-17 16:02:09 +08:00 · 2022-03-17 16:02:09 +08:00 · 7addb881f6
parent 9c395b674f
commit 7addb881f6
1 changed files with 3 additions and 5 deletions
--- a/apps/rbac/builtin.py
+++ b/apps/rbac/builtin.py
@ -2,8 +2,6 @@ from django.utils.translation import ugettext_noop

 from .const import Scope, system_exclude_permissions, org_exclude_permissions

-# Todo: 获取应该区分 系统用户，和组织用户的权限
-# 工作台也区分组织后再考虑
 user_perms = (
    ('rbac', 'menupermission', 'view', 'workspace'),
    ('rbac', 'menupermission', 'view', 'webterminal'),
@ -13,7 +11,6 @@ user_perms = (
    ('assets', 'asset', 'match', 'asset'),
    ('assets', 'systemuser', 'match', 'systemuser'),
    ('assets', 'node', 'match', 'node'),
-    ('applications', 'application', 'match', 'application'),
    ('ops', 'commandexecution', 'add', 'commandexecution'),
    ('authentication', 'connectiontoken', 'add', 'connectiontoken'),
    ('tickets', 'ticket', 'view', 'ticket'),
@ -21,6 +18,7 @@ user_perms = (

 auditor_perms = user_perms + (
    ('rbac', 'menupermission', 'view', 'audit'),
+    ('rbac', 'menupermission', 'view', 'dashboard'),
    ('audits', '*', '*', '*'),
    ('terminal', 'commandstorage', 'view', 'commandstorage'),
    ('terminal', 'sessionreplay', 'view,download', 'sessionreplay'),
@ -89,7 +87,7 @@ class PredefineRole:

 class BuiltinRole:
    system_admin = PredefineRole(
-        '1', ugettext_noop('SystemAdmin'), Scope.system, user_perms
+        '1', ugettext_noop('SystemAdmin'), Scope.system, []
    )
    system_auditor = PredefineRole(
        '2', ugettext_noop('SystemAuditor'), Scope.system, auditor_perms
@ -98,7 +96,7 @@ class BuiltinRole:
        '4', ugettext_noop('SystemComponent'), Scope.system, app_exclude_perms, 'exclude'
    )
    system_user = PredefineRole(
-        '3', ugettext_noop('User'), Scope.system, []
+        '3', ugettext_noop('User'), Scope.system, user_perms
    )
    org_admin = PredefineRole(
        '5', ugettext_noop('OrgAdmin'), Scope.org, []